CN113094762B - Data processing method and device and signature verification server - Google Patents

Data processing method and device and signature verification server Download PDF

Info

Publication number
CN113094762B
CN113094762B CN202110479808.2A CN202110479808A CN113094762B CN 113094762 B CN113094762 B CN 113094762B CN 202110479808 A CN202110479808 A CN 202110479808A CN 113094762 B CN113094762 B CN 113094762B
Authority
CN
China
Prior art keywords
module
cpu
data
processing
fpga module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110479808.2A
Other languages
Chinese (zh)
Other versions
CN113094762A (en
Inventor
朱云
李元骅
可为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shudun Information Technology Co ltd
Original Assignee
Beijing Shudun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shudun Information Technology Co ltd filed Critical Beijing Shudun Information Technology Co ltd
Priority to CN202110479808.2A priority Critical patent/CN113094762B/en
Publication of CN113094762A publication Critical patent/CN113094762A/en
Application granted granted Critical
Publication of CN113094762B publication Critical patent/CN113094762B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1469Backup restoration techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • G06F15/78Architectures of general purpose stored program computers comprising a single central processing unit
    • G06F15/7867Architectures of general purpose stored program computers comprising a single central processing unit with reconfigurable architecture
    • G06F15/7885Runtime interface, e.g. data exchange, runtime control
    • G06F15/7892Reconfigurable logic embedded in CPU, e.g. reconfigurable unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a data processing method, a data processing device and a signature verification server, wherein the method comprises the following steps: the system management module sends a control instruction to the bottom hardware module through the background service program; receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing. The scheme of the invention greatly releases the computing capability of the CPU, and reduces the difficulty and the period of software development; the quick response capability is improved; the safety of the signature verification server is guaranteed.

