CN113051599A - Parallel computing method, device and equipment for heterogeneous cryptographic cards - Google Patents

Parallel computing method, device and equipment for heterogeneous cryptographic cards Download PDF

Info

Publication number
CN113051599A
CN113051599A CN202110604862.5A CN202110604862A CN113051599A CN 113051599 A CN113051599 A CN 113051599A CN 202110604862 A CN202110604862 A CN 202110604862A CN 113051599 A CN113051599 A CN 113051599A
Authority
CN
China
Prior art keywords
data
weight
card
cryptographic
data length
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110604862.5A
Other languages
Chinese (zh)
Other versions
CN113051599B (en
Inventor
王滨
杨智取
陈加栋
王国云
姚相振
李琳
黄晶晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202110604862.5A priority Critical patent/CN113051599B/en
Publication of CN113051599A publication Critical patent/CN113051599A/en
Application granted granted Critical
Publication of CN113051599B publication Critical patent/CN113051599B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5016Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals the resource being the memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a parallel computing method, a device and equipment for heterogeneous cryptographic cards, wherein the method comprises the following steps: determining the target data length corresponding to the service to be processed, and inquiring the initial weight proportion corresponding to the target data length from the weight table; for each password card, determining the data size of the password card to be processed based on the initial weight proportion, and sending the data to be processed matched with the data size to the password card; wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card. Through the technical scheme of the application, the processing performance of each password card is fully utilized.