Description

Data processing method and device and signature verification server
Technical Field
The invention relates to the technical field of computers, in particular to a data processing method and device and a signature verification server.
Background
In the prior art, a signature verification server is mostly formed by adopting a universal or customized server mainboard, a Central Processing Unit (CPU) module and an external PCI-e password card. The server mainboard provides a network interface, the CPU module is responsible for receiving and transmitting network data and analyzing the network data, and the PCI-e password card carries out signature and signature verification operation on the network data. In general, a server motherboard only provides a gigabit network port, cannot meet a complex network topology structure, needs to additionally install a PCI-e gigabit network card to support a gigabit network, and occupies precious PCI-e bus resources. The CPU can consume a large amount of CPU and system interrupt resources when receiving and transmitting network data packets, and especially under the condition of using a gigabit network card, the gigabit network card needs at least 4 cores of CPU for full-speed operation, and consumes about 20% of CPU resources. The CPU calls the PCI-e password card to carry out signature and signature verification operation, a large amount of CPU resources are consumed, and the operation burden of the CPU is further increased. Moreover, the signature verification computing capability of the conventional PCI-e password card is generally not very high, the product yield can reach 30 ten thousand times/second signature rate, and the requirement of the increasing signature verification rate cannot be met.
Disclosure of Invention
The invention aims to provide a data processing method, a data processing device and a signature verification server. The computing capability of a Central Processing Unit (CPU) of the signature verification server is greatly released, and the difficulty and the period of software development are reduced; the quick response capability is improved; the safety of the signature verification server is guaranteed.
In order to solve the technical problems, the technical scheme of the invention is as follows:
the invention provides a data processing method, which is applied to a signature verification server and comprises the following steps:
the system management module sends a control instruction to the bottom hardware module through the background service program;
receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing.
Optionally, the interface FPGA module sends the received data packet to the algorithm FPGA module according to the control instruction to perform the security operation processing or send the data packet to the CPU for processing, including:
the interface FPGA module analyzes the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is the service data needing safety processing, the data message is sent to the algorithm FPGA module for safety operation processing, and the operation result returned by the algorithm FPGA module is received;
and if the analysis result shows that the data message is control data which does not need to be safely processed, sending the control data to the CPU for processing.
Optionally, the interface FPGA module is in communication connection with the CPU through a transit FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
Optionally, the transfer FPGA module is in communication connection with the system monitoring module;
and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module, and receives system state information returned by the system detection module to the signature verification server.
Optionally, the system management module includes: the system comprises at least one of a system setting sub-module, an initialization configuration sub-module, a service configuration sub-module, an audit management sub-module, a monitoring early warning sub-module and an operation and maintenance management sub-module;
the system setting submodule is used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the initialization configuration submodule is used for configuring at least one of an initialization manager, network parameters and server certificate information of the signature and signature verification server;
the service configuration submodule is used for configuring relevant parameters of signature verification service;
the audit management submodule is used for configuring at least one of audit parameters and audit information management;
the monitoring and early warning submodule is used for detecting the state of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is used for at least one of equipment upgrading and service self-checking.
Optionally, if the analysis result indicates that the data packet is service data that needs to be subjected to security processing, sending the data packet to the algorithm FPGA module for performing security operation processing includes:
and if the analysis result shows that the data message is the service data needing safety processing and the destination address of the data message is the address of the equipment, sending the data message to an algorithm FPGA module for processing.
Optionally, receiving an operation result returned by the FPGA algorithm module includes:
and receiving the operation result of signing and/or signature verification of the data message by the algorithm FPGA module by adopting a preset safety algorithm.
The embodiment of the invention also provides a data processing device, which is applied to a signature verification server, and the device comprises:
the receiving and sending module is used for sending a control instruction to the bottom hardware module by the system management module through the background service program; receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing.
The embodiment of the invention also provides a signature verification server, which comprises: a system management module and a bottom hardware module;
the system management module sends a control instruction to the bottom hardware module through a background service program;
the system management module receives a processing result of the bottom hardware module for processing the data transmitted by the bottom hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a central processing unit CPU, an interface field programmable gate array FPGA module and an algorithm FPGA module; the CPU is in communication connection with the interface FPGA module; the interface FPGA module is in communication connection with the algorithm FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method as described above.
The scheme of the invention at least comprises the following beneficial effects:
sending a control instruction to a bottom hardware module through a background service program by a system management module; receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to a control instruction to perform safe operation processing or sends the data message to the CPU for processing. The scheme of the invention does not need the central processing unit CPU to realize the receiving, sending and analyzing of data, so that the operational capability of the central processing unit CPU is greatly released, and the difficulty and the period of software development are reduced; the software can be concentrated in management service, so that the safety and the quick response capability are improved; a plurality of network ports are expanded, so that different network environment requirements can be met; sensitive safety data are processed and stored by the data safety module, so that the safety of the signature verification server is ensured.
Drawings
FIG. 1 is a schematic flow chart diagram of a data processing method according to an embodiment of the present invention;
FIG. 2 is a block diagram of a software module according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a distributed system architecture of a central processing unit CPU and an interface FPGA module of a bottom hardware module according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an algorithm FPGA module of the underlying hardware module according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of an interface FPGA module of the underlying hardware module according to an embodiment of the present invention;