Description

Parallel computing method, device and equipment for heterogeneous cryptographic cards
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, and a device for parallel computing of heterogeneous cryptographic cards.
Background
In order to effectively protect data, when the data is stored, the data needs to be encrypted and then stored, and correspondingly, the encrypted data also needs to be decrypted and then used. When data is transmitted, the data needs to be encrypted and then transmitted, and correspondingly, after the encrypted data is received, the encrypted data also needs to be decrypted and used.
Considering that data encryption and data decryption both require a large amount of computing resources, a password card is usually integrated in a device, the password card is used for realizing data encryption or data decryption, and the password card is used as a hardware encryption card and a hardware decryption card, can improve the processing speed of data encryption or data decryption, and is widely applied.
Because more and more data need to be encrypted or decrypted and a single password card cannot well complete data encryption or data decryption, a plurality of password cards can be integrated in the equipment, and the data encryption or data decryption is realized by the plurality of password cards together, namely the plurality of password cards encrypt or decrypt a large amount of data in parallel.
When a plurality of cryptographic cards jointly implement data encryption or data decryption, data needs to be evenly distributed to each cryptographic card, for example, when the data to be encrypted is 300M, and the number of the cryptographic cards is 3, 100M data may be distributed to a first cryptographic card, the first cryptographic card encrypts 100M data, the 100M data is distributed to a second cryptographic card, the second cryptographic card encrypts 100M data, the 100M data is distributed to a third cryptographic card, and the third cryptographic card encrypts 100M data.
Since the plurality of cryptographic cards may be cryptographic cards of different manufacturers, that is, the processing performance of different cryptographic cards may not be consistent, the processing performance of each cryptographic card cannot be fully utilized when data is evenly distributed to the respective cryptographic cards, that is, the processing performance of the cryptographic cards cannot be maximally utilized.
Disclosure of Invention
The application provides a parallel computing method for heterogeneous password cards, wherein data processing equipment comprises at least two password cards, and the at least two password cards comprise at least two types of password cards; the data processing device stores a weight table including a correspondence of data lengths to initial weight ratios determined based on an initial weight of each cryptocard, the method including:
determining a target data length corresponding to a service to be processed;
inquiring an initial weight proportion corresponding to the target data length from the weight table;
for each password card, determining the data volume to be processed of the password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
The application provides a heterogeneous password card parallel computing device, wherein a data processing device comprises at least two password cards, and the at least two password cards comprise at least two types of password cards; the data processing device stores a weight table including a correspondence of data lengths to initial weight ratios determined based on an initial weight of each cryptocard, the apparatus comprising:
the determining module is used for determining the target data length corresponding to the service to be processed and inquiring the initial weight proportion corresponding to the target data length from the weight table;
the processing module is used for determining the data volume needing to be processed by each password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
The application provides data processing equipment, which comprises at least two password cards, wherein the at least two password cards comprise at least two types of password cards; the data processing apparatus stores a weight table including a correspondence of a data length and an initial weight proportion determined based on an initial weight of each of the cryptographic cards, the data processing apparatus including: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor;
the processor is configured to execute machine executable instructions to perform the steps of:
determining a target data length corresponding to a service to be processed;
inquiring an initial weight proportion corresponding to the target data length from the weight table;
for each password card, determining the data volume to be processed of the password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
According to the technical scheme, in the embodiment of the application, when a plurality of password cards jointly realize data encryption or data decryption, the initial weight of each password card is determined, the initial weight proportion is determined based on the initial weight of each password card, the data amount distributed to each password card is determined based on the initial weight proportion, namely, the data are distributed to each password card according to the initial weight proportion instead of being evenly distributed to each password card, so that the processing performance of each password card is fully utilized, the processing performance of the password cards is mined to the maximum extent, the processing performance of the password cards is maximally utilized, the performance difference of heterogeneous password cards can be shielded, the resource waste during the parallel operation of the heterogeneous password cards is reduced, and the efficient parallel calculation of the heterogeneous password cards is realized.
Drawings
Fig. 1 is a schematic flowchart of a parallel computing method for heterogeneous cryptographic cards according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a parallel computing method for heterogeneous cryptographic cards according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an initial evaluation process in one embodiment of the present application;
FIG. 4 is a schematic diagram of an operating environment assessment process in one embodiment of the present application;
FIG. 5 is a schematic diagram of an initial weight calculation process in one embodiment of the present application;
FIG. 6 is a flowchart illustrating a parallel computing method for heterogeneous cryptographic cards according to an embodiment of the present application;
FIG. 7 is a diagram illustrating a dynamic weight adjustment process according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a heterogeneous cryptographic card parallel computing device according to an embodiment of the present application.
Detailed Description
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The embodiment of the application provides a parallel computing method for heterogeneous cryptographic cards. The data processing apparatus may store a weight table including a correspondence of data lengths to initial weight ratios, and the initial weight ratios are determined based on the initial weight of each of the cryptographic cards.
Referring to fig. 1, a schematic flow chart of a parallel computing method for heterogeneous cryptographic cards is shown, where the method includes:
step 101, determining a target data length corresponding to a service to be processed, and querying an initial weight proportion corresponding to the target data length from the weight table. For example, since the weight table includes a corresponding relationship between the data length and the initial weight ratio, after the target data length corresponding to the service to be processed is obtained, the initial weight ratio corresponding to the target data length can be queried from the weight table.
And 102, determining the data volume required to be processed by each password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length.
For example, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card, and based on this, before step 101, for each password card, the initial weight of the password card may be determined, for example, the initial weight corresponding to the data length of the password card is determined based on test data generated during the test of the password card. On the basis, an initial weight proportion can be determined based on the initial weight of each password card corresponding to the data length, and then the corresponding relation between the data length and the initial weight proportion is recorded in a weight table.
In one possible embodiment, for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during the test of the cryptographic card may include: the code card is tested in the data processing equipment, and first test data generated in the test process are collected, wherein the first test data comprise first operation times and first performance information of the code card. Determining a first sub-weight based on a first test duration of the test process, a data length used by the test process, a first operation frequency and first performance information, wherein the first sub-weight is in direct proportion to the first operation frequency, the first sub-weight is in direct proportion to the data length, the first sub-weight is in inverse proportion to the first test duration, and the first sub-weight is in inverse proportion to the first performance information. An initial weight of the cryptographic card corresponding to the data length is determined based on the first sub-weight.
For example, the determining the first sub-weight based on the first test duration of the test procedure, the data length used by the test procedure, the first operation number and the first performance information may include, but is not limited to: determining a first operational performance value based on a first test duration, the data length and a first operational frequency, wherein the first operational performance value represents the data volume processed by the cryptographic card in a unit period in the test process, the first operational performance value is in direct proportion to the first operational frequency, the first operational performance value is in direct proportion to the data length, and the first operational performance value is in inverse proportion to the first test duration. Then, a first sub-weight may be determined based on the first operational performance value and the first performance information, the first sub-weight being proportional to the first operational performance value.
In a possible implementation manner, the cryptographic card may also be tested at the test platform, and second test data generated in the test process is collected, where the second test data may include a second operation number and second performance information of the cryptographic card; and determining a second sub-weight based on a second test duration of the test process, a data length used by the test process, a second operation frequency and second performance information, wherein the second sub-weight is in direct proportion to the second operation frequency, the second sub-weight is in direct proportion to the data length, the second sub-weight is in inverse proportion to the second test duration, and the second sub-weight is in inverse proportion to the second performance information.
On this basis, determining the initial weight of the crypto card corresponding to the data length based on the first sub-weight may include, but is not limited to: and determining an initial weight of the password card corresponding to the data length based on the first sub-weight, the weight coefficient of the first sub-weight, the second sub-weight and the weight coefficient of the second sub-weight.
For example, the determining the second sub-weight based on the second test duration of the test procedure, the data length used by the test procedure, the second operation number and the second performance information may include, but is not limited to: and determining a second operational performance value based on a second test duration, the data length and a second operational frequency, wherein the second operational performance value represents the data volume processed by the cryptographic card in a unit period in the test process, the second operational performance value is in direct proportion to the second operational frequency, the second operational performance value is in direct proportion to the data length, and the second operational performance value is in inverse proportion to the second test duration. Then, a second sub-weight may be determined based on the second operational performance value and the second performance information, the second sub-weight being proportional to the second operational performance value.
In the above embodiment, the second test duration may be greater than the first test duration; the weight coefficient of the first sub-weight may be greater than the weight coefficient of the second sub-weight. The first performance information may include, but is not limited to, at least one of: the CPU utilization rate of the data processing equipment, the memory utilization rate of the data processing equipment and the CPU utilization rate of the password card. The second performance information may include, but is not limited to, at least one of: the CPU utilization rate of the test platform, the memory utilization rate of the test platform and the CPU utilization rate of the password card.