fig. 6 is a schematic flow chart of processing a data packet by an interface FPGA module of a bottom hardware module according to an embodiment of the present invention;
fig. 7 is a block diagram of a data processing apparatus according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention provides a data processing method, where the method includes:
step 11, the system management module sends a control instruction to a bottom hardware module through a background service program;
step 12, receiving a processing result obtained by the bottom layer hardware module processing the data transmitted by the bottom layer hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to a control instruction to perform safe operation processing or sends the data message to the CPU for processing.
As shown in fig. 2, in this embodiment, based on the operation of the hardware module, a background service program sends a control instruction to the bottom layer hardware module, and then receives data transmitted by the bottom layer hardware module and processed by the bottom layer hardware module according to the control instruction, so as to finally obtain a processing result; the quick response capability of the CPU of the server is improved, and the safety of the signature verification server is ensured. The underlying hardware modules here include: the FPGA-based control system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module.
As shown in fig. 2 and fig. 3, in an optional embodiment of the present invention, in step 12, the sending, by the interface FPGA module, the received data packet to the algorithm FPGA module for performing the secure operation processing or sending the data packet to the CPU for processing according to the control instruction includes:
step 121, the interface FPGA module analyzes the received data message according to the control instruction to obtain an analysis result;
step 122, if the analysis result indicates that the data message is service data which needs to be subjected to security processing, sending the data message to the algorithm FPGA module for performing security operation processing, and receiving an operation result returned by the algorithm FPGA module;
and step 123, if the analysis result shows that the data message is control data which does not need to be subjected to safety processing, sending the control data to the CPU for processing.
The embodiment is data processing by cooperation of a CPU and an FPGA; the interface FPGA module receives and transmits and/or analyzes the data message according to the received control instruction, and the CPU module is not required to process the receiving, transmitting and analyzing work of the data packet, so that the computing capability of the CPU is greatly released, the problem of excessive dependence on the CPU is solved, and the computing efficiency of the CPU is effectively improved.
As shown in fig. 2 and fig. 3, in an alternative embodiment of the present invention, the interface FPGA module is communicatively connected to the CPU through a relay FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program;
the transfer FPGA module is in communication connection with the system monitoring module; and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module, and receives system state information returned by the system detection module to the signature verification server.
In this embodiment, the interface FPGA module sends the control data to the CPU through the relay FPGA module to process and/or receive configuration information sent by the CPU, where the configuration information is generated by the system management module and configured to the CPU through the background service program. The transfer FPGA module is in communication connection with the system monitoring module, and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module and receives system state information returned to the signature verification server.
The transfer FPGA module is connected with the CPU module through a PCI-e bus, connected with the system detection module through a UART (Universal Asynchronous Receiver/Transmitter) bus and connected with the Interface FPGA through an RGMII (Reduced Gigabit Media Independent Interface) bus. The transfer FPGA module forwards data, and aims to link the CPU module, the system detection module and the interface FPGA module, so that the data can be transmitted mutually. The transfer FPGA module realizes the mutual connection of the CPU module, the system detection module and the interface FPGA module, plays a role in transferring and forwarding data, and enables the data to be interactively transmitted.
It should be noted that the CPU module provides a computing platform for software operation, and the software in the CPU can send configuration information to the interface FPGA module through the relay FPGA module, and can also obtain the state of the system detection module through the relay FPGA module; the system monitoring module may be configured to detect states of a power state, a temperature, and the like of the server, control a rotation speed of the fan, on/off of the power supply, and the like according to the related states, and be externally connected to a Real Time Clock (RTC) chip to provide Clock related information.
The interface FPGA module is connected with the physical network port through an RGMII bus and can provide a kilomega network interface and a kilomega network interface simultaneously; the RGMII bus is connected with the transfer FPGA module to realize communication with the CPU module; the SRAM bus is connected with the data security module, and the instructions of user management and key management of the CPU module are forwarded to the data security module; the algorithm FPGA module is connected through an internal high-speed bus, and the communication speed between the two FPGAs can reach 40 Gbps. The interface FPGA module is mainly used for receiving and transmitting data, analyzing a protocol and packaging.
The work flow of the interface FPGA module is to receive data from the interface, analyze a network protocol, transmit the data to the algorithm FPGA module if the data needs algorithm operation, encapsulate the operation result and transmit the encapsulated data from the interface; if the data is configuration data and management data which do not need arithmetic operation, the interface FPGA module can be forwarded to the CPU module for processing.
An SM3/SM4 algorithm IP core cluster is arranged in the algorithm FPGA module, and is respectively connected with an SM1/SM2 algorithm coprocessor and a random number chip through GPIO (General-purpose-input/output); the SM-cryptographic algorithm provided by the algorithm FPGA module can be called by an interface FPGA module and can also be called by a CPU module, so that the algorithm FPGA module has great flexibility, provides a high-speed SM3/SM4 algorithm, high-speed SM1 and SM2 algorithms and a true random number function, and plays a role in providing random numbers and SM1/SM2/SM3/SM4 algorithm services, wherein the SM1 algorithm and the SM2 algorithm are provided by an external special algorithm chip, a plurality of special algorithm chips can be simultaneously mounted to improve the speed of the SM1 and SM2 algorithms, the highest speed of the SM1 algorithm can reach 9Gbps, the signature operation of the SM2 algorithm can reach 36 thousands times/second, and the speed of the SM3 and SM4 algorithms can reach over 10 Gbps; in addition, it should be noted that the SM3/SM4 algorithm IP core cluster is composed of a plurality of algorithm IP cores, all the algorithm IP cores are independent of each other and can run simultaneously, and extremely high SM3/SM4 algorithm rate is provided.
As shown in fig. 4, in a specific embodiment 1, the algorithm FPGA module interacts with the host through an IP Core (i.e., an IP Core) of a PCI-e bus for DMA (direct Memory access), connects the SM3 algorithm pool, the SM4 algorithm pool, and an access interface of an ARM (ARM processor) through an AXI Stream bus by using software AXI Stream Interconnect, and finally interacts with an on-board ARM through an EMC (External Memory Controller), where the IP Core cluster includes a plurality of IP cores.
The interface FPGA module is connected with the transfer FPGA module through an RGMII Bus, is connected with the Data security module through an SRAM (Static Random-Access Memory), is connected with the algorithm FPGA module through an internal high-speed Data Bus, and has a communication rate of 40 Gbps; the communication between the interface FPGA module and the CPU is realized, and the instruction of the CPU module can be forwarded to the data security module, the data security module is composed of security chips which meet the specification, the secure storage of sensitive data is provided, the management operation which is matched with the CPU module to complete the management operation is realized, and the management operation comprises the management of a secret key system and the management of a system user; meanwhile, the data message can be transmitted and/or analyzed, the data message can be analyzed to an IP layer (network layer) and/or a TCP/UDP layer (Transmission Control Protocol/User data gram Protocol), the whole process of transmitting, receiving and/or analyzing the data message does not need the participation of a CPU, the operation burden of the CPU is reduced, and the operation efficiency of the CPU is improved.
As shown in fig. 5, in a specific embodiment 2, an interface FPGA module receives and transmits Data internally, a core part of the interface FPGA module is an AXIS _ stream _ Switch module, which is used for receiving a Data message, parsing the Data message, and further forwarding the Data at a high speed, and a com RGMII interface, a WX1860 RGMII interface, an HSMD 1 interface, an HSMD2-H2 interface, an HSH3 interface, an MCU (Microcontroller Unit) interface, a Config Data operation (configuration Data operation), an RGMII interface, and a plurality of ETH Data decors (ethernet Data part) are mounted outside the interface FPGA module for converting an AXIS stream format; the secure crypto chip ACH512 is connected with the AXIS _ stream _ Switch module through an MCU Interface, a DDR Control (Double Data Rate Control) is connected with the AXIS _ stream _ Switch module through a Config Data operation, an ALG FPGA 10G base (application layer programmable logic gate device of a ten-Gigabit Ethernet) is connected with an RGMII Interface through a GMII (Gigabit media Independent Interface), and an ETH PHY #0 (Ethernet physical layer #0) and an ETH PHY #1 (Ethernet physical layer #1) are connected with the AXIS _ stream _ Switch module through an ETH Data portion, so that the forwarding of Data messages is realized.
The hardware component of the embodiment is composed of a transfer FPGA module, an interface FPGA module, an algorithm FPGA module, a CPU module and other functional modules, wherein the hardware component is mainly completed by the interface FPGA and the algorithm FPGA without the participation of the CPU module; the interface FPGA module receives the data message and then carries out protocol analysis, if the data message is service data which needs to be safely processed, the interface FPGA module can directly send the data message to the algorithm FPGA module for safe operation processing, after the operation is finished, the algorithm FPGA module can send the result to the interface FPGA module for protocol encapsulation, the interface FPGA module sends the encapsulated data message out from an outer network, the whole process does not need the participation of the CPU module, and only a small amount of management data or negotiation data needs to be transmitted to the CPU module by the interface FPGA module for processing. The business processing mode only needs a CPU module to participate a little, thereby isolating the relation between the business data and the operating system, isolating the possibility of the system being attacked to a great extent and ensuring the safety.
In step 121, analyzing the received data packet, and obtaining an analysis result specifically includes: analyzing the data to obtain field information of the data message; the field information includes at least one of: the system comprises a preamble field, an MAC field, an IP address, a message type header, a payload and a check field, wherein the MAC field comprises a source MAC and a destination MAC, and the IP address comprises a source IP and a destination IP.
The field information format of the data packet in this embodiment is shown in table 1:
Preamble MAC IP Header TCP/UDP header Payload CRC
TABLE 1
The Preamble is a Preamble field, the MAC is a MAC field, the IP Header is an IP address including IPV4 or IPV6, the TCP/UDP Header is a packet type Header, Payload is a Payload, and CRC is a check field.
As shown in fig. 6, in an optional embodiment of the present invention, if the analysis result indicates that the data packet is service data that needs to be subjected to security processing, sending the data packet to the FPGA algorithm module for performing security operation processing includes:
and if the analysis result shows that the data message is the service data needing safety processing and the destination address of the data message is the address of the equipment, sending the data message to an algorithm FPGA module for processing.
In an optional embodiment of the present invention, receiving an operation result returned by the FPGA algorithm module includes: and receiving the operation result of signing and/or signature verification of the data message by the algorithm FPGA module by adopting a preset safety algorithm.
Wherein the security algorithm comprises at least one of the following algorithms: the SM1 algorithm; the SM2 algorithm; the SM3 algorithm; the SM4 algorithm; wherein the IP core cluster of the SM3 algorithm and the IP core cluster of the SM4 algorithm are independent of each other.
In this embodiment, an interface FPGA module processes a data packet, and there are two interfaces for receiving and transmitting the data packet, one is an electrical interface physical PHY module, which is converted into an RGMII interface in the FPGA, and the other is an SFP + optical module, where the electrical interface physical PHY module is preferably an electrical interface physical PHY module at 1Gbps, and the SFP + optical module is preferably an SFP + optical module at 10 Gbps;
the signature verification server in this embodiment is a terminal device, and a transmission process of the data packet in the signature verification server includes: judging whether the data message is a Transmission Control Protocol (TCP) message or a User Datagram (UDP) message, if so, analyzing a source port address and a destination port address; if the destination address is the address of the signature verification server, if the data message is control data which does not need to be subjected to safety operation, the data message is sent into a CPU data Fifo (central processing unit data first-in first-out) module and then sent into the CPU module through RGMII for processing, and if the data message is service data which needs to be subjected to safety operation, the data message is sent into an algorithm FPGA module through a process data Fifo (data processing first-in first-out) module for processing;
the data message is transmitted through the interface FPGA module, so that the process that the interface FPGA module sends the data message to the algorithm FPGA module for safe operation processing can be realized, and the operation burden of a CPU is reduced.
The data message receiving, sending, analyzing and safety processing are all provided by the hardware module, and the running pressure of the CPU module is further reduced in order to realize that the CPU module is concentrated on management service.
The embodiment of the invention also needs a software module running on the bottom hardware module, and the software module specifically comprises an application interface service system module, a system management module, a background service program module and a data communication module, and is used for data communication, system parameter configuration, user management, key management and the like between software and hardware.