In a possible embodiment, an initial operational performance value of the cryptographic card corresponding to the data length may be determined based on the first operational performance value, the weight coefficient of the first operational performance value, the second operational performance value, and the weight coefficient of the second operational performance value, the initial operational performance value being used to represent the amount of data processed in a unit cycle, and the initial operational performance value may be stored in the data processing apparatus.
On the basis, the data to be processed matched with the data volume is sent to the cipher card, and after the cipher card encrypts or decrypts the data to be processed based on the target data length, the estimated processing time length can be determined based on the data volume processed by the cipher card and the initial operational performance value, and the actual processing time length for encrypting or decrypting the data to be processed by the cipher card is determined. If the actual processing time length is greater than the estimated processing time length, and the difference value between the actual processing time length and the estimated processing time length is greater than a first threshold value, the initial weight of the password card is reduced, and the initial weight proportion corresponding to the target data length is updated based on the reduced initial weight. If the actual processing time length is smaller than the estimated processing time length and the difference value between the estimated processing time length and the actual processing time length is larger than a second threshold value, increasing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the increased initial weight.
Reducing the initial weight of the cryptographic card may include: and determining a first weight adjustment value based on the difference value between the actual processing time length and the estimated processing time length, and reducing the initial weight of the password card based on the first weight adjustment value.
Increasing the initial weight of the cryptographic card may include: and determining a second weight adjustment value based on the difference between the estimated processing time length and the actual processing time length, and increasing the initial weight of the password card based on the second weight adjustment value.
According to the technical scheme, in the embodiment of the application, when a plurality of password cards jointly realize data encryption or data decryption, the initial weight of each password card is determined, the initial weight proportion is determined based on the initial weight of each password card, the data amount distributed to each password card is determined based on the initial weight proportion, namely, the data are distributed to each password card according to the initial weight proportion instead of being evenly distributed to each password card, so that the processing performance of each password card is fully utilized, the processing performance of the password cards is mined to the maximum extent, the processing performance of the password cards is maximally utilized, the performance difference of heterogeneous password cards can be shielded, the resource waste during the parallel operation of the heterogeneous password cards is reduced, and the efficient parallel calculation of the heterogeneous password cards is realized.
The following describes the technical solution of the embodiment of the present application with reference to a specific application scenario.
The password card is a hardware encryption card and a hardware decryption card, that is, the password card can realize functions of data encryption, data decryption and the like, and the password card can be integrated in a device.
In this embodiment of the application, the data processing device may integrate at least two cryptographic cards, where N cryptographic cards are taken as an example, N is a positive integer greater than or equal to 2, and there are at least two types of cryptographic cards in the N cryptographic cards. The cipher cards of the same manufacturer and the same model can be the same type of cipher cards, the cipher cards of different models of the same manufacturer and the cipher cards of different manufacturers can be different types of cipher cards. The same type of cryptographic cards may be referred to as homogeneous cryptographic cards, and the different types of cryptographic cards may be referred to as heterogeneous cryptographic cards, i.e., heterogeneous cryptographic cards exist among the N cryptographic cards.
For example, if the manufacturer of the cryptographic card 1 is the same as the manufacturer of the cryptographic card 2, and the model of the cryptographic card 1 is the same as the model of the cryptographic card 2, the cryptographic card 1 and the cryptographic card 2 are the same type of cryptographic card, that is, the cryptographic card 1 and the cryptographic card 2 are isomorphic cryptographic cards. If the manufacturer of the cryptographic card 1 is the same as the manufacturer of the cryptographic card 2, and the model of the cryptographic card 1 is different from that of the cryptographic card 2, the cryptographic card 1 and the cryptographic card 2 are different types of cryptographic cards, that is, the cryptographic card 1 and the cryptographic card 2 are heterogeneous cryptographic cards. If the manufacturer of the cryptographic card 1 is different from the manufacturer of the cryptographic card 2, the cryptographic card 1 and the cryptographic card 2 are different types of cryptographic cards, that is, the cryptographic card 1 and the cryptographic card 2 are heterogeneous cryptographic cards.
The N password cards integrated by the data processing equipment have at least two types of password cards, namely different types of password cards exist, namely heterogeneous password cards exist. For example, the N cryptographic cards are the cryptographic card 1, the cryptographic card 2, and the cryptographic card 3, the cryptographic card 1 and the cryptographic card 2 are the same type of cryptographic card, and the cryptographic card 1 and the cryptographic card 3 are different types of cryptographic cards. Alternatively, the code card 1 and the code card 2 are different types of code cards, the code card 1 and the code card 3 are different types of code cards, and the code card 2 and the code card 3 are different types of code cards.
In one possible embodiment, the data processing apparatus is integrated with N cryptographic cards, and when data is allocated to the N cryptographic cards, the data may be equally allocated to the N cryptographic cards, but since there are different types of cryptographic cards in the N cryptographic cards and the processing performances of the different types of cryptographic cards are not consistent, the processing performance of each cryptographic card cannot be fully utilized when the data is equally allocated to the N cryptographic cards. For example, hardware resources consumed by different cryptographic cards in different operating environments are different, and data processing speeds of different cryptographic cards are also different, so that the processing performance of each cryptographic card cannot be utilized to the maximum extent.
In view of the above discovery, an embodiment of the present application provides a parallel computing method for heterogeneous cryptographic cards, which may determine an initial weight ratio according to an initial weight of each cryptographic card, and determine a data amount allocated to each cryptographic card based on the initial weight ratio, that is, allocate data to N cryptographic cards according to the initial weight ratio, instead of allocating data to N cryptographic cards on average, so as to fully utilize processing performance of each cryptographic card, maximize utilization of the processing performance of the cryptographic cards, reduce resource waste, and implement efficient parallel computing for heterogeneous cryptographic cards.
Referring to fig. 2, the parallel computing method for the heterogeneous cryptographic cards in the embodiment of the present application may relate to processes such as initial evaluation, running environment evaluation, initial weight computation, and dynamic weight adjustment. In the initial evaluation process, the cryptographic card may be tested at the test platform, information generated during the test process may be collected, and weight information for the initial evaluation process may be determined based on the information generated during the test process. In the operation environment evaluation process, the data processing device may test the cryptographic card, collect information generated in the test process, and determine weight information determining the operation environment evaluation process based on the information generated in the test process. In the initial weight calculation process, the initial weight of the cryptographic card may be determined based on the weight information of the initial evaluation process and the weight information of the execution environment evaluation process. In the process of dynamically adjusting the weight, the initial weight of the password card can be dynamically adjusted based on the actual operation data of the password card. The following describes processes of initial evaluation, operating environment evaluation, initial weight calculation, dynamic weight adjustment, and the like, in conjunction with a specific application scenario.
First, initial evaluation: for each cryptographic card, before the cryptographic card is integrated into the data processing device, the cryptographic card may be tested on a test platform, information generated during the test may be collected, and weight information for an initial evaluation process may be determined based on the information generated during the test. The test platform is a platform for testing the cryptographic card, and may be any type of device, which is not limited to this.
In one possible embodiment, referring to fig. 3, the initial evaluation of the cryptographic card may include:
step 301, testing the cryptographic card in the test platform, and collecting second test data generated in the test process, where the second test data may include at least a second operation number and second performance information of the cryptographic card, and the second performance information may include, but is not limited to, at least one of the following: the CPU (central processing unit) utilization rate of the test platform, the memory utilization rate of the test platform and the CPU utilization rate of the password card.
Illustratively, a plurality of data lengths may be agreed in advance, and the initial evaluation of the cryptocard is implemented for each data length, for example, the data length may be 16B, 64B, 256B, 1KB, 4KB, 8KB, 16KB, 128KB, 1024KB, etc., without limitation. For each data length, an initial evaluation of the crypto card may be performed, resulting in a second sub-weight corresponding to the data length. For convenience of description, a data length (e.g., 1 KB) is used as an example. B is an abbreviation of Byte (Byte), a unit of measure for measuring storage capacity, one Byte is typically 8 bits long. KB is an abbreviation of kilobytes, 1KB = 1024B.
For example, a second test duration of the test process may be preconfigured, the second test duration may be configured according to experience, the second test duration may also be referred to as a test evaluation time, and the second test duration is recorded as a test evaluation timeT 1Obviously, the second test durationT 1The larger the value of (a), the more accurate the result of the initial evaluation.
For example, after the test on the cryptographic card is started, the data with the data length (e.g., 1 KB) is issued to the cryptographic card, the cryptographic card processes (e.g., encrypts or decrypts) the data, after the processing is completed, the number of operations of the cryptographic card is increased by 1, the data with the data length is continuously issued to the cryptographic card, the cryptographic card processes the data, after the processing is completed, the number of operations of the cryptographic card is increased by 1, and so on, until the duration of the test process reaches the second test duration, the test process of the cryptographic card is ended.
After the testing process of the password card is finished, the current operation times of the password card can be counted, and the operation times is the second operation times of the password card. For example, if a common cryptographic card issues data of the data length 10 times and the cryptographic card completes processing of the data, the second operation time is 10.
After the test process of the password card is finished, the CPU utilization rate of the test platform may be counted, for example, in the test process of the password card, the CPU operation utilization rate of the test platform may be periodically collected to obtain a plurality of CPU operation utilization rates, then, the average value of all the CPU operation utilization rates collected in the test process may be used as the CPU utilization rate of the test platform, or the maximum value of all the CPU operation utilization rates collected in the test process may be used as the CPU utilization rate of the test platform, or the minimum value of all the CPU operation utilization rates collected in the test process may be used as the CPU utilization rate of the test platform, which is not limited.
After the test process of the password card is finished, the memory usage rate of the test platform can be counted, for example, in the test process of the password card, the memory operation usage rate of the test platform can be periodically collected to obtain a plurality of memory operation usage rates, then, the average value of all the memory operation usage rates collected in the test process can be used as the memory usage rate of the test platform, or the maximum value of all the memory operation usage rates collected in the test process can be used as the memory usage rate of the test platform, or the minimum value of all the memory operation usage rates collected in the test process can be used as the memory usage rate of the test platform, which is not limited.
After the testing process of the password card is finished, the CPU utilization rate of the password card may be counted, for example, in the testing process of the password card, the CPU operation utilization rate of the password card may be periodically collected to obtain a plurality of CPU operation utilization rates, then, an average value of all the CPU operation utilization rates collected in the testing process may be used as the CPU utilization rate of the password card, or a maximum value of all the CPU operation utilization rates collected in the testing process may be used as the CPU utilization rate of the password card, or a minimum value of all the CPU operation utilization rates collected in the testing process may be used as the CPU utilization rate of the password card, which is not limited.
To sum up, when the test platform tests the cryptographic card, the second operation times and the second performance information generated in the test process may be collected, where the second performance information may include at least one of a CPU usage rate of the test platform, a memory usage rate of the test platform, and a CPU usage rate of the cryptographic card.
Step 302, determining a second operational performance value based on a second test duration, the data length, and a second operation frequency, where the second operational performance value represents a data amount processed by the cryptographic card in a unit period during the test process, the second operational performance value may be proportional to the second operation frequency, the second operational performance value may be proportional to the data length, and the second operational performance value may be inversely proportional to the second test duration.
In one possible embodiment, the second operational performance value may be determined by equation (1):
P 1 = (B 1 * F 1)/T 1 formula (1)
In the formula (1), the first and second groups,P 1a second operational performance value is represented that is,B 1indicating the data length (e.g. 1 KB),F 1it indicates the number of times of the second operation,T 1indicating a second test duration. As can be seen from the formula (1),P 1andF 1in a direct proportion to the total weight of the composition,P 1andB 1in a direct proportion to the total weight of the composition,P 1andT 1in inverse proportion. As can be seen from the formula (1),B 1 * F 1representing the amount of data processed by the cryptographic card during the test(s) ((s))B 1 * F 1)/T 1Indicating the amount of data processed by the cryptographic card per unit period during the test, i.e.P 1Representing the amount of data processed by the cryptographic card per unit period during the test.
Step 303, determining a second sub-weight based on the second operational performance value and the second performance information, the second sub-weight being proportional to the second operational performance value, the second sub-weight being inversely proportional to the second performance information.
Illustratively, since the second operational performance value is proportional to the second operation number, the second operational performance value is proportional to the data length, the second operational performance value is inversely proportional to the second test duration, and the second sub-weight is proportional to the second operational performance value, the second sub-weight is proportional to the second operation number, the second sub-weight is proportional to the data length, and the second sub-weight is inversely proportional to the second test duration.
Taking the second performance information as the CPU utilization of the test platform, the memory utilization of the test platform, and the CPU utilization of the password card as examples, the second sub-weight is inversely proportional to the CPU utilization of the test platform, the second sub-weight is inversely proportional to the memory utilization of the test platform, and the second sub-weight is inversely proportional to the CPU utilization of the password card.
In one possible embodiment, the second sub-weight may be determined by equation (2):
S 1 = P 1 / ( f (C 1, M 1, H 1) )formula (2)
In the formula (2), the first and second groups,S 1 a second sub-weight is represented which is,P 1a second operational performance value is represented that is,C 1represents the CPU usage of the test platform,M 1the memory usage rate of the test platform is represented,H 1representing the CPU usage of the cryptographic card.fRepresenting an objective function, is a preconfigured function, the input to the objective function beingC 1, M 1, H 1That is, willC 1, M 1, H 1After substituting into the objective function, an output value, i.e. the denominator of equation (2), can be obtained. Objective functionfOutput value of and CPU utilization rate of test platformC 1Can be proportional, i.e.C 1The larger, the objective functionfThe larger the output value of (c). Objective functionfOutput value of and memory usage rate of test platformM 1Can be proportional, i.e.M 1The larger, the objective functionfThe larger the output value of (c). Objective functionfOutput value of and CPU usage rate of the cryptographic cardH 1Can be proportional, i.e.H 1The larger, the objective functionfThe larger the output value of (c). For this objective functionfWithout limitation, as long as the objective functionfThe above input/output relationship can be satisfied.
S 1 AndP 1in a direct proportion to the total weight of the composition,S 1 andC 1in the inverse proportion,S 1 andM 1in the inverse proportion,S 1 andH 1in inverse proportion.
Illustratively, the above formula (1) and formula (2) may also be equivalent to formula (3):
S 1 = (B 1 * F 1)/ T 1 * ( f (C 1, M 1, H 1) )formula (3)
As can be seen from equation (3), the second test duration can be directly based onT 1Data length used by test procedureB 1The second number of operationsF 1CPU utilization rate of test platformC 1Memory usage rate of test platformM 1And CPU usage of the cryptographic cardH 1Determining a second sub-weightS 1 Without first determining the second operational performance valueP 1Based on the second operational performance valueP 1Determining a second sub-weightS 1
In summary, for a data length (e.g. 1 KB), a second arithmetic performance value corresponding to the data length can be obtainedP 1And a second sub-weightS 1 For other data lengths, the second arithmetic performance value corresponding to the data length can be obtained in the above mannerP 1And a second sub-weightS 1 On the basis of the above-mentioned code card it can be used as said code cardRecording a second operational performance value corresponding to each data lengthP 1And a second sub-weightS 1 See Table 1 for second arithmetic performance valuesP 1And a second sub-weightS 1 An example of (a).
Figure DEST_PATH_IMAGE001
In one possible embodiment, for a plurality of cryptographic cards of each type, an initial evaluation may be performed for each cryptographic card, see FIG. 3, resulting in the second operational performance values shown in Table 1P 1And a second sub-weightS 1 Alternatively, the initial evaluation may be performed for only one cryptocard to obtain the second operational performance value shown in Table 1P 1And a second sub-weightS 1 . With respect to other cryptographic cards of this type, the second arithmetic performance values shown in Table 1 can be directly multiplexedP 1And a second sub-weightS 1 Without performing an initial evaluation.
For multiple cryptographic cards of different types, an initial evaluation may be performed for each cryptographic card to obtain the second operational performance values shown in table 1 respectivelyP 1And a second sub-weightS 1 And will not be described herein.
Recording a second arithmetic performance value corresponding to each data length for the cipher cardP 1And a second sub-weightS 1 The cryptographic card may then be integrated into a data processing device for subsequent encryption/decryption processing.
Second, evaluating the operating environment: for each cryptographic card, after the cryptographic card is integrated into the data processing device, the cryptographic card may be tested at the data processing device, information generated during the testing process may be collected, and weight information for running the environment assessment process may be determined based on the information generated during the testing process. In one possible embodiment, referring to fig. 4, the evaluation of the operating environment of the cryptographic card may include:
step 401, testing the cryptographic card in the data processing device, and collecting first test data generated in the testing process, where the first test data at least includes a first operation number and first performance information of the cryptographic card, and for example, the first performance information may include, but is not limited to, at least one of the following: the CPU utilization rate of the data processing equipment, the memory utilization rate of the data processing equipment and the CPU utilization rate of the password card.
For example, a plurality of data lengths may be agreed in advance, and the running environment evaluation of the cryptocard is implemented for each data length, so as to obtain a first sub-weight corresponding to the data length.
For example, a first test duration of the test process may be preconfigured, the first test duration may be configured according to experience, the first test duration may also be referred to as a test evaluation time, and the first test duration is recorded as a test evaluation timeT 2Obviously, the first test durationT 2The larger the value of (a), the more accurate the result of the initial evaluation. Considering that the data processing apparatus has limited computational resources and needs to process normal applications, the first test duration may be reduced in order to reduce the impact on the applicationsT 2I.e. first test durationT 2Less than the second test durationT 1
Illustratively, after the test of the password card is started, the data with the data length is issued to the password card, the password card processes the data, after the processing is completed, the operation frequency of the password card is increased by 1, the data with the data length is continuously issued to the password card, and so on, until the time length of the test process reaches the first test time length, the test process of the password card is ended. After the testing process of the password card is finished, the current operation times of the password card can be counted, and the operation times is the first operation times of the password card.
After the testing process of the password card is finished, the parameters of the CPU usage rate of the data processing device, the memory usage rate of the data processing device, the CPU usage rate of the password card, and the like may be counted, which is not described herein again.
To sum up, when the data processing device tests the cryptographic card, the first operation times and the first performance information generated in the test process may be collected, where the first performance information includes at least one of a CPU usage rate of the data processing device, a memory usage rate of the data processing device, and a CPU usage rate of the cryptographic card.
Step 402, determining a first operational performance value based on a first test duration, the data length, and a first operational frequency, wherein the first operational performance value represents a data amount processed by the cryptographic card in a unit period during the test, the first operational performance value may be proportional to the first operational frequency, the first operational performance value may be proportional to the data length, and the first operational performance value may be inversely proportional to the first test duration.
In one possible implementation, the first operational performance value may be determined by equation (4):
P 2 = (B 2 * F 2)/T 2 formula (4)
P 2A first one of the operational performance values is represented,B 2which indicates the length of the data and,F 2which indicates the number of times of the first operation,T 2indicating a first test duration.P 2AndF 2in a direct proportion to the total weight of the composition,P 2andB 2in a direct proportion to the total weight of the composition,P 2andT 2in inverse proportion.B 2 * F 2Representing the amount of data processed by the cryptographic card during the test(s) ((s))B 2 * F 2)/T 2Indicating the amount of data processed by the cryptographic card per unit period during the test, i.e.P 2Representing the amount of data processed by the cryptographic card per unit period during the test.
Step 403, determining a first sub-weight based on the first operational performance value and the first performance information, the first sub-weight being proportional to the first operational performance value, the first sub-weight being inversely proportional to the first performance information.