Wherein the system management module comprises: the system comprises at least one of a system setting sub-module, an initialization configuration sub-module, a service configuration sub-module, an audit management sub-module, a monitoring early warning sub-module and an operation and maintenance management sub-module;
the system setting submodule is used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the initialization configuration submodule is used for configuring at least one of an initialization manager, network parameters and server certificate information of the signature and signature verification server;
the service configuration submodule is used for configuring relevant parameters of signature verification service;
the audit management submodule is used for configuring at least one of audit parameters and audit information management;
the monitoring and early warning submodule is used for detecting the state of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is used for at least one of equipment upgrading and service self-checking.
As shown in fig. 2, the underlying hardware includes: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; the software module comprises: an application interface service system module, a system management module, a background service program module and a data communication module, wherein,
1) the system management module comprises at least one of a system setting submodule, an initialization configuration submodule, a business configuration submodule, an audit management submodule, a monitoring and early warning submodule and an operation and maintenance management submodule;
the initialization configuration submodule is mainly used for signing at least one of an initialization manager of the signature verification server, configuring network parameters and maintaining a server certificate;
the system setting submodule is mainly used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the service configuration submodule is mainly used for configuring relevant parameters of signature verification service, and the relevant parameters comprise certificate management;
the audit management submodule is mainly used for configuring at least one of audit parameters and managing audit information;
the monitoring and early warning sub-module is used for detecting various states of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is mainly used for at least one of equipment upgrading and service self-checking.
2) The application interface service system module is a network service system and is used for providing a network management interface for a user; management data of a hypertext transfer protocol (HTTP) protocol sent by a user can be received, the protocol is analyzed, each function in a system management module is called, operation of the corresponding function is completed, and a result is displayed to the user;
3) the background service program module is used for monitoring the network port, caching the network data packet, analyzing and packaging a user protocol, forwarding configuration information and the like, and provides support for the upper system parameter configuration submodule, the user management submodule and the key management submodule. When data is sent from a bottom hardware module to a system management module, all protocol packages including a network protocol and a user-defined protocol are removed after the data passes through a background service program module, and only effective data is reserved; when data is sent to bottom hardware, corresponding protocol packages including network protocols and user-defined protocols are added after the data passes through the background service program module, and the packaged data can be forwarded to the corresponding bottom hardware module for processing.
4) Data communication is used for data communication between software and hardware, and the communication line thereof has 5:
a, a CPU module, a transfer FPGA module and a system monitoring module;
b, from the CPU module to the transfer FPGA module to the interface FPGA module;
c, from the CPU module to the transfer FPGA module to the interface FPGA module to the kilomega/teramega network port;
d, from the CPU module to the transfer FPGA module to the interface FPGA module to the data security module;
e, from the CPU module to the transfer FPGA module to the interface FPGA module to the algorithm FPGA module;
the line a is a data path for acquiring the state of the system monitoring module by the CPU module; the line b is a data path for configuring interface FPGA parameters by a CPU module; the line c is a data message path which is obtained by a CPU module and does not need an arithmetic operation data packet; the line d is a data path for transmitting user management and key management instructions to the data security module by the CPU module; the line e is a data path for calling the algorithm provided by the algorithm FPGA module by the CPU module;
it should be noted that, the data communication of all communication lines needs to follow an internally defined communication protocol, the first 16 bytes of each data packet is a communication protocol header, and the data packet is addressed and routed by a source ID and a destination ID, wherein the format of the communication protocol header is shown in table 2:
offset of Length of Means of
0 1 Source ID, indicating where the packet originated from
1 1 Destination ID, indicating where the packet is to be sent
2 2 Identifying the package and verifying the correctness of the package
4 2 Length of transmission data packet, 16 byte integer times
6 2 Expectation returnPacket length, 16 byte integer multiple
8 2 Key index + key type
10 1 Packet type, indicating the way in which the packet is processed
11 1 Channel number, indicating which algorithmic IP core to call
12 4 User reservation
TABLE 2
In the embodiment of the invention, a system management module sends a control instruction to a bottom hardware module through a background service program; receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module for safe operation processing or to the CPU for processing according to a control instruction of the system management module. The scheme of the invention greatly releases the computing capability of the CPU, and reduces the difficulty and the period of software development; the quick response capability is improved; the safety of the signature verification server is guaranteed.
As shown in fig. 7, an embodiment of the present invention further provides a data processing apparatus 70, which is applied to a signature verification server, and the apparatus includes:
the transceiver module 71 is configured to send a control instruction to the bottom hardware module through the system management module and the background service program; the processing module is used for receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), a field programmable gate array interface (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to a control instruction to perform safe operation processing or sends the data message to the CPU for processing.
Optionally, the interface FPGA module sends the received data packet to the algorithm FPGA module according to the control instruction to perform the security operation processing or send the data packet to the CPU for processing, including:
the interface FPGA module analyzes the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is the service data needing safety processing, the data message is sent to the algorithm FPGA module for safety operation processing, and the operation result returned by the algorithm FPGA module is received;
and if the analysis result shows that the data message is control data which does not need to be safely processed, sending the control data to the CPU for processing.
Optionally, the interface FPGA module is in communication connection with the CPU through a transit FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
Optionally, the transfer FPGA module is in communication connection with the system monitoring module;
and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module, and receives system state information returned by the system detection module to the signature verification server.
Optionally, the system management module includes: the system comprises at least one of a system setting sub-module, an initialization configuration sub-module, a service configuration sub-module, an audit management sub-module, a monitoring early warning sub-module and an operation and maintenance management sub-module;