Illustratively, since the first operational performance value is proportional to the first operation time, the first operational performance value is proportional to the data length, the first operational performance value is inversely proportional to the first test time length, and the first sub-weight is proportional to the first operational performance value, the first sub-weight is proportional to the first operation time, the first sub-weight is proportional to the data length, and the first sub-weight is inversely proportional to the first test time length.
For example, taking the example that the first performance information includes the CPU usage rate of the data processing device, the memory usage rate of the data processing device, and the CPU usage rate of the cryptocard as an example, the first sub-weight may be inversely proportional to the CPU usage rate of the data processing device, the first sub-weight may be inversely proportional to the memory usage rate of the data processing device, and the first sub-weight may be inversely proportional to the CPU usage rate of the cryptocard.
In one possible embodiment, the first sub-weight may be determined by equation (5):
S 2 = P 2 / ( f (C 2, M 2, H 2) )formula (5)
S 2 A first sub-weight is represented which is,P 2a first one of the operational performance values is represented,C 2representing the CPU utilization of the data processing apparatus,M 2representing the memory usage of the data processing apparatus,H 2representing the CPU usage of the cryptographic card.fRepresenting an objective function, the objective functionfOutput value of andC 2is proportional, i.e.C 2The larger, the objective functionfThe larger the output value of (c). Objective functionfOutput value of andM 2is proportional, i.e.M 2The larger, the objective functionfThe larger the output value of (c). Objective functionfOutput value of andH 2is proportional, i.e.H 2The larger, the objective functionfThe larger the output value of (c). In view of the above, it is desirable to provide,S 2 andP 2in a direct proportion to the total weight of the composition,S 2 andC 2in the inverse proportion,S 2 andM 2in the inverse proportion,S 2 andH 2in inverse proportion.
Illustratively, the above formula (4) and formula (5) may also be equivalent to formula (6):
S 2 = (B 2 * F 2)/ T 2 * ( f (C 2, M 2, H 2) )formula (6)
As can be seen from equation (6), the first test duration can be directly based onT 2Data length used by test procedureB 2The number of first operationsF 2CPU utilization of data processing apparatusC 2Memory usage of data processing deviceM 2And CPU usage of the cryptographic cardH 2Determining a first sub-weightS 2 Without first determining the first operational performance valueP 2Based on the first operational performance valueP 2Determining a first sub-weightS 2
In summary, for each data length, the first arithmetic performance value corresponding to the data length can be obtainedP 2And a first sub-weightS 2 And recording a first arithmetic performance value corresponding to each data length for the cipher cardP 2And a first sub-weightS 2 See table 2 for an example of the first operational performance value and the first sub-weight.
Figure 820732DEST_PATH_IMAGE002
In a possible embodiment, for each cryptographic card integrated in the data processing device, a runtime environment evaluation may be performed for that cryptographic card, see fig. 4, resulting in the first arithmetic performance values shown in table 2P 2And a first sub-weightS 2 . In recording for the password cardFirst operational performance value corresponding to each data lengthP 2And a first sub-weightS 2 Then, the subsequent steps such as initial weight calculation can be performed.
Thirdly, calculating an initial weight: for each cryptographic card, an initial weight for the cryptographic card may be determined based on weight information for an initial evaluation process (e.g., a second sub-weight for the cryptographic card) and weight information for a running environment evaluation process (e.g., a first sub-weight for the cryptographic card). Alternatively, the initial weight of the cryptographic card may be determined based on weight information (e.g., a first sub-weight of the cryptographic card) of the runtime environment evaluation process.
In one possible embodiment, for each data length, the initial weight corresponding to the data length may be determined based on the first sub-weight corresponding to the data length, that is, the first sub-weight is determined as the initial weight corresponding to the data length. For example, referring to table 2, for data length 16B, the initial weight isS 21 For data length 64B, the initial weight isS 22 And so on.
In another possible implementation, referring to fig. 5, which is a schematic diagram of an initial weight calculation process, in the initial weight calculation process, an initial weight corresponding to a data length may be obtained.
Step 501, determining an initial weight of the cryptocard corresponding to the data length based on the first sub-weight, the weight coefficient of the first sub-weight, the second sub-weight and the weight coefficient of the second sub-weight.
For example, for each data length, an initial weight corresponding to the data length may be determined based on a first sub-weight corresponding to the data length, a weight coefficient of the first sub-weight, a second sub-weight corresponding to the data length, and a weight coefficient of the second sub-weight. For example, for each data length, equation (7) may be used to determine the initial weight corresponding to the data length.
S=S 1 *w1+S 2 *w2Formula (7)
In the formula (7), the first and second groups,Sit is shown that the initial weight is,S 1a second sub-weight is represented which is,w1a weight coefficient representing the second sub-weight,S 2a first sub-weight is represented which is,w2a weight coefficient representing the first sub-weight.
Second sub-weightS 1And a first sub-weightS 2See tables 1 and 2, for example, to determine the initial weight corresponding to the data length 16BS(as initial weight)S1) When the temperature of the water is higher than the set temperature,S 1is composed ofS 11S 2Is composed ofS 21Determining the initial weight corresponding to the data length 64BS2When the temperature of the water is higher than the set temperature,S 1is composed ofS 12S 2Is composed ofS 22And so on.
Weight coefficient of the first sub-weightw2Can be configured empirically for this weighting factorw2Is not limited, the weight coefficient of the second sub-weightw1Can be configured empirically for this weighting factorw1The value of (A) is not limiting. In a possible embodiment, the weight coefficientsw2Can be a value greater than or equal to 0 and less than or equal to 1, a weight coefficientw1May be a value greater than or equal to 0 and less than or equal to 1, and the weight coefficientw2And the weight coefficientw1The sum of (A) is 1, i.e.w2+w1=1。
In a possible embodiment, the weight coefficient of the first sub-weightw2Weight coefficient that can be greater than the second sub-weightw1Of course, the weight coefficientw2May also be equal to the weight coefficientw1Coefficient of weightw2Or less than the weight coefficientw1To this weight coefficientw2And the weight coefficientw1The relationship of (a) to (b) is not limiting.
Step 502, determining an initial operational performance value of the cryptographic card corresponding to the data length based on the first operational performance value, the weight coefficient of the first operational performance value, the second operational performance value and the weight coefficient of the second operational performance value, wherein the initial operational performance value is used for representing the data amount processed in the unit period. Alternatively, the initial arithmetic performance value of the cryptographic card corresponding to the data length may be determined based on the second arithmetic performance value, that is, the second arithmetic performance value may be directly set as the initial arithmetic performance value corresponding to the data length.
For example, for each data length, an initial operational performance value corresponding to the data length may be determined based on a first operational performance value corresponding to the data length, a weight coefficient of the first operational performance value, a second operational performance value corresponding to the data length, and a weight coefficient of the second operational performance value. For example, equation (8) may be used to determine an initial operational performance value corresponding to the data length.
P=P 1 *w3+P 2 *w4Formula (8)
PThe initial value of the operational performance is represented,P 1a second operational performance value is represented that is,w3a weight coefficient representing the second arithmetic performance value,P 2a first one of the operational performance values is represented,w4a weight coefficient representing the first arithmetic performance value.
Second operational performance valueP 1And a first operational performance valueP 2See tables 1 and 2, for example, in determining initial operational performance values corresponding to data length 16BP(is described asP1) When the temperature of the water is higher than the set temperature,P 1is composed ofP 11P 2Is composed ofP 21Determining an initial operational performance value corresponding to the data length 64BP2When the temperature of the water is higher than the set temperature,P 1is composed ofP 12P 2Is composed ofP 22And so on.
Weight coefficient of first arithmetic performance valuew4Can be configured empirically for this weighting factorw4Is not limited, the weight coefficient of the second operational performance valuew3Can be configured empirically for this weighting factorw3The value of (A) is not limiting. In a possible embodiment, the weight coefficientsw4Can be a value greater than or equal to 0 and less than or equal to 1, a weight coefficientw3May be a numerical value of 0 or more and 1 or less, andcoefficient of weightw4And the weight coefficientw3The sum of (A) is 1, i.e.w4+w3=1。
In a possible embodiment, the weight coefficient of the first arithmetic performance valuew4The weight coefficient may be greater than the second operational performance valuew3Of course, the weight coefficientw4May also be equal to the weight coefficientw3Coefficient of weightw4Or less than the weight coefficientw3The magnitude relationship of the weight coefficient is not limited.
Step 503, for each cryptographic card, storing an initial weight corresponding to each data length in the data processing device, and storing an initial operational performance value corresponding to each data length. For example, table 2 and table 1 may be merged, and on this basis, the initial weight and the initial operational performance value are stored, as shown in table 3. Alternatively, the initial weights and the initial operational performance values may be directly stored, as shown in table 4.
Figure DEST_PATH_IMAGE003
Figure 101934DEST_PATH_IMAGE004
Step 504, for each data length, determining an initial weight proportion corresponding to the data length based on the initial weights corresponding to the data length of the N password cards, recording the corresponding relation between the data length and the initial weight proportion in a weight table, and storing the weight table in the data processing equipment.
For example, assuming that N cryptographic cards are cryptographic card 1, cryptographic card 2, and cryptographic card 3, each of which maintains the mapping relationship of table 3 or table 4, for the data length 16B, the initial weight of cryptographic card 1, the initial weight of cryptographic card 2, and the initial weight of cryptographic card 3 can be known, and then the initial weight ratio between the initial weight of cryptographic card 1, the initial weight of cryptographic card 2, and the initial weight of cryptographic card 3 is determined, as in a 1: b 1: c1, a1 indicates the initial weight of the card 1, b1 indicates the initial weight of the card 2, and c1 indicates the initial weight of the card 3. For the data length 64B, an initial weight ratio between the initial weight of the crypto card 1, the initial weight of the crypto card 2, and the initial weight of the crypto card 3 may be determined, such as a 2: b 2: c2, a2 indicates the initial weight of the card 1, b2 indicates the initial weight of the card 2, c2 indicates the initial weight of the card 3, and so on, and finally, the weight table shown in table 5 may be maintained.
Figure DEST_PATH_IMAGE005
In a possible implementation manner, after storing the weight table, the data processing apparatus may operate normally, and after the data processing apparatus operates normally, the data to be processed may be issued to the cryptographic card, and the cryptographic card may perform encryption or decryption processing on the data to be processed, as shown in fig. 6, the method may include:
step 601, determining a target data length corresponding to the service to be processed.
For example, when the cryptographic card needs to perform encryption processing or decryption processing, a target data length corresponding to a service to be processed (i.e., an encrypted service or a decrypted service) may be determined, that is, the cryptographic card performs encryption processing or decryption processing on multiple pieces of long data (i.e., the target data length) at a time, for example, the target data length may be 16B, 64B, 256B, 1KB, 4KB, 8KB, 16KB, 128KB, 1024KB, or the like.
Step 602, look up the initial weight ratio corresponding to the target data length from the weight table.