the system setting submodule is used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the initialization configuration submodule is used for configuring at least one of an initialization manager, network parameters and server certificate information of the signature and signature verification server;
the service configuration submodule is used for configuring relevant parameters of signature verification service;
the audit management submodule is used for configuring at least one of audit parameters and audit information management;
the monitoring and early warning submodule is used for detecting the state of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is used for at least one of equipment upgrading and service self-checking.
Optionally, if the analysis result indicates that the data packet is service data that needs to be subjected to security processing, sending the data packet to the algorithm FPGA module for performing security operation processing includes:
and if the analysis result shows that the data message is the service data needing safety processing and the destination address of the data message is the address of the equipment, sending the data message to an algorithm FPGA module for processing.
Optionally, receiving an operation result returned by the FPGA algorithm module includes:
and receiving the operation result of signing and/or signature verification of the data message by the algorithm FPGA module by adopting a preset safety algorithm.
It should be noted that the apparatus is an apparatus corresponding to the above method, and all the implementations in the above method embodiment are applicable to the embodiment of the apparatus, and the same technical effects can be achieved. The apparatus may further comprise a processing module 72 for processing the data transceived by the transceiving module 71.
The embodiment of the invention also provides a signature verification server, which comprises: a system management module and a bottom hardware module;
the system management module sends a control instruction to the bottom hardware module through a background service program;
the system management module receives a processing result of the bottom hardware module for processing the data transmitted by the bottom hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a central processing unit CPU, an interface field programmable gate array FPGA module and an algorithm FPGA module; the CPU is in communication connection with the interface FPGA module; the interface FPGA module is in communication connection with the algorithm FPGA module; and the interface FPGA module sends the received data message to the algorithm FPGA module according to a control instruction to perform safe operation processing or sends the data message to the CPU for processing.
Optionally, the interface FPGA module sends the received data packet to the algorithm FPGA module according to the control instruction to perform the security operation processing or send the data packet to the CPU for processing, including:
the interface FPGA module analyzes the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is the service data needing safety processing, the data message is sent to the algorithm FPGA module for safety operation processing, and the operation result returned by the algorithm FPGA module is received;
and if the analysis result shows that the data message is control data which does not need to be safely processed, sending the control data to the CPU for processing.
Optionally, the interface FPGA module is in communication connection with the CPU through a transit FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
Optionally, the transfer FPGA module is in communication connection with the system monitoring module;
and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module, and receives system state information returned by the system detection module to the signature verification server.
Optionally, the system management module includes: the system comprises at least one of a system setting sub-module, an initialization configuration sub-module, a service configuration sub-module, an audit management sub-module, a monitoring early warning sub-module and an operation and maintenance management sub-module;
the system setting submodule is used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the initialization configuration submodule is used for configuring at least one of an initialization manager, network parameters and server certificate information of the signature and signature verification server;
the service configuration submodule is used for configuring relevant parameters of signature verification service;
the audit management submodule is used for configuring at least one of audit parameters and audit information management;
the monitoring and early warning submodule is used for detecting the state of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is used for at least one of equipment upgrading and service self-checking.
Optionally, if the analysis result indicates that the data packet is service data that needs to be subjected to security processing, sending the data packet to the algorithm FPGA module for performing security operation processing includes:
and if the analysis result shows that the data message is the service data needing safety processing and the destination address of the data message is the address of the equipment, sending the data message to an algorithm FPGA module for processing.
Optionally, receiving an operation result returned by the FPGA algorithm module includes:
and receiving the operation result of signing and/or signature verification of the data message by the algorithm FPGA module by adopting a preset safety algorithm.
It should be noted that the signature verification server is a signature verification server corresponding to the method, and all implementation manners in the above method embodiments are applicable to the embodiment of the signature verification server, and the same technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method as described above. All the implementation manners in the above method embodiments are applicable to the embodiment, and the same technical effect can be achieved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
Furthermore, it is to be noted that in the device and method of the invention, it is obvious that the individual components or steps can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of performing the series of processes described above may naturally be performed chronologically in the order described, but need not necessarily be performed chronologically, and some steps may be performed in parallel or independently of each other. It will be understood by those skilled in the art that all or any of the steps or elements of the method and apparatus of the present invention may be implemented in any computing device (including processors, storage media, etc.) or network of computing devices, in hardware, firmware, software, or any combination thereof, which can be implemented by those skilled in the art using their basic programming skills after reading the description of the present invention.
Thus, the objects of the invention may also be achieved by running a program or a set of programs on any computing device. The computing device may be a general purpose device as is well known. The object of the invention is thus also achieved solely by providing a program product comprising program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. It is to be understood that the storage medium may be any known storage medium or any storage medium developed in the future. It is further noted that in the apparatus and method of the present invention, it is apparent that each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be regarded as equivalents of the present invention. Also, the steps of executing the series of processes described above may naturally be executed chronologically in the order described, but need not necessarily be executed chronologically. Some steps may be performed in parallel or independently of each other.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (7)

1. A data processing method is applied to a signature verification server, and comprises the following steps:
the system management module sends a control instruction to the bottom hardware module through the background service program;
receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction by the bottom hardware module; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), an interface Field Programmable Gate Array (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module;
the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing; the method specifically comprises the following steps:
the interface FPGA module judges whether the data message is a Transmission Control Protocol (TCP) message or a User Data Protocol (UDP) message, and if so, analyzes a source port address and a destination port address; if the destination address is the address of the port of the signature and signature verification server, analyzing the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is service data which needs to be processed safely and the destination address of the data message is the address of the port of the signature verification server, the data message is sent to the algorithm FPGA module for safe operation processing and the operation result returned by the algorithm FPGA module is received;
if the analysis result shows that the data message is control data which does not need to be safely processed, the control data is sent to the CPU for processing; the interface FPGA module is in communication connection with the CPU through a transfer FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
2. The data processing method of claim 1, wherein the transit FPGA module is communicatively connected to a system monitoring module;
and the CPU sends a system detection instruction to the system monitoring module according to the configuration of the system management module, and receives system state information returned by the system monitoring module to the signature verification server.
3. The data processing method of claim 1, wherein the system management module comprises: the system comprises at least one of a system setting sub-module, an initialization configuration sub-module, a service configuration sub-module, an audit management sub-module, a monitoring early warning sub-module and an operation and maintenance management sub-module;
the system setting submodule is used for setting at least one of network time protocol NTP service, backup recovery, high availability and equipment self-checking service of the signature and signature verification server;
the initialization configuration submodule is used for configuring at least one of an initialization manager, network parameters and server certificate information of the signature and signature verification server;
the service configuration submodule is used for configuring relevant parameters of signature verification service;
the audit management submodule is used for configuring at least one of audit parameters and audit information management;
the monitoring and early warning submodule is used for detecting the state of the system and sending warning information according to a configuration strategy;
the operation and maintenance management submodule is used for at least one of equipment upgrading and service self-checking.
4. The data processing method of claim 1, wherein receiving the operation result returned by the FPGA algorithm module comprises:
and receiving the operation result of signing and/or signature verification of the data message by the algorithm FPGA module by adopting a preset safety algorithm.
5. A data processing apparatus, applied to a signature verification server, the apparatus comprising:
the receiving and sending module is used for sending a control instruction to the bottom hardware module through the system management module and the background service program; receiving a processing result obtained by processing the data transmitted by the bottom hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a Central Processing Unit (CPU), an interface Field Programmable Gate Array (FPGA) module in communication connection with the CPU and an algorithm FPGA module in communication connection with the interface FPGA module;
the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing; the method specifically comprises the following steps:
the interface FPGA module judges whether the data message is a Transmission Control Protocol (TCP) message or a User Data Protocol (UDP) message, and if so, analyzes a source port address and a destination port address; if the destination address is the address of the port of the signature and signature verification server, analyzing the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is service data which needs to be processed safely and the destination address of the data message is the address of the port of the signature verification server, the data message is sent to the algorithm FPGA module for safe operation processing and the operation result returned by the algorithm FPGA module is received;
if the analysis result shows that the data message is control data which does not need to be safely processed, the control data is sent to the CPU for processing;
the interface FPGA module is in communication connection with the CPU through a transfer FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
6. A signature verification server, comprising: a system management module and a bottom hardware module;
the system management module sends a control instruction to the bottom hardware module through a background service program;
the system management module receives a processing result of the bottom hardware module for processing the data transmitted by the bottom hardware module according to the control instruction; the bottom hardware module comprises: the system comprises a central processing unit CPU, an interface field programmable gate array FPGA module and an algorithm FPGA module; the CPU is in communication connection with the interface FPGA module; the interface FPGA module is in communication connection with the algorithm FPGA module; the interface FPGA module sends the received data message to the algorithm FPGA module according to the control instruction to perform safe operation processing or sends the data message to the CPU for processing; the method specifically comprises the following steps:
the interface FPGA module judges whether the data message is a Transmission Control Protocol (TCP) message or a User Data Protocol (UDP) message, and if so, analyzes a source port address and a destination port address; if the destination address is the address of the port of the signature and signature verification server, analyzing the received data message according to the control instruction to obtain an analysis result;
if the analysis result shows that the data message is service data which needs to be processed safely and the destination address of the data message is the address of the port of the signature verification server, the data message is sent to the algorithm FPGA module for safe operation processing and the operation result returned by the algorithm FPGA module is received;
if the analysis result shows that the data message is control data which does not need to be safely processed, the control data is sent to the CPU for processing;
the interface FPGA module is in communication connection with the CPU through a transfer FPGA module;
the interface FPGA module sends the control data to the CPU for processing and/or receiving the configuration information sent by the CPU through the transfer FPGA module; the configuration information is generated by a system management module and is configured to the CPU through a background service program.
7. A computer-readable storage medium storing instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 4.
CN202110479808.2A 2021-04-30 2021-04-30 Data processing method and device and signature verification server Active CN113094762B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110479808.2A CN113094762B (en) 2021-04-30 2021-04-30 Data processing method and device and signature verification server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110479808.2A CN113094762B (en) 2021-04-30 2021-04-30 Data processing method and device and signature verification server