For example, the initial weight ratio corresponding to the target data length is obtained by looking up the weight table shown in table 5 for the target data length. For example, if the target data length is 16B, the initial weight ratio is a 1: b 1: c1, if the target data length is 64B, the initial weight ratio is a 2: b 2: c2, and so on.
Step 603, for each password card, determining the data amount to be processed by the password card based on the initial weight proportion, and sending the data to be processed matched with the data amount to the password card.
For example, if the target data length is 64B, the total data amount corresponding to the service to be processed may be equally divided into (a 2+ B2+ c 2) data, where a2 data is the data amount that needs to be processed by the cryptographic card 1, B2 data is the data amount that needs to be processed by the cryptographic card 2, and c2 data is the data amount that needs to be processed by the cryptographic card 3, based on which, a2 data may be used as the data to be processed by the cryptographic card 1, and the data to be processed is issued to the cryptographic card 1, B2 data may be used as the data to be processed by the cryptographic card 2, and the data to be processed is issued to the cryptographic card 2, and c2 data may be used as the data to be processed by the cryptographic card 3.
And step 604, the password card encrypts or decrypts the data to be processed based on the target data length.
For example, after the data to be processed is issued to the cryptographic card 1, the cryptographic card 1 may encrypt or decrypt the data to be processed based on the target data length, if the target data length is 64B, the cryptographic card 1 encrypts or decrypts the 64B data each time, and after the processing is completed, the cryptographic card continues to encrypt or decrypt the 64B data, and so on until the data to be processed is completed.
Fourthly, dynamic adjustment of weight: for each password card, the initial weight of the password card can be dynamically adjusted based on the actual operation data of the password card, the initial weight proportion is determined again based on the adjusted initial weight, and the data to be processed is issued based on the updated initial weight proportion.
In one possible embodiment, see fig. 7, which is a schematic diagram of a process for dynamically adjusting the weights.
In step 701, for each cryptographic card (for example, a cryptographic card is taken as a follow-up example), an estimated processing time length is determined based on the data size processed by the cryptographic card and the initial operational performance value of the cryptographic card.
For example, the estimated processing time period may be determined by the following formula:F =D/PFwhich represents the estimated duration of the processing time,Dindicating processing of cryptographic cardsThe size of the amount of data is,Prepresenting the initial operational performance value of the cryptographic card.
For example, if the target data length is 64B, and the total data size corresponding to the service to be processed is equally divided into (a 2+ B2+ c 2) data, and a2 data is the data size to be processed by the cryptographic card 1, the data size processed by the cryptographic card 1 is equal to the data size to be processed by the cryptographic card 1DI.e. the size of a2 data, see table 2, the initial operational performance values of the crypto cardPCan beP 22On the basis of which the estimated processing duration can be determinedF
Step 702, determining the actual processing time length of the crypto card for encrypting or decrypting the data to be processed.
For example, using a2 copies of data as the data to be processed of the cryptographic card 1, sending the data to be processed to the cryptographic card 1, and performing encryption or decryption processing on the data to be processed by the cryptographic card 1, the time length of the cryptographic card 1 performing encryption or decryption processing on the data to be processed may be counted, where the time length is the actual processing time lengthF’
Step 703 compares the actual processing time length with the estimated processing time length. If the actual processing time length is equal to the estimated processing time length, the initial weight of the password card does not need to be dynamically adjusted.
If the actual processing time length is greater than the estimated processing time length and the difference between the actual processing time length and the estimated processing time length is greater than a first threshold (which may be configured empirically, but is not limited thereto), it indicates that the processing pressure of the cryptographic card is relatively high, and the initial weight of the cryptographic card should be reduced, so step 704 is executed. If the actual processing time length is greater than the estimated processing time length, but the difference between the actual processing time length and the estimated processing time length is not greater than the first threshold, the initial weight of the cryptocard does not need to be dynamically adjusted.
If the actual processing time length is less than the estimated processing time length and the difference between the estimated processing time length and the actual processing time length is greater than a second threshold (which may be configured empirically, but is not limited thereto), it indicates that the processing pressure of the cryptographic card is relatively low, and the initial weight of the cryptographic card should be increased, so step 705 is performed. If the actual processing time length is less than the estimated processing time length, but the difference between the estimated processing time length and the actual processing time length is not greater than a second threshold, the initial weight of the cryptocard does not need to be dynamically adjusted.
Step 704, decreasing the initial weight of the cryptographic card, and updating the initial weight proportion corresponding to the target data length based on the decreased initial weight, i.e. the initial weight of the cryptographic card is decreased in the initial weight proportion.
For example, when the initial weight of the cryptographic card is reduced, a first weight adjustment value may be determined based on a difference between the actual processing time length and the estimated processing time length, and the initial weight of the cryptographic card may be reduced based on the first weight adjustment value. For example, the initial weight of the crypto card may be reduced by equation (9):
S’= S-(F’-F* x1 formula (9)
S' denotes the initial weight after the reduction,Sthe initial weight before reduction, i.e. the initial weight in table 3 or table 4,F’which represents the actual processing time period,Fwhich represents the estimated duration of the processing time,x1representing a predetermined coefficient value, which may be empirically configured, for whichx1Without being limited thereto, the polymer is preferably a polymer,F’-Frepresenting a first weight adjustment value.
Step 705, increasing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the increased initial weight, that is, the initial weight of the password card is increased in the initial weight proportion.
For example, when the initial weight of the cryptographic card is increased, a second weight adjustment value may be determined based on a difference between the estimated processing time period and the actual processing time period, and the initial weight of the cryptographic card may be increased based on the second weight adjustment value. For example, the initial weight of the crypto card may be increased by equation (10):
S’= S+(F-F’* x2 formula (10)
S' denotes the initial weight after the increase,Sindicating the initial weight before the increaseI.e., the initial weights in table 3 or table 4,F’which represents the actual processing time period,Fwhich represents the estimated duration of the processing time,x2representing a predetermined coefficient value, which may be empirically configured, for whichx2Without being limited thereto, the polymer is preferably a polymer,F-F’representing the second weight adjustment value.
In step 704, if the target data length is 64B, and the reduced initial weight of the cryptocard 1 is a2 ', that is, the initial weight is changed from a2 to a2 ', the initial weight ratio corresponding to the target data length is updated to a2 ': b 2: c2, when data are issued to each cipher card again, dividing the total data amount corresponding to the service to be processed into (a 2 '+ b2+ c 2) data, taking a 2' data as the data to be processed of the cipher card 1, issuing the data to be processed to the cipher card 1, taking b2 data as the data to be processed of the cipher card 2, issuing the data to be processed to the cipher card 2, taking c2 data as the data to be processed of the cipher card 3, and issuing the data to be processed to the cipher card 3.
In step 705, if the target data length is 64B and the increased initial weight of the cryptocard 1 is a2 ", the initial weight ratio corresponding to the target data length is updated to a 2": b 2: c2, when sending data to each cipher card again, dividing the total data corresponding to the service to be processed into (a 2 '' + b2+ c 2) data, using a2 '' data as the data to be processed of the cipher card 1, and sending the data to be processed to the cipher card 1.
In summary, the initial weight of the cryptographic card may be dynamically adjusted based on the actual operation data of the cryptographic card, so that the data amount processed by the cryptographic card is closer to the processing performance of the cryptographic card.
Based on the same application concept as the method, the embodiment of the application provides a heterogeneous password card parallel computing device, wherein the data processing equipment comprises at least two password cards, and the at least two password cards comprise at least two types of password cards; the data processing apparatus stores a weight table, the weight table includes a corresponding relationship between a data length and an initial weight proportion, and the initial weight proportion is determined based on an initial weight of each cryptographic card, as shown in fig. 8, which is a schematic structural diagram of the apparatus, and the apparatus may include:
a determining module 81, configured to determine a target data length corresponding to a service to be processed, and query an initial weight ratio corresponding to the target data length from the weight table;
a processing module 82, configured to determine, for each cryptographic card, a data amount that needs to be processed by the cryptographic card based on the initial weight proportion, send to the cryptographic card data to be processed that matches the data amount, and perform encryption or decryption processing on the data to be processed by the cryptographic card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
Illustratively, the apparatus further comprises: the test module 83 is used for determining the initial weight of each password card corresponding to the data length based on test data generated in the test process of the password card; the test module 83 is specifically configured to, when determining the initial weight of the cryptographic card corresponding to the data length based on the test data generated in the test process of the cryptographic card:
testing the password card at the data processing equipment, and collecting first test data generated in the testing process, wherein the first test data comprises first operation times and first performance information of the password card;
determining a first sub-weight based on a first test duration of a test process, a data length used by the test process, the first operation times and the first performance information; wherein the first sub-weight is proportional to the first operation times, the first sub-weight is proportional to the data length, the first sub-weight is inversely proportional to the first test duration, and the first sub-weight is inversely proportional to the first performance information;
and determining an initial weight of the password card corresponding to the data length based on the first sub-weight.
Illustratively, the test module 83 is further configured to: testing the password card on a test platform, and collecting second test data generated in the test process, wherein the second test data comprises second operation times and second performance information of the password card; determining a second sub-weight based on a second test duration of the test process, a data length used by the test process, a second operation frequency and second performance information; the second sub-weight is in direct proportion to the second operation times, the second sub-weight is in direct proportion to the data length, the second sub-weight is in inverse proportion to the second test time length, and the second sub-weight is in inverse proportion to the second performance information; the test module 83 is specifically configured to, when determining the initial weight of the cryptographic card corresponding to the data length based on the first sub-weight: and determining the initial weight of the password card corresponding to the data length based on the first sub-weight, the weight coefficient of the first sub-weight, the second sub-weight and the weight coefficient of the second sub-weight.