Publications (2)

Publication Number Publication Date
CN113094762A CN113094762A (en) 2021-07-09
CN113094762B true CN113094762B (en) 2021-12-07

Family

ID=76680961

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110479808.2A Active CN113094762B (en) 2021-04-30 2021-04-30 Data processing method and device and signature verification server

Country Status (1)

Country Link
CN (1) CN113094762B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114430349A (en) * 2022-02-17 2022-05-03 国网江苏省电力有限公司宿迁供电分公司 Lightweight autonomous controllable Internet of things safety access method, terminal and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187771A (en) * 2015-07-31 2015-12-23 山东创德软件技术有限公司 Plant-level comprehensive supervision platform
CN107332671A (en) * 2017-08-15 2017-11-07 鼎讯网络安全技术有限公司 A kind of safety mobile terminal system and method for secure transactions based on safety chip
CN206712810U (en) * 2017-05-10 2017-12-05 北京数盾信息科技有限公司 A kind of high speed password card based on PCI E buses
CN108933788A (en) * 2018-07-03 2018-12-04 西南交通大学 A kind of RSSP-II agreement MAC code fast verification device based on FPGA
CN109145568A (en) * 2018-08-21 2019-01-04 西安得安信息技术有限公司 A kind of full algorithm cipher card and its encryption method based on PCI-E interface
CN109255259A (en) * 2018-09-11 2019-01-22 网御安全技术(深圳)有限公司 A kind of high safety encryption and decryption operational capability extended method and system
CN109783409A (en) * 2019-01-24 2019-05-21 北京百度网讯科技有限公司 Method and apparatus for handling data
CN111597142A (en) * 2020-05-15 2020-08-28 北京光润通科技发展有限公司 Network security acceleration card based on FPGA and acceleration method
CN112035902A (en) * 2020-08-12 2020-12-04 北京数盾信息科技有限公司 Encryption module for high-speed high-concurrency application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9444827B2 (en) * 2014-02-15 2016-09-13 Micron Technology, Inc. Multi-function, modular system for network security, secure communication, and malware protection
CN109286492A (en) * 2018-10-25 2019-01-29 北京中科富星信息技术有限公司 Encription algorithms approved by the State Password Administration Committee Office security video data exchange card and exchange method based on FPGA and DSP

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187771A (en) * 2015-07-31 2015-12-23 山东创德软件技术有限公司 Plant-level comprehensive supervision platform
CN206712810U (en) * 2017-05-10 2017-12-05 北京数盾信息科技有限公司 A kind of high speed password card based on PCI E buses
CN107332671A (en) * 2017-08-15 2017-11-07 鼎讯网络安全技术有限公司 A kind of safety mobile terminal system and method for secure transactions based on safety chip
CN108933788A (en) * 2018-07-03 2018-12-04 西南交通大学 A kind of RSSP-II agreement MAC code fast verification device based on FPGA
CN109145568A (en) * 2018-08-21 2019-01-04 西安得安信息技术有限公司 A kind of full algorithm cipher card and its encryption method based on PCI-E interface
CN109255259A (en) * 2018-09-11 2019-01-22 网御安全技术(深圳)有限公司 A kind of high safety encryption and decryption operational capability extended method and system
CN109783409A (en) * 2019-01-24 2019-05-21 北京百度网讯科技有限公司 Method and apparatus for handling data
CN111597142A (en) * 2020-05-15 2020-08-28 北京光润通科技发展有限公司 Network security acceleration card based on FPGA and acceleration method
CN112035902A (en) * 2020-08-12 2020-12-04 北京数盾信息科技有限公司 Encryption module for high-speed high-concurrency application

Also Published As

Publication number Publication date
CN113094762A (en) 2021-07-09

Similar Documents

Publication Publication Date Title
CN113194097B (en) Data processing method and device for security gateway and security gateway
CN112910932B (en) Data processing method, device and system
US7634650B1 (en) Virtualized shared security engine and creation of a protected zone
CN102790776B (en) Heartbeat connection normalizing processing method, terminal, server and communication system
CN104579695A (en) Data forwarding device and method
CN104580011A (en) Data forwarding device and method
CN107612679B (en) Ethernet bridge scrambling terminal based on state cryptographic algorithm
CN111294235B (en) Data processing method, device, gateway and readable storage medium
CN115599737B (en) Heterogeneous multi-core system, communication method, chip, equipment and storage medium
CN113094762B (en) Data processing method and device and signature verification server
WO2019190859A1 (en) Efficient and reliable message channel between a host system and an integrated circuit acceleration system
CN106656484B (en) A kind of PCI cipher card drive system and its implementation
CN112910646B (en) Data processing method and device of server cipher machine and server cipher machine
CN112637075A (en) UDP/IP protocol stack implementation method based on FPGA and FPGA chip
CN116074253B (en) Message chained forwarding method and device
CN113872826B (en) Network card port stability testing method, system, terminal and storage medium
CN115567260A (en) Network security detection processing method based on FPGA
CN110995726B (en) Network isolation system of FPGA chip based on embedded ARM
CN103188264B (en) Online network security processor and processing method
KR20120012354A (en) device for reducing load of TCP/IP Offload Engine
EP3832951A1 (en) An electronic system, corresponding method of operation and electronic device
WO2023030475A1 (en) Message processing method, apparatus, and system
WO2024131820A1 (en) Information processing method and related device
US20240095367A1 (en) Verifying encryption of data traffic
US20230269311A1 (en) Method and device for data transmission and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 100000 901, Floor 9, Building 7, Yard 8, Auto Museum East Road, Fengtai District, Beijing

Patentee after: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD.

Address before: 100094 room 101-502, 5th floor, building 10, yard 3, fengxiu Middle Road, Haidian District, Beijing

Patentee before: BEIJING SHUDUN INFORMATION TECHNOLOGY CO.,LTD.