For example, the test module 83 is specifically configured to determine the first sub-weight based on a first test duration of the test process, a data length used by the test process, the first operation number, and the first performance information: determining a first operational performance value based on the first test duration, the data length and the first operational frequency, wherein the first operational performance value represents the data volume processed by the cryptographic card in a unit period in the test process; the first operational performance value is in direct proportion to the first operational frequency, the first operational performance value is in direct proportion to the data length, and the first operational performance value is in inverse proportion to the first test duration; determining a first sub-weight based on the first operational performance value and the first performance information; wherein the first sub-weight is proportional to the first operational performance value.
Illustratively, the test module 83 is further configured to: determining an initial operational performance value of the cryptocard corresponding to the data length based on a first operational performance value, a weight coefficient of the first operational performance value, a second operational performance value and a weight coefficient of the second operational performance value, the initial operational performance value representing the data amount processed in a unit cycle; storing the initial operational performance values at the data processing apparatus.
Illustratively, the test module 83 is further configured to: determining an estimated processing time length based on the data size processed by the cipher card and the initial operational performance value, and determining an actual processing time length for the cipher card to encrypt or decrypt the data to be processed; if the actual processing time length is greater than the estimated processing time length, and the difference value between the actual processing time length and the estimated processing time length is greater than a first threshold value, reducing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the reduced initial weight; if the actual processing time length is smaller than the estimated processing time length, and the difference value between the estimated processing time length and the actual processing time length is larger than a second threshold value, increasing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the increased initial weight.
Based on the same application concept as the method, the embodiment of the application provides the data processing equipment, wherein the data processing equipment comprises at least two password cards, and the at least two password cards comprise at least two types of password cards; the data processing device stores a weight table including a correspondence of a data length and an initial weight proportion determined based on an initial weight of each of the cryptographic cards, and includes: a processor and a machine-readable storage medium having stored thereon machine-executable instructions executable by the processor; the processor is configured to execute the machine executable instructions to perform the steps of:
determining a target data length corresponding to a service to be processed; inquiring an initial weight proportion corresponding to the target data length from the weight table; for each password card, determining the data volume to be processed of the password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
Based on the same application concept as the method, embodiments of the present application further provide a machine-readable storage medium, where a plurality of computer instructions are stored on the machine-readable storage medium, and when the computer instructions are executed by a processor, the parallel computing method for heterogeneous cryptographic cards disclosed in the above examples of the present application can be implemented.
The machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A parallel computing method for heterogeneous cryptographic cards is characterized in that a data processing device comprises at least two cryptographic cards, wherein the at least two cryptographic cards comprise at least two types of cryptographic cards; the data processing device stores a weight table including a correspondence of data lengths to initial weight ratios determined based on an initial weight of each cryptocard, the method including:
determining a target data length corresponding to a service to be processed;
inquiring an initial weight proportion corresponding to the target data length from the weight table;
for each password card, determining the data volume to be processed of the password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
2. The method of claim 1, wherein determining the initial weight of the cryptographic card corresponding to the data length based on test data generated during the testing of the cryptographic card comprises:
testing the password card at the data processing equipment, and collecting first test data generated in the testing process, wherein the first test data comprises first operation times and first performance information of the password card;
determining a first sub-weight based on a first test duration of a test process, a data length used by the test process, the first operation times and the first performance information; wherein the first sub-weight is proportional to the first operation times, the first sub-weight is proportional to the data length, the first sub-weight is inversely proportional to the first test duration, and the first sub-weight is inversely proportional to the first performance information;
and determining an initial weight of the password card corresponding to the data length based on the first sub-weight.
3. The method of claim 2, further comprising:
testing the password card on a test platform, and collecting second test data generated in the test process, wherein the second test data comprises second operation times and second performance information of the password card;
determining a second sub-weight based on a second test duration of the test process, a data length used by the test process, the second operation times and the second performance information; wherein the second sub-weight is proportional to the second operation times, the second sub-weight is proportional to the data length, the second sub-weight is inversely proportional to the second test duration, and the second sub-weight is inversely proportional to the second performance information;
the determining the initial weight of the password card corresponding to the data length based on the first sub-weight includes: and determining the initial weight of the password card corresponding to the data length based on the first sub-weight, the weight coefficient of the first sub-weight, the second sub-weight and the weight coefficient of the second sub-weight.
4. The method of claim 3,
the second test duration is greater than the first test duration;
the weight coefficient of the first sub-weight is greater than the weight coefficient of the second sub-weight;
the first performance information includes at least one of: the CPU utilization rate of the data processing equipment, the memory utilization rate of the data processing equipment and the CPU utilization rate of the password card;
the second performance information includes at least one of: the CPU utilization rate of the test platform, the memory utilization rate of the test platform and the CPU utilization rate of the password card.
5. The method of claim 2,
the determining a first sub-weight based on a first test duration of a test process, a data length used by the test process, the first operation times and the first performance information includes:
determining a first operational performance value based on the first test duration, the data length and the first operational frequency, wherein the first operational performance value represents the data volume processed by the cryptographic card in a unit period in the test process; wherein, the first operational performance value is in direct proportion to the first operational times, the first operational performance value is in direct proportion to the data length, and the first operational performance value is in inverse proportion to the first test time length;
determining a first sub-weight based on the first operational performance value and the first performance information;
wherein the first sub-weight is proportional to the first operational performance value.
6. The method of claim 3,
the determining a second sub-weight based on a second test duration of the test process, a data length used by the test process, the second operation times and the second performance information includes:
determining a second operational performance value based on the second test duration, the data length and the second operational frequency, wherein the second operational performance value represents the data volume processed by the cryptographic card in the unit period in the test process; wherein the second operational performance value is proportional to the second operation times, the second operational performance value is proportional to the data length, and the second operational performance value is inversely proportional to the second test duration;
determining a second sub-weight based on the second operational performance value and the second performance information;
wherein the second sub-weight is proportional to the second operational performance value.
7. The method of claim 5 or 6, further comprising:
determining an initial operational performance value of the cryptocard corresponding to the data length based on a first operational performance value, a weight coefficient of the first operational performance value, a second operational performance value and a weight coefficient of the second operational performance value, the initial operational performance value representing the data amount processed in a unit cycle;
storing the initial operational performance values at the data processing apparatus.
8. The method according to claim 7, wherein the data to be processed that matches the data size is sent to the cryptographic card, and after the cryptographic card encrypts or decrypts the data to be processed based on the target data length, the method further comprises:
determining an estimated processing time length based on the data size processed by the cipher card and the initial operational performance value, and determining an actual processing time length for the cipher card to encrypt or decrypt the data to be processed;
if the actual processing time length is greater than the estimated processing time length, and the difference value between the actual processing time length and the estimated processing time length is greater than a first threshold value, reducing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the reduced initial weight;
if the actual processing time length is smaller than the estimated processing time length, and the difference value between the estimated processing time length and the actual processing time length is larger than a second threshold value, increasing the initial weight of the password card, and updating the initial weight proportion corresponding to the target data length based on the increased initial weight.
9. A heterogeneous password card parallel computing device is characterized in that a data processing device comprises at least two password cards, wherein the at least two password cards comprise at least two types of password cards; the data processing device stores a weight table including a correspondence of data lengths to initial weight ratios determined based on an initial weight of each cryptocard, the apparatus comprising:
the determining module is used for determining the target data length corresponding to the service to be processed and inquiring the initial weight proportion corresponding to the target data length from the weight table;
the processing module is used for determining the data volume needing to be processed by each password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
10. A data processing apparatus, characterized in that the data processing apparatus comprises at least two cryptographic cards, said at least two cryptographic cards comprising at least two types of cryptographic cards; the data processing apparatus stores a weight table including a correspondence of a data length and an initial weight proportion determined based on an initial weight of each of the cryptographic cards, the data processing apparatus including: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor;
the processor is configured to execute machine executable instructions to perform the steps of:
determining a target data length corresponding to a service to be processed;
inquiring an initial weight proportion corresponding to the target data length from the weight table;
for each password card, determining the data volume to be processed of the password card based on the initial weight proportion, sending the data to be processed matched with the data volume to the password card, and encrypting or decrypting the data to be processed by the password card based on the target data length;
wherein, for each data length, the initial weight proportion corresponding to the data length is determined based on the initial weight corresponding to the data length of each password card; for each cryptographic card, determining an initial weight of the cryptographic card corresponding to the data length based on test data generated during testing of the cryptographic card.
CN202110604862.5A 2021-05-31 2021-05-31 Parallel computing method, device and equipment for heterogeneous cryptographic cards Active CN113051599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110604862.5A CN113051599B (en) 2021-05-31 2021-05-31 Parallel computing method, device and equipment for heterogeneous cryptographic cards

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110604862.5A CN113051599B (en) 2021-05-31 2021-05-31 Parallel computing method, device and equipment for heterogeneous cryptographic cards

Publications (2)

Publication Number Publication Date
CN113051599A true CN113051599A (en) 2021-06-29
CN113051599B CN113051599B (en) 2021-10-29

Family

ID=76518606

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110604862.5A Active CN113051599B (en) 2021-05-31 2021-05-31 Parallel computing method, device and equipment for heterogeneous cryptographic cards

Country Status (1)

Country Link
CN (1) CN113051599B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114707134A (en) * 2022-05-31 2022-07-05 杭州海康威视数字技术股份有限公司 High-performance password card security management method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701583A (en) * 2012-09-28 2014-04-02 中国银联股份有限公司 Encryption processing device and method
US10142296B2 (en) * 2015-07-24 2018-11-27 Google Llc Systems and methods for improving precision of a location sensor
CN110866264A (en) * 2019-11-15 2020-03-06 成都卫士通信息产业股份有限公司 Multi-chip and multi-board cooperative operation method, device and equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701583A (en) * 2012-09-28 2014-04-02 中国银联股份有限公司 Encryption processing device and method
US10142296B2 (en) * 2015-07-24 2018-11-27 Google Llc Systems and methods for improving precision of a location sensor
CN110866264A (en) * 2019-11-15 2020-03-06 成都卫士通信息产业股份有限公司 Multi-chip and multi-board cooperative operation method, device and equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114707134A (en) * 2022-05-31 2022-07-05 杭州海康威视数字技术股份有限公司 High-performance password card security management method, device and system

Also Published As

Publication number Publication date
CN113051599B (en) 2021-10-29

Similar Documents

Publication Publication Date Title
CN110032884B (en) Method for realizing privacy protection in block chain, node and storage medium
CN110457945B (en) List query method, query party device, service party device and storage medium
US7706528B2 (en) Prime calculating apparatus, key issuing system, and prime calculation method
JPWO2012046692A1 (en) Secret sharing system, secret sharing apparatus, secret sharing method, secret sorting method, secret sharing program
US20130301826A1 (en) System, method, and program for protecting cryptographic algorithms from side-channel attacks
US9680647B2 (en) Method of using a token in cryptography
Cho et al. Random number generator using sensors for drone
CN103065082A (en) Software security protection method based on Linux system
CN113051599B (en) Parallel computing method, device and equipment for heterogeneous cryptographic cards
KR20080086476A (en) Encryption processing device, encryption processing method, and computer program
CN116488814A (en) FPGA-based data encryption secure computing method
CN103580869B (en) A kind of CRT-RSA signature method and device
Rajkumar et al. Implementation of cryptographic primitives
CN116070240B (en) Data encryption processing method and device of multi-chip calling mechanism
US9383966B2 (en) Number squaring computer-implemented method and apparatus
CN111294196B (en) Signal sending and receiving method and device, electronic equipment and storage medium
CN115114653A (en) Data processing method and device, electronic equipment and storage medium
JP2004530919A5 (en)
CN107634826B (en) Encryption method and system based on ZYNQ device
CN112434322A (en) Data encryption method and device, computer equipment and computer readable storage medium
CN112364367A (en) Object processing method, device and equipment based on privacy protection
CN114254335A (en) Encryption method and device based on GPU, encryption equipment and storage medium
CN112311536A (en) Key hierarchical management method and system
US20170126399A1 (en) Encryption apparatus, storage system, decryption apparatus, encryption method, decryption method, and computer readable medium
CN117851076B (en) Scheduling method and device of hardware resources, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant