CN113297588A - Password processing device, and control method and device of password processing device - Google Patents
Password processing device, and control method and device of password processing device Download PDFInfo
- Publication number
- CN113297588A CN113297588A CN202110089796.2A CN202110089796A CN113297588A CN 113297588 A CN113297588 A CN 113297588A CN 202110089796 A CN202110089796 A CN 202110089796A CN 113297588 A CN113297588 A CN 113297588A
- Authority
- CN
- China
- Prior art keywords
- service
- processing
- file
- module
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The embodiment of the disclosure relates to a password processing device, a control method and a control device of the password processing device, wherein the password processing device comprises a dynamic configuration area and a static configuration area, the dynamic configuration area is provided with a service processing module, and the static configuration area is provided with a password processing module; the service processing module can dynamically configure different service processing files, the service processing files correspond to service scenes, and the service processing module is used for acquiring service data to be subjected to cryptographic processing based on the service processing files and sending the service data to be subjected to cryptographic processing to the cryptographic processing module; the password processing module is used for performing password processing on the service data to be subjected to the password processing based on a password algorithm and feeding back the service data subjected to the password processing to the service processing module. The embodiment of the disclosure can realize dynamic loading of service processing files of different service scenes in the password processing equipment, and improve the universality of data encryption or decryption processing on different service scenes.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a cryptographic processing device, a method and an apparatus for controlling the cryptographic processing device, an electronic device, and a computer storage medium.
Background
Data encryption technology is an important means for guaranteeing data security. Aiming at a specific service processing scene, the encryption processing of the service data by adopting the heterogeneous card with the encryption function is an effective implementation mode. However, in the generation process of the heterogeneous card, the functions inside the board card are already cured according to the service scene, so that the heterogeneous card can only be applied to a single service scene.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, embodiments of the present disclosure provide a cryptographic processing device, and a control method and apparatus of the cryptographic processing device.
In a first aspect, an embodiment of the present disclosure provides a cryptographic processing apparatus, including a dynamic configuration area and a static configuration area, where the dynamic configuration area is provided with a service processing module, and the static configuration area is provided with a cryptographic processing module;
the service processing module can dynamically configure different service processing files, the service processing files correspond to service scenes, and the service processing module is used for acquiring service data to be subjected to cryptographic processing based on the service processing files and sending the service data to be subjected to cryptographic processing to the cryptographic processing module;
the password processing module is used for performing password processing on the service data to be subjected to password processing based on a password algorithm and feeding back the service data subjected to the password processing to the service processing module, and the password processing comprises encryption processing or decryption processing.
In a second aspect, an embodiment of the present disclosure further provides a method for controlling a cryptographic processing apparatus, which is applied to an upper management device, and includes:
generating a file loading request, and sending the file loading request to a service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
and receiving the service processing file fed back by the service management server, and issuing the service processing file to a file management module of the password management equipment.
In a third aspect, an embodiment of the present disclosure further provides a method for controlling a password processing device, which is applied to a service management server, and includes:
receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file;
and sending the service processing file corresponding to the identifier to the upper management device, so that the upper management device issues the service processing file to a file management module of the password management equipment.
In a fourth aspect, an embodiment of the present disclosure further provides a cryptographic processing method, applied to a cryptographic processing device, including:
dynamically configuring different service processing files in a service processing module, and acquiring service data to be subjected to password processing based on the service processing files;
and carrying out password processing on the service data to be subjected to password processing by using a password processing module based on a password algorithm, and feeding back the service data subjected to the password processing to the service processing module, wherein the password processing comprises encryption processing or decryption processing.
In a fifth aspect, an embodiment of the present disclosure further provides a control device for a cryptographic processing apparatus, configured on an upper management device, including:
the file loading request generating module is used for generating a file loading request and sending the file loading request to the service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
and the service processing file receiving module is used for receiving the service processing file fed back by the service management server and issuing the service processing file to the file management module of the password management equipment.
In a sixth aspect, an embodiment of the present disclosure further provides a control device for a cryptographic processing apparatus, configured in a service management server, including:
the file loading request receiving module is used for receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file;
and the service processing file sending module is used for sending the service processing file corresponding to the identifier to the upper management device so that the upper management device issues the service processing file to the file management module of the password management equipment.
In a seventh aspect, an embodiment of the present disclosure further provides a cryptographic processing system, including:
the upper management device is used for generating a file loading request and sending the file loading request to the service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
the service management server is used for receiving a file loading request sent by the upper management device and sending a service processing file corresponding to the identifier to the upper management device;
the upper management device is also used for receiving the service processing file fed back by the service management server and sending the service processing file to a file management module of the password management equipment;
the file management module of the password management equipment is used for sending the service processing file to the service processing module of the password management equipment;
the service processing module of the password management equipment is used for acquiring service data to be subjected to password processing based on the service processing file and sending the service data to be subjected to password processing to the password processing module of the password management equipment;
and the password processing module of the password management equipment is used for performing password processing on the service data to be subjected to password processing based on a password algorithm and feeding back the service data subjected to the password processing to the service processing module, and the password processing comprises encryption processing or decryption processing.
In an eighth aspect, the present disclosure further provides an electronic device, including a memory and a processor, where the memory stores a computer program, and when the computer program is executed by the processor, the processor executes the control method applied to the upper management apparatus or any cryptographic processing device of the service management server provided in the present disclosure.
In a ninth aspect, the present disclosure further provides a computer-readable storage medium, where a computer program is stored in the storage medium, and when the computer program is executed by a processor, the processor executes the control method applied to the upper management apparatus or any cryptographic processing device of the service management server provided in the present disclosure.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has at least the following advantages: in the embodiment of the present disclosure, the service processing module in the cryptographic processing device has a function of dynamically configuring different service processing files, based on the function, the cryptographic processing device can be applied to any service scenario with a data encryption or decryption requirement, so as to implement dynamic encryption processing or decryption processing for different service scenarios, further solve the problem that in the existing scheme, the data encryption or decryption processing is closely coupled with a specific service scenario (for example, the function of an encryption chip is cured according to the service scenario), which results in a single application scenario of the data encryption or decryption processing, and also solve the problem that in the process of encryption or decryption processing, since the service scenario does not support reconfiguration, the efficiency of the data encryption or decryption processing for different service scenarios is low, thereby implementing decoupling of the data encryption or decryption processing from the specific service scenario, the universality of the data encryption or decryption processing on different service scenes is improved, and the data encryption or decryption processing efficiency for different service scenes is improved.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Fig. 1 is a schematic structural diagram of a cryptographic processing device provided in an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of another cryptographic processing device provided in the embodiment of the present disclosure;
fig. 3 is an architectural diagram of an interactive implementation between an upper management device and a password processing device provided in the embodiment of the present disclosure;
fig. 4 is a flowchart of a cryptographic processing method provided by an embodiment of the present disclosure;
fig. 5 is a flowchart of a control method of a cryptographic processing apparatus according to an embodiment of the present disclosure;
fig. 6 is a flowchart of another control method for a cryptographic processing apparatus according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a control device of a cryptographic processing apparatus according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a control device of another cryptographic processing apparatus provided in the embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a cryptographic processing system provided in an embodiment of the present disclosure;
fig. 10 is a flowchart of a cryptographic processing method corresponding to the cryptographic processing system provided by the embodiment of the present disclosure;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
Fig. 1 is a schematic structural diagram of a cryptographic processing device provided in an embodiment of the present disclosure, which is used to exemplarily illustrate the cryptographic processing device provided in the embodiment of the present disclosure. In the embodiment of the present disclosure, the cryptographic processing device may be implemented based on a Field Programmable Gate Array (FPGA). The field programmable gate array is a program-driven logic device, which lays a foundation for improving the universality of the encryption or decryption scheme of the service processing file aiming at different service scenes in the embodiment of the disclosure. The cryptographic processing device of the embodiment of the present disclosure may be applied to various scenarios of encryption algorithms and/or decryption algorithms, for example, the scenario of a national cryptographic algorithm is also applicable, a specific application of the national cryptographic algorithm may be set in the government affairs and financial fields, government affair service data and financial service data may be generated in the two fields, when there is a need for server encryption and/or decryption, trusted computing, encrypted storage, and the like for the service data, the cryptographic processing device of the embodiment of the present disclosure may be used to perform encryption and/or decryption processing, and a specific processing manner may refer to the description in the following embodiments.
Optionally, the cryptographic processing device may be implemented in the form of a chip, and may be deployed in a local server or a cloud server, that is, for data encryption or decryption processing in the local server and for network data encryption or decryption processing in the cloud server, and the technical solution provided by the embodiment of the present disclosure has wide applicability. Specifically, the cryptographic processing device may be embedded in any server host through a preset physical interface.
As shown in fig. 1, the cryptographic processing device 100 includes a dynamic configuration area and a static configuration area, the functional module or data included in the dynamic configuration area may be dynamically changed according to the service processing requirement, and the functional module or data included in the static configuration area does not support change. The dynamic configuration area is provided with a service processing module 101, and the static configuration area is provided with a password processing module 102.
The service processing module 101 may dynamically configure different service processing files, where the service processing files correspond to service scenes, and the service processing module 101 is configured to obtain service data to be subjected to cryptographic processing based on the service processing files, and send the service data to be subjected to cryptographic processing to the cryptographic processing module 102. The service processing file in the service processing module 101 may be obtained by a user importing a file through a preset data interface of the password processing device 100; or the file loading request can be acquired from a local server or a cloud server according to a file loading request triggered by a user; or may be obtained from other interconnected devices through a network port disposed on the cryptographic processing apparatus 100. Based on different service scenarios, how to obtain processing logic of service data to be subjected to cryptographic processing is predefined in the service processing file, and specific content of the processing logic is not specifically limited in the embodiment of the present disclosure.
The cryptographic processing module 102 is configured to perform cryptographic processing on the service data to be subjected to the cryptographic processing based on a cryptographic algorithm, and feed back the service data subjected to the cryptographic processing to the service processing module 101, where the cryptographic processing includes encryption processing or decryption processing. The cryptographic algorithm may be any available encryption or decryption processing algorithm pre-configured in the cryptographic processing apparatus 100, and the embodiment of the present disclosure is not limited in particular. The service processing module 101 and the cryptographic processing module 102 may specifically perform data transmission through a preset data path.
Optionally, the service scenario in the embodiment of the present disclosure includes at least one of a server application scenario, a trusted computing application scenario, or an encrypted storage application scenario.
For example, for a server application scenario, the interaction process between the service processing module 101 and the cryptographic processing module 102 may include: after receiving specific scene data from a data source, the cryptographic processing device 100 extracts service data to be encrypted or decrypted from the scene data based on a service processing file of a current service scene (where a manner of how to obtain the service data to be subjected to cryptographic processing from the received scene data is predefined) by using the service processing module 101, and then sends the service data to be encrypted or decrypted to the cryptographic processing module 102 for encryption processing or decryption processing; the cryptographic processing module 102 feeds back the encrypted or decrypted service data to the service processing module 101 again; the service processing module 101 encapsulates the encrypted or decrypted service data into scene data again, and sends the encapsulated scene data to the data demander (the data demander may be the same as or different from the source data provider) through a preset data interface of the cryptographic processing device 100.
For example two, for a trusted computing application scenario, the interaction process between the service processing module 101 and the cryptographic processing module 102 may include: after receiving specific scene data from a data source, the cryptographic processing device 100 extracts encrypted source data (i.e., service data) by using the service processing module 101 based on a service processing file of a current service scene (where a manner of how to obtain the encrypted source data from the received scene data and processing logic of how to perform trusted computation on the decrypted source data are predefined), and then sends the encrypted source data (i.e., service data) to the cryptographic processing module 102 for decryption processing; the password processing module 102 sends the decrypted source data to the service processing module 101, the service processing module 101 performs trusted calculation on the decrypted source data based on the service processing file of the current service scene, and then sends a calculation result to the password processing module 102 for encryption processing; the cryptographic processing module 102 sends the encrypted calculation result to the service processing module 101; the service processing module 101 sends the encrypted calculation result to the data demander (which may be the same as or different from the source data provider) through a preset data interface of the cryptographic processing device 100.
For the encrypted storage application scenario, the interaction process between the service processing module 101 and the cryptographic processing module 102 may include: in the stage of storing data, after the cryptographic processing device 100 receives specific scene data from a data source, the service processing module 101 extracts service data to be stored from the scene data based on a service processing file of a current service scene (where a manner of how to obtain the service data to be cryptographically processed from the received scene data is predefined), and then sends the service data to be stored to the cryptographic processing module 102 for encryption processing; the password processing module 102 feeds back the encrypted service data to the service processing module 101 again; the service processing module 101 sends the encrypted service data to a storage module, so that the storage module stores the encrypted service data, where the storage module may be a functional module integrated in the cryptographic processing device 100 or a functional module in an electronic device independent of the cryptographic processing device 100; in the data reading stage, the service processing module 101 reads required encrypted data from the storage module based on a reading request of a data demander, and sends the encrypted data to the password processing module 102; the password processing module 102 decrypts the encrypted data and sends the decrypted data to the service processing module 101; the service processing module 101 sends the decrypted data to the data demanding party through a preset data interface of the cryptographic processing device 100.
Of course, the service scenario to which the embodiment of the present disclosure is applicable is not limited to the description in the foregoing example, and any service scenario that requires encryption processing or decryption processing may adopt the technical solution provided by the embodiment of the present disclosure.
In the embodiment of the present disclosure, the service processing module 101 in the cryptographic processing apparatus 100 is disposed in the dynamic configuration area, and has a function of dynamically configuring different service processing files (or referred to as supporting reconfiguration of the service processing files), based on which the cryptographic processing apparatus 100 can be applied to any service scenario with a data encryption or decryption requirement, so as to implement dynamic encryption processing or decryption processing for different service scenarios, thereby solving a problem that an application scenario of the data encryption or decryption processing is relatively single due to close coupling of the data encryption or decryption processing and a specific service scenario (for example, the function of an encryption chip is cured according to the service scenario) in the existing scheme, and also solving a problem that an efficiency of the data encryption or decryption processing for different service scenarios is relatively low due to non-supported reconfiguration of the service scenario in the encryption or decryption processing process, the decoupling of the data encryption or decryption processing and the specific service scene is realized, the universality of the data encryption or decryption processing on different service scenes is improved, and the data encryption or decryption processing efficiency for different service scenes is improved.
In an alternative embodiment, the static configuration area of the cryptographic processing device 100 may further include other functional modules. Fig. 2 is a schematic structural diagram of another cryptographic processing device provided in an embodiment of the present disclosure, as shown in fig. 2, a service processing module 101 is disposed in a dynamic configuration area of the cryptographic processing device 100, a cryptographic processing module 102 is disposed in a static configuration area, and further, the static configuration area is further provided with: a key storage module 103, configured to store a key of the cryptographic algorithm used by the cryptographic processing module 102. The corresponding key is different according to different cryptographic algorithms. When the cryptographic processing module 102 performs encryption processing or decryption processing on the service data, a required key may be acquired from the key storage module 103 according to a correspondence between an encryption algorithm and the key. By storing the key separately, it is possible to ensure the security of the key on the one hand and to help ensure the efficiency of the encryption process or the decryption process on the other hand.
As further shown in fig. 2, in an alternative embodiment, the static configuration area of the cryptographic processing apparatus 100 is further provided with: the file management module 104 is configured to receive the service processing file corresponding to the service scenario, and configure the service processing file to the service processing module 101, that is, the file management module 104 is configured to implement a function that the service processing module 101 can reconfigure the file. The service processing file received by the file management module 104 may be a local file in a server where the cryptographic processing device 100 is installed, for example, an operation of sending the service processing file to the file management module 104 is triggered by a file selection operation or an import operation of a user in the server; the service processing file received by the file management module 104 may also be a file transmitted to a server on which the cryptographic processing device 100 is installed via the internet, for example, by a user triggering a file loading request in the server on which the cryptographic processing device 100 is installed, the server obtains the service processing file from the internet according to the service processing file identifier carried in the file loading request, and sends the service processing file to the file management module 104.
In an alternative embodiment, the static configuration area of the cryptographic processing device 100 is further provided with: the user management module 106 is configured to receive the first scene data sent by the upper user management module, and send the first scene data to the service processing module 101 in the dynamic configuration area. The user management module 106 and the service processing module 101 may perform data transmission based on a preset data path, and at the same time, a register path and an interrupt path may be set between them. Wherein, the interrupt path may be used for the service processing module 101 to notify the user management module 106 that the data has been received; the register path may be configured to implement transmission of configuration information related to the data path, where the configuration information may include, for example, timing and transmission manner of data transmission in the data path, and the interrupt path and the register path may implement control of a data transmission process in the data path. Furthermore, a register path between the service processing module 101 and the user management module 106 is shared between the cryptographic processing module 102 and the service processing module 101.
The service processing module 101 is further configured to process the first scene data based on the service processing file to obtain service data to be subjected to cryptographic processing; and/or the presence of a gas in the gas,
the service processing module 101 is further configured to process the service data after the password processing based on the service processing file, generate second scene data, and send the second scene data to the user management module 106 in the static configuration area;
the user management module 106 is configured to feed back the second scene data to the upper user management module.
The user management module 106 and the upper layer user management module belong to functional modules that support each other functionally. The upper layer user management module may be deployed in a cloud server where the password processing apparatus 100 is installed, and may be obtained by performing transparent transmission on the user management module 106. The upper layer user management module corresponds to an operation interface or a user interface in the cloud server, so that a user can trigger visual operation processing for the first scene data, for example, selection operation of the scene data and the like, trigger a loading request of the scene data, and send the acquired first scene data to the user management module 106. The user management module 106 and the upper layer user management module are equivalent to a data stream inlet, and can be implemented by using a Physical function interface (PF) or a Virtual function interface (VF).
For the interaction between the user management module 106 and the upper user management module, the service processing file not only defines a manner how to obtain the service data to be subjected to cryptographic processing from the first scene data, but also defines a processing logic how to process the service data subjected to cryptographic processing to generate the second scene data. The first scenario data, the second scenario data, and the processing logic for generating the second scenario data are all related to a specific service scenario, and may be determined according to a service processing requirement, and embodiments of the present disclosure are not particularly limited.
For example, for a server application scenario, the first scenario data may be user information data for a large number of specific client users, and a manner how to obtain professional information of a specified number of client users from the first scenario data is defined in the service processing file, so that the service processing module 101 may obtain the professional information of the specified number of client users from the first scenario data based on the service processing file, serve as service data to be subjected to cryptographic processing, and then send the service data to the cryptographic processing module 102 for cryptographic processing; the service processing file also defines a processing logic for classifying the encrypted professional information according to the region where the client user is located, so that the service processing module 101 can classify the encrypted professional information based on the service processing file to obtain a professional information classification result, namely, the professional information classification result is used as second scene data, and then the professional information classification result is fed back to the upper layer user management module through the user management module 106.
Further, the user management module 106 and the service processing module 101 are connected through a PCIE interface. A PCIE interface is an end-to-end connection manner, where two ends of a PCIE link are respectively connected to a functional module, and the two functional modules are a data sending end and a data receiving end.
In an alternative embodiment, as shown in fig. 3, an upper management device (i.e., upper software) is deployed on a cloud server host where the cryptographic processing apparatus 100 is installed, which may specifically be implemented by deploying an upper management driver, as shown in fig. 3; the upper management device 300 may specifically include an upper user management module 306 and an upper file management module 304, where the upper user management module 306 may be obtained by transparently transmitting the user management module 106, and the upper user management module 306 corresponds to an operation interface or a user interface in a cloud server, and may be configured to generate a file loading request according to a user operation of a user on the operation interface or the user interface, and send the file loading request to the cloud server, where the file loading request includes an identifier of a preloaded service processing file, so that the cloud server may obtain the corresponding service processing file; the upper file management module 304 is configured to receive the service processing file fed back by the cloud server, and issue the service processing file to the file management module 104 of the password management device; after receiving the service processing file, the file management module 104 configures the service processing file to the service processing module. The upper file management module 304 and the file management module 104 are equivalent to a data stream inlet, and can be implemented by using a Physical function interface (PF).
As shown in fig. 3, in the embodiment of the present disclosure, the user management module 106 and the file management module 104 in the cryptographic processing apparatus belong to two functional modules that are isolated from each other, and accordingly, in the cloud server where the cryptographic processing apparatus 100 is installed, the upper layer user management module 306 and the upper layer file management module 304 also belong to two functional modules that are isolated from each other, that is, the implementation of the user-executable operation and the operation implemented inside the cloud server and the cryptographic processing apparatus are not affected by each other.
Returning to fig. 2, further, the number of the service processing files configured by the service processing module 101 may be at least one, for example, at least two. The multiple service processing files configured by the service processing module 101 may be for the same service scenario, for example, at least two service processing files are respectively used to obtain different types of service data in the same service scenario, the data types may be distinguished according to data functions or may be distinguished according to data contents, for example, the service data types may include user information data or service operation log data, so that the cryptographic processing module 102 respectively performs encryption processing or decryption processing on the different types of service data; the multiple service processing files configured by the service processing module 101 may also be respectively specific to different service scenarios, and each service processing file is used to acquire service data in the service scenario, so that the cryptographic processing module 102 performs encryption processing or decryption processing on the service data in different service scenarios. That is, in the implementation of the present disclosure, the cryptographic processing device 100 supports the simultaneous execution of data encryption or decryption tasks for multiple service processing files, which helps to improve the processing efficiency of data encryption or decryption.
Further, for the case that the number of the service processing files configured by the service processing module 101 is at least two, the service processing module 101 may further determine, according to a selection operation of a user or a file loading request triggered by the user, a service processing file currently used for acquiring service data to be subjected to cryptographic processing. For example, a local server in which the password processing apparatus 100 is installed provides an operation interface or a user interface corresponding to the function of the password processing apparatus 100 to the user for the user to select a desired service processing file.
As further shown in fig. 2, in an alternative embodiment, the static configuration area of the cryptographic processing apparatus 100 is further provided with: the authentication module 105 is configured to send the firmware in the static configuration area to an external authentication chip (or called a cryptographic chip) 107 for authentication.
The firmware of the static configuration area includes the underlying program code in the cryptographic processing apparatus 100, which can ensure the functional implementation of the cryptographic processing apparatus 100. The external authentication chip 107 has a data authentication function, and can verify the reliability of received data. The external authentication chip 107 and the cryptographic processing device 100 may be installed in the same server host, supporting data communication between the two. The external authentication chip 107 may be implemented by any existing authentication chip with authority and credibility, and the embodiment of the present disclosure is not particularly limited.
For example, the external authentication chip 107 may be used to verify whether an untrusted program exists in the firmware of the static configuration area. Further, the authentication module 105 is configured to send the firmware in the static configuration area to the external authentication chip 107 for authentication, and further configured to calculate the firmware by using a preset cryptographic algorithm (e.g., a hash algorithm) to obtain a first result file (or referred to as a bit file), so as to send the first result file and the firmware together to the external authentication chip 107 for authentication. For example, after the external authentication chip 107 obtains the first result file and the firmware, the same preset cryptographic algorithm may be used to calculate the firmware to obtain a second result file, if the second result file is the same as the first result file, the received firmware is true, and whether an untrusted program exists in the firmware is verified, and if the untrusted program does not exist, the cryptographic processing device 100 is determined to be trusted, otherwise, the cryptographic processing device 100 is determined to be untrusted. If the second result file and the first result file are not identical, it can be directly confirmed that the cryptographic processing device 100 is not authentic.
The external authentication chip 107 authenticates the firmware in the static configuration area in the password processing device 100, so that the identity authentication of the password processing device 100 can be realized, the credibility of the password processing device 100 can be confirmed, and the encryption or decryption function of the password processing device 100 can be effectively monitored.
Further, the authentication module 105 of the cryptographic processing device 100 is further configured to send the service processing file to the external authentication chip 107 for authentication;
the file management module 104 is configured to configure the service processing file to the service processing module 101 after the service processing file passes the authentication.
That is, the service processing file received by the cryptographic processing apparatus 100 may be first distributed to the external authentication chip 107, and after the external authentication chip 107 passes the authentication, the service processing file may be configured to the service processing module 101 through the file management module 104. For example, the external authentication chip 107 may determine whether the service processing file contains illegal or untrusted data by parsing the service processing file, and if so, the authentication fails, otherwise, the authentication succeeds. Besides the data loading path, a register path may be provided between the file management module 104 and the service processing module 101. The register path may be used for the file management module 104 to obtain firmware state information or network port state information related to the service processing module 101, so that the file management module 104 performs data maintenance or supervision.
The external authentication chip 107 authenticates the service processing file, so that the security of the service processing file can be ensured, and the validity of service data acquired based on the service processing file and the validity of a data encryption or decryption processing result can be further ensured.
In an alternative embodiment, the dynamic configuration area of the cryptographic processing device 100 is provided with a network port 108; the network port 108 may include, but is not limited to, any interface with network data transmission function, such as an optical interface.
The service processing module 101 is configured to receive, through the network port 108, first scene data sent by a service scene device (that is, equivalent to a source data provider), and process the first scene data based on a service processing file to obtain service data to be subjected to cryptographic processing; and/or the presence of a gas in the gas,
the service processing module 101 is configured to process the service data after the cryptographic processing based on the service processing file, generate second scene data, and send the second service scene data to the service scene device through the network port 108.
The service processing file not only defines a mode of how to acquire service data to be subjected to cryptographic processing from the first scene data, but also defines processing logic of how to process the service data subjected to cryptographic processing to generate second scene data.
For example, for an enterprise user, the service processing module 101 may receive, through the network port 108, first scenario data sent by a service scenario device controlled by the enterprise user, and process the first scenario data based on a service processing file to obtain service data to be subjected to cryptographic processing, and then send, through the network port 108, generated second service scenario data to the service scenario device, so as to improve data encryption or decryption processing efficiency for the enterprise user, and improve convenience of the enterprise user in encrypting or decrypting the service data.
As further shown in fig. 2, in an alternative embodiment, the dynamic configuration area of the cryptographic processing apparatus 100 is further provided with a memory 109 for storing (including caching) a service processing file or scene data corresponding to the service scene. The memory 109 may include any available memory module such as a Double Data Rate (DDR) synchronous dram, an eprom, or a ram.
For example, for a scenario in which the service processing file or the scenario data is a local file or local data for installing the cryptographic processing device 100, specifically, a trusted computing application scenario or an encrypted storage application scenario, the cryptographic processing device 100 may store the service processing file or the scenario data in the memory 109, and then the service processing module 101 may directly acquire the service processing file or the scenario data from the memory 109, which is beneficial to improving data acquisition efficiency.
It should be noted that the functional modules shown in fig. 1 or fig. 2 should not be understood as a specific limitation to the implementable manner of the cryptographic processing device, and the cryptographic processing device may further include other functional modules not shown in fig. 1 or fig. 2, and these functional modules may be implemented by software and/or hardware. Illustratively, a processor (e.g., a central processing unit, a graphics processor, etc.) may also be included in the cryptographic processing apparatus. The memory has stored therein a computer program (or computer readable instructions) that, when executed by the processor, enables the cryptographic processing apparatus to implement various suitable actions and processes, such as implementing a cryptographic processing method provided by embodiments of the present disclosure, the method may include: dynamically configuring different service processing files by using a service processing module, and acquiring service data to be subjected to password processing based on the service processing files; and the service data to be subjected to the cryptographic processing is subjected to cryptographic processing by using the cryptographic processing module based on a cryptographic algorithm, and the service data subjected to the cryptographic processing is fed back to the service processing module, wherein the cryptographic processing comprises encryption processing or decryption processing.
The cryptographic processing device may further comprise an input/output (I/O) interface, coupled to the processor and the memory, respectively, via the bus. Further, the cryptographic processing device further comprises a communication module, and the communication module can allow the cryptographic processing device to perform wireless or wired communication with other devices to exchange data. For example, a computer program stored in a memory of the cryptographic processing device may be downloaded and installed from a network via the communication module. The program code included in the memory may be transmitted using any suitable medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In the above embodiments of the present disclosure, an example of setting one dynamic configuration area and one static configuration area is described, but in a specific implementation process, a plurality of static configuration areas may be included, and versions of encryption algorithms and/or decryption algorithms configured by different static configuration areas are different, or categories of encryption algorithms and/or decryption algorithms are different, so as to meet requirements of different users, so that the user may have more options to select to use one or more of the static configuration areas to meet specific requirements of a service scenario of the user.
In addition, in the embodiment of the present disclosure, the static configuration area may be provided with a plurality of function modules, which may specifically be a plurality of function modules with different functions, such as a password processing module, a key storage module, a user management module, a file management module, an authentication module, and the like, obtained by virtualization according to actual needs.
Fig. 4 is a flowchart of a cryptographic processing method provided by an embodiment of the present disclosure, which is applied to a cryptographic processing device and is used to exemplarily illustrate a function implementation of the foregoing cryptographic processing device.
As shown in fig. 4, a cryptographic processing method provided in the embodiments of the present disclosure may include:
s101, dynamically loading different service processing files in a service processing module, and acquiring service data to be subjected to password processing based on the service processing files.
And S102, carrying out password processing on the service data to be subjected to the password processing by using the password processing module based on a password algorithm, and feeding back the service data subjected to the password processing to the service processing module, wherein the password processing comprises encryption processing or decryption processing.
Of course, according to various functional modules that can be implemented by the foregoing cryptographic processing apparatus, the cryptographic processing method applied to the cryptographic processing apparatus may further include other optional embodiments corresponding to the respective functional modules, and reference may be specifically made to the foregoing.
In the embodiment of the disclosure, the service processing module in the cryptographic processing device is utilized to dynamically configure the service processing files corresponding to different service scenarios, so that the cryptographic processing device can be applied to any service scenario with data encryption or decryption requirements, dynamic encryption processing or decryption processing for different service scenarios is realized, decoupling of the data encryption or decryption processing and a specific service scenario is further realized, universality of the data encryption or decryption processing for different service scenarios is improved, and data encryption or decryption processing efficiency for different service scenarios is improved.
The cryptographic processing method in the embodiments of the present disclosure, which also refers to the embodiments shown in fig. 1 and fig. 2, includes more processes and steps to implement the corresponding functions.
Fig. 5 is a flowchart of a control method of a cryptographic processing device, which is provided by an embodiment of the present disclosure and is used to exemplify how to implement file or data loading in a dynamic configuration area of the cryptographic processing device. The control method of the cryptographic processing apparatus shown in fig. 5 may be executed by an upper management device, which may be implemented by software and/or hardware, and may be integrated in a cloud server (or referred to as a service management server) in which the cryptographic processing apparatus is installed.
The control method applied to the cryptographic processing apparatus in the upper management device may be executed in cooperation with the aforementioned cryptographic processing method applied to the cryptographic processing apparatus, and details not explained in detail in the following embodiments may refer to details explained in any of the above embodiments.
For convenience of understanding the logic of the method shown in fig. 5, reference may also be made to what is shown in fig. 9 or fig. 10, where fig. 9 is a schematic structural diagram of a cryptographic processing system provided in an embodiment of the present disclosure, and fig. 10 is a flowchart of a cryptographic processing method corresponding to the cryptographic processing system provided in the embodiment of the present disclosure.
As shown in fig. 5, a method for controlling a cryptographic processing apparatus provided in an embodiment of the present disclosure may include:
s201, generating a file loading request, and sending the file loading request to a service management server, wherein the file loading request comprises an identifier of a preloaded service processing file.
The identifier is used for determining the service processing file uniquely, so that the service management server can acquire the required service processing file accurately. The file loading request can be triggered according to an operation of a user on an operation interface or a user interface displayed in the cloud server.
Exemplary one, generating a file load request, includes:
displaying a user management interface;
acquiring a first selection operation of a user for selecting a service processing file based on a user management interface;
a file load request is generated that includes an identification of the service process file based on the selection operation.
The upper management apparatus integrated in the service management server may be implemented in the form of a client. When a user has a file loading requirement, the client can be started, so that the client displays a user login interface, the user login interface can comprise login information such as an account and a password, and the user can successfully log in by inputting a correct account and a correct password; after the user logs in successfully, the client displays a user management interface to the user, the user management interface can display a list or icons of a plurality of service processing files, then the identification of the service processing file selected by the user is determined according to the first selection operation of the user on the service processing file, and a file loading request is further generated.
Exemplary two, generating a file load request includes:
displaying a user management instruction input window;
acquiring a selection instruction for selecting a service processing file input by a user based on a user management instruction input window;
a file load request including an identification of the service process file is generated based on the selection instruction.
The upper management device is integrated in the service management server, a corresponding instruction input window is arranged in the service management server, and a user can request the upper management device to display the user management instruction input window in a mode of instruction window calling; then, the user inputs a selection instruction for the service processing file by means of the input tool, and the selection instruction may include the identification of the service processing file, so that the upper management apparatus may generate a file loading request including the identification of the service processing file according to the selection instruction.
Exemplary three, generating a file load request includes:
acquiring and displaying a file selection service page;
acquiring a second selection operation of selecting a corresponding service processing file based on the file selection service page by the user;
a file load request is generated that includes an identification of the service process file based on the second selection operation.
When a user has a file loading requirement, a file selection service page acquisition request may be triggered in the service management server, for example, the request is triggered through a preset instruction or control in the service management server, the service management server sends a file selection service page to the upper management device according to the request, so that the upper management device displays the file selection service page to the user, and then generates a file loading request according to a page selection operation of the user.
The foregoing examples are merely illustrative of the embodiments of the present disclosure, and should not be construed as specific limitations of the embodiments of the present disclosure, and other manners that may be used to implement the file loading request generation also fall within the scope of the embodiments of the present disclosure.
Further, in this embodiment of the present disclosure, the sending, by the upper management apparatus, the file loading request to the service management server includes: and sending a file loading request to the network access point so that the network access point routes the file loading request to the service management server.
Network points of presence may include, but are not limited to, POP (point-of-presence) points of presence. In the embodiment of the disclosure, the interaction between the upper layer user management module in the upper layer management device and the user management module in the password processing device, and the interaction between the upper layer file management module in the upper layer management device and the file management module in the password processing device belong to two mutually isolated interaction processes, that is, a data link supporting user operation and a data link inside the service system are mutually independent, and the data link supporting user operation cannot directly contact the data link inside the service system, so that a file loading request generated based on user operation needs to be routed to the service management server by a network access point, and thus, the security of the data link inside the service system can be ensured.
S202, receiving the service processing file fed back by the service management server, and issuing the service processing file to a file management module of the password management device.
Based on the above technical solution, the upper management device illustratively includes an upper user management module and an upper file management module, the upper user management module generates a file loading request, and the upper file management module receives a service processing file fed back by the service management server.
Further, the method for controlling a cryptographic processing apparatus provided by the embodiment of the present disclosure may further include:
the upper layer user management module receives first scene data sent by the service scene equipment and sends the first scene data to the user management module of the password processing equipment; and/or the presence of a gas in the gas,
and receiving second scene data sent by the user management module, and feeding back the second scene data sent by the service scene equipment to the service scene equipment.
Specifically, the user management module receives first scene data sent by the upper layer user management module, and sends the first scene data to the service processing module in the dynamic configuration area; the service processing module processes the first scene data based on the service processing file to acquire service data to be subjected to password processing; the service processing module is also used for processing the service data after the password processing based on the service processing file to generate second scene data and sending the second scene data to the user management module of the static configuration area; and the user management module sends the second scene data to the upper layer user management module.
For the interaction between the user management module of the cryptographic processing device and the upper layer user management module of the upper layer management apparatus, the service processing file defines not only a manner how to obtain the service data to be cryptographic processed from the first scene data, but also a processing logic how to process the service data after cryptographic processing to generate the second scene data. The first scenario data, the second scenario data, and the processing logic for generating the second scenario data are all related to a specific service scenario, and may be determined according to a service processing requirement, and embodiments of the present disclosure are not particularly limited.
In the embodiment of the disclosure, through the interaction among the upper management device, the service management server and the password processing device, the dynamic loading of the service processing file by the password processing device under the cloud server scene can be controlled, so that the password processing device can be applied to any service scene with data encryption or decryption requirements, the dynamic encryption processing or decryption processing aiming at different service scenes is realized, the problem that the application scene of the data encryption or decryption processing is single due to the close coupling of the data encryption or decryption processing and the specific service scene in the existing scheme is solved, meanwhile, the problem that the efficiency of the data encryption or decryption processing aiming at different service scenes is low due to the fact that the service scene does not support the reconfiguration is solved, and the decoupling of the data encryption or decryption processing and the specific service scene is realized, the universality of the data encryption or decryption processing on different service scenes is improved, and the data encryption or decryption processing efficiency for different service scenes is improved.
Fig. 6 is a flowchart of another control method of a cryptographic processing device provided in an embodiment of the present disclosure, which is used to exemplify how to implement file or data loading in a dynamic configuration area of the cryptographic processing device. The control method of the cryptographic processing apparatus shown in fig. 6 may be executed by a control device of the cryptographic processing apparatus, and the device may be implemented by software and/or hardware and may be integrated in a cloud server (or referred to as a service management server) in which the cryptographic processing apparatus is installed.
The control method applied to the cryptographic processing device in the service management server is the same as the control method applied to the cryptographic processing device in the upper management apparatus, and the two methods are executed in cooperation.
For ease of understanding the logic of the method illustrated in fig. 6, reference may also be made to what is illustrated in fig. 9 or fig. 10. As shown in fig. 6, a method for controlling a cryptographic processing apparatus provided in an embodiment of the present disclosure may include:
s301, receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file.
S302, the service processing file corresponding to the identifier is sent to the upper layer management device, so that the upper layer management device issues the service processing file to the file management module of the password management equipment.
Optionally, the upper management device includes an upper user management module and an upper file management module, and the receiving of the file loading request sent by the upper management device is receiving of the file loading request sent by the upper user management module, and sending the service processing file corresponding to the identifier to the upper management device is sending of the service processing file corresponding to the identifier to the upper file management module.
On the basis of the foregoing technical solution, optionally, after receiving a file loading request sent by an upper management device, the method for controlling a password processing apparatus provided in the embodiment of the present disclosure further includes: recording the identifier of an upper management device sending a file loading request and the identifier of a service processing file in a state recording module;
correspondingly, before sending the service processing file corresponding to the identifier to the upper management device, the method for controlling the password processing device according to the embodiment of the present disclosure further includes:
and traversing the state recording module to acquire the identifier of the upper management device sending the file loading request and the identifier of the corresponding service processing file.
Through the recording and traversal acquisition of the identifier of the upper management device and the identifier of the service processing file, the service management server is facilitated to determine the file loading request sent by the upper management device at present, and the sending effectiveness of the service processing file is further ensured.
Optionally, before sending the service processing file corresponding to the identifier to the upper management device, the method for controlling a cryptographic processing apparatus according to the embodiment of the present disclosure further includes:
sending a file acquisition request to the cloud storage device based on the identifier of the service processing file;
and receiving a service processing file corresponding to the identifier and fed back by the cloud storage device.
The cloud storage device has the advantages of large storage space and high storage flexibility. Aiming at the cloud interaction condition, the service management server can acquire the required service processing file from the cloud storage device and feed the service processing file back to the upper file management module. Of course, the service management server may also obtain the service processing file from another preset storage location, and the embodiment of the present disclosure is not limited specifically.
In the embodiment of the disclosure, through the interaction among the upper management device, the service management server and the password processing device, the dynamic loading of the service processing file by the password processing device under the cloud server scene can be controlled, so that the password processing device can be applied to any service scene with data encryption or decryption requirements, and the dynamic encryption processing or decryption processing aiming at different service scenes is realized, thereby solving the problem that the application scene of the data encryption or decryption processing is single due to the close coupling of the data encryption or decryption processing and the specific service scene in the existing scheme, and simultaneously solving the problem that the efficiency of the data encryption or decryption processing aiming at different service scenes is low due to the fact that the service scene does not support the reconfiguration, and realizing the decoupling of the data encryption or decryption processing and the specific service scene, the universality of the data encryption or decryption processing on different service scenes is improved, and the data encryption or decryption processing efficiency for different service scenes is improved.
Fig. 7 is a schematic structural diagram of a control device of a cryptographic processing apparatus according to an embodiment of the present disclosure, where the control device may be implemented by software and/or hardware and may be configured in an upper management device.
As shown in fig. 7, the control device 400 of the cryptographic processing apparatus provided in the embodiment of the present disclosure may include a file loading request generating module 401 and a service processing file receiving module 402, where:
a file loading request generating module 401, configured to generate a file loading request, and send the file loading request to the service management server, where the file loading request includes an identifier of a preloaded service processing file;
the service processing file receiving module 402 is configured to receive the service processing file fed back by the service management server, and issue the service processing file to the file management module of the password management device.
Optionally, the upper management apparatus includes an upper user management module and an upper file management module, the upper user management module generates a file loading request, and the upper file management module receives a service processing file fed back by the service management server. In other words, the file loading request generation module 401 may be referred to as an upper user management module, or as a functional module integrated in the upper user management module; also, the service process file receiving module 402 may be referred to as an upper file management module, or as a functional module integrated in the upper file management module.
Optionally, taking as an example that the service processing file receiving module 402 may be referred to as an upper file management module, the upper file management module includes:
the receiving unit is used for receiving the service processing file fed back by the service management server;
the sending unit is used for issuing a service processing file to a file management module of the password management equipment;
optionally, the sending unit is specifically configured to: and sending a file loading request to the network access point so that the network access point routes the file loading request to the service management server.
Optionally, the upper layer user management module is further configured to: receiving first scene data sent by service scene equipment, and sending the first scene data to a user management module; and/or the presence of a gas in the gas,
and receiving second scene data sent by the user management module, and feeding back the second scene data sent by the service scene equipment to the service scene equipment.
Optionally, taking as an example that the file loading request generating module 401 may be referred to as an upper user management module, the upper user management module includes:
the generating unit is used for generating a file loading request;
a sending unit, configured to send a file loading request to a service management server;
optionally, the sending unit includes:
the first display unit is used for displaying a user management interface;
the first acquisition unit is used for acquiring a first selection operation of selecting a service processing file based on a user management interface by a user;
a first generating unit configured to generate a file loading request including an identification of the service processing file based on the selection operation; alternatively, the first and second electrodes may be,
the second display unit is used for displaying the user management instruction input window;
the second acquisition unit is used for acquiring a selection instruction for selecting the service processing file input by the user based on the user management instruction input window;
a second generation unit configured to generate a file loading request including an identification of the service processing file based on the selection instruction; or
The third display unit is used for acquiring and displaying the file selection service page;
the third acquisition unit is used for acquiring a second selection operation of selecting a corresponding service processing file based on the file selection service page by the user;
a third generating unit configured to generate a file loading request including an identification of the service processing file based on the second selecting operation.
The control device of the cryptographic processing device configured in the upper management device provided by the embodiment of the disclosure can execute any control method applied to the cryptographic processing device of the upper management device provided by the embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method. Reference may be made to the description of any method embodiment of the disclosure that may not be described in detail in the embodiments of the apparatus of the disclosure.
Fig. 8 is a schematic structural diagram of another control device of a cryptographic processing apparatus according to an embodiment of the present disclosure, where the control device may be implemented by software and/or hardware and may be configured in a service management server.
As shown in fig. 8, the control device 500 of the cryptographic processing apparatus provided in the embodiment of the present disclosure may include a file loading request receiving module 501 and a service processing file sending module 502, where:
a file loading request receiving module 501, configured to receive a file loading request sent by an upper management apparatus, where the file loading request includes an identifier of a preloaded service processing file;
the service processing file sending module 502 is configured to send the service processing file corresponding to the identifier to the upper management apparatus, so that the upper management apparatus issues the service processing file to the file management module of the password management device.
Optionally, the upper management device includes an upper user management module and an upper file management module, and the receiving of the file loading request sent by the upper management device is receiving of the file loading request sent by the upper user management module, and sending the service processing file corresponding to the identifier to the upper management device is sending of the service processing file corresponding to the identifier to the upper file management module.
Optionally, the control device 500 of the cryptographic processing apparatus provided in the embodiment of the present disclosure further includes:
the state recording module is used for recording the identifier of the upper management device which sends the file loading request and the identifier of the service processing file;
correspondingly, the control device 500 of the cryptographic processing apparatus provided by the embodiment of the present disclosure further includes:
and the state traversing module is used for traversing the state recording module to acquire the identifier of the upper management device which sends the file loading request and the identifier of the corresponding service processing file.
Optionally, the control device 500 of the cryptographic processing apparatus provided in the embodiment of the present disclosure further includes:
the file acquisition request sending module is used for sending a file acquisition request to the cloud storage device based on the identification of the service processing file;
and the service processing file receiving module is used for receiving the service processing file corresponding to the identifier fed back by the cloud storage device.
The control device configured in the service management server and provided by the embodiment of the disclosure can execute any control method applied to the service management server and has the corresponding functional modules and beneficial effects of the execution method. Reference may be made to the description of any method embodiment of the disclosure that may not be described in detail in the embodiments of the apparatus of the disclosure.
Fig. 9 is a schematic structural diagram of a cryptographic processing system according to an embodiment of the present disclosure. As shown in fig. 9, a cryptographic processing system 600 provided by the embodiment of the present disclosure may include an upper management apparatus 601, a service management server 602, and a cryptographic management device 603, where:
an upper management device 601, configured to generate a file loading request, and send the file loading request to the service management server 602, where the file loading request includes an identifier of a preloaded service processing file;
a service management server 602, configured to receive a file loading request sent by the upper management apparatus 601, and send a service processing file corresponding to the identifier to the upper management apparatus 601;
the upper management device 601 is further configured to receive the service processing file fed back by the service management server 602, and issue the service processing file to the file management module of the password management device 603;
the file management module of the password management device 603 is configured to send the service processing file to the service processing module of the password management device 603;
the service processing module of the password management device 603 is configured to obtain service data to be subjected to password processing based on the service processing file, and send the service data to be subjected to password processing to the password processing module of the password management device 603;
the cryptographic processing module of the cryptographic management device 603 is configured to perform cryptographic processing on the service data to be subjected to the cryptographic processing based on a cryptographic algorithm, and feed back the service data subjected to the cryptographic processing to the service processing module, where the cryptographic processing includes encryption processing or decryption processing.
Optionally, the upper management apparatus 601 includes an upper user management module and an upper file management module, the upper user management module generates a file loading request, sends the file loading request to the service management server 602, and the upper file management module receives the service processing file fed back by the service management server 602 and issues the service processing file to the file management module of the password management device 603.
It should be noted that the functions that can be realized by the upper management apparatus 601, the service management server 602, and the password management device 603 in the password processing system 600 according to the embodiment of the present disclosure are not limited to the above description, and even though not shown in fig. 9, other functional modules corresponding to the alternative implementation of the control method of the password processing device may also be included in the password processing system 600.
In the embodiment of the disclosure, through interaction among the upper management device, the service management server and the password processing device, dynamic loading of a service processing file by the password processing device under a cloud server scene can be controlled, so that the password processing device can be suitable for any service scene with data encryption or decryption requirements, dynamic encryption processing or decryption processing for different service scenes is realized, decoupling of data encryption or decryption processing and a specific service scene is further realized, universality of the data encryption or decryption processing on different service scenes is improved, and data encryption or decryption processing efficiency for different service scenes is improved.
Fig. 10 is a flowchart of a cryptographic processing method corresponding to the cryptographic processing system, or a flowchart of implementing dynamic loading of a file in a cloud server in a dynamic configuration area referred to as a cryptographic processing device, provided in the embodiment of the present disclosure, for exemplarily describing the embodiment of the present disclosure, which should not be construed as a specific limitation to the embodiment of the present disclosure.
Moreover, only a part of the functional modules are shown in fig. 10 with respect to the upper management apparatus 601 and the cryptographic processing device 603, and other functional modules that may be included in the upper management apparatus 601 and the cryptographic processing device 603 may be described with reference to other aspects of the embodiments of the present disclosure.
As shown in fig. 10, an upper layer user management module in the upper layer management apparatus 601 may obtain the user management module in the cryptographic processing device 603 by transparent transmission, and provide a visual user interface for the user, and the upper layer user management module may generate a file loading request according to a user operation received on the user interface, for example, a selection operation for a service processing file; the upper layer user management module sends the file loading request to a network point of presence (which may be a POP point of presence, for example), which in turn routes the file loading request to service management server 602. After acquiring the file loading request, the service management server 602 may determine that the currently received file loading request is sent by the upper management apparatus 601 by interacting with the upper management apparatus 601, for example, pulling the file loading request from the upper management apparatus 601. The file load request may include an identification of the preloaded service process file.
In the embodiment of the present disclosure, the interaction between the upper layer user management module in the upper layer management device 601 and the user management module in the cryptographic processing device 603, and the interaction between the upper layer file management module in the upper layer management device 601 and the file management module in the cryptographic processing device 603 belong to two mutually isolated interaction processes, that is, the data link supporting the user operation and the data link inside the service system are mutually independent, and the data link supporting the user operation cannot directly contact the data link inside the service system, so that a file loading request generated based on the user operation received by the user interface needs to be routed to the service management server 602 by the network access point, which can ensure the security of the data link inside the service system.
The service management server 602 obtains the corresponding service processing file according to the service processing file identifier carried in the file loading request, and then feeds back the service processing file to the upper file management module in the upper management device 601. The Service management server 602 may obtain a required Service processing file from a cloud Storage device or an Object Storage Service (OSS), or may obtain the Service processing file from another preset Storage location, which is not limited in this disclosure.
The upper file management module sends the received service processing file to the file management module of the password management device 603; inside the password management device 603, the file management module sends the service processing file to the service processing module; the service processing module acquires service data to be subjected to password processing based on the service processing file and sends the service data to be subjected to password processing to the password processing module; the password processing module performs password processing on the service data to be subjected to the password processing based on a password algorithm, and feeds the service data subjected to the password processing back to the service processing module, wherein the password processing comprises encryption processing or decryption processing.
Further, the service processing module can send the service data after the password processing to the user management module, and feed back the service data after the password processing to the upper layer user management module through the user management module. If the user has a data viewing requirement, the service data after the password processing can be viewed or other data processing can be executed through the user interface.
In the embodiment of the disclosure, through interaction among the upper management device, the service management server and the password processing device, dynamic loading of a service processing file by the password processing device under a cloud server scene can be controlled, so that the password processing device can be suitable for any service scene with data encryption or decryption requirements, dynamic encryption processing or decryption processing for different service scenes is realized, decoupling of data encryption or decryption processing and a specific service scene is further realized, universality of the data encryption or decryption processing on different service scenes is improved, and data encryption or decryption processing efficiency for different service scenes is improved.
Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, which is used to exemplarily describe an electronic device implementing a control method of any cryptographic processing device in the embodiment of the present disclosure, or exemplarily describe an electronic device integrated with an upper management apparatus for implementing a control method of a cryptographic processing device in the embodiment of the present disclosure, where the electronic device may be, for example, a local host or a cloud server.
Referring now in specific detail, a schematic diagram of a structure suitable for implementing the electronic device 1100 in the embodiments of the present disclosure is shown. The electronic device 1100 in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle-mounted terminal (e.g., a car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc. The illustrated electronic device is merely an example and should not impose any limitations on the functionality or footprint of embodiments of the present disclosure.
As shown, the electronic device 1100 may include a processor (e.g., central processing unit, graphics processor, etc.) 1101 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)1102 or a program loaded from a storage 1108 into a Random Access Memory (RAM) 1103. In the RAM 1103, various programs and data necessary for the operation of the electronic device 1100 are also stored. The processor 1101, the ROM 1102, and the RAM 1103 are connected to each other by a bus 1104. An input/output (I/O) interface 1105 is also connected to bus 1104.
Generally, the following devices may be connected to the I/O interface 1105: input devices 1106 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 1107 including, for example, Liquid Crystal Displays (LCDs), speakers, vibrators, and the like; storage devices 1108, including, for example, magnetic tape, hard disk, etc.; and a communication device 1109. The communication means 1109 may allow the electronic device 1100 to communicate wirelessly or wiredly with other devices to exchange data. While shown with various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication device 1109, or installed from the storage device 1108, or installed from the ROM 1102. When executed by the processor 1101, the computer program may perform the functions defined in the control method of any cryptographic processing apparatus provided by the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: generating a file loading request, and sending the file loading request to a service management server, wherein the file loading request comprises an identifier of a preloaded service processing file; and receiving the service processing file fed back by the service management server, and issuing the service processing file to a file management module of the password management equipment.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file; and sending the service processing file corresponding to the identifier to the upper management device, so that the upper management device issues the service processing file to a file management module of the password management equipment.
In embodiments of the present disclosure, computer program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to one or more embodiments of the present disclosure, there is provided a computer-readable storage medium storing a computer program for executing a control method of any of the cryptographic processing apparatuses provided by the embodiments of the present disclosure, or for executing any of the cryptographic processing methods provided by the embodiments of the present disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one alternative embodiment" means "at least one alternative embodiment". The terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules, or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules, or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (27)
1. The password processing equipment is characterized by comprising a dynamic configuration area and a static configuration area, wherein the dynamic configuration area is provided with a service processing module, and the static configuration area is provided with a password processing module;
the service processing module can dynamically configure different service processing files, the service processing files correspond to service scenes, and the service processing module is used for acquiring service data to be subjected to cryptographic processing based on the service processing files and sending the service data to be subjected to cryptographic processing to the cryptographic processing module;
the password processing module is used for performing password processing on the service data to be subjected to password processing based on a password algorithm and feeding back the service data subjected to the password processing to the service processing module, and the password processing comprises encryption processing or decryption processing.
2. The cryptographic processing apparatus of claim 1, wherein the static configuration area is further provided with:
and the key storage module is used for storing the key of the cryptographic algorithm.
3. The cryptographic processing apparatus of claim 1, wherein the static configuration area is further provided with:
and the file management module is used for receiving the service processing file corresponding to the service scene and configuring the service processing file to the service processing module.
4. The cryptographic processing device of claim 3, wherein the number of service processing files configured by the service processing module is at least one.
5. The cryptographic processing device of claim 3, wherein the service scenario comprises at least one of a server application scenario, a trusted computing application scenario, or an encrypted storage application scenario.
6. The cryptographic processing apparatus of claim 3, wherein the static configuration area is further provided with:
and the authentication module is used for sending the firmware of the static configuration area to an external authentication chip for authentication.
7. The cryptographic processing device of claim 6, wherein the authentication module is further configured to send the service processing file to an external authentication chip for authentication;
the file management module is used for configuring the service processing file to the service processing module after the service processing file passes the authentication.
8. The cryptographic processing apparatus of claim 1, wherein the static configuration area is further provided with:
the user management module is used for receiving first scene data sent by an upper layer user management module and sending the first scene data to the service processing module of the dynamic configuration area;
the service processing module is further used for processing the first scene data based on the service processing file to obtain service data to be subjected to cryptographic processing; and/or the presence of a gas in the gas,
the service processing module is further configured to process the service data after the password processing based on the service processing file, generate second scene data, and send the second scene data to the user management module in the static configuration area;
and the user management module is used for feeding back the second scene data to the upper layer user management module.
9. The cryptographic processing device of claim 8, wherein the user management module and the service processing module are connected via a PCIE interface.
10. The cryptographic processing apparatus of claim 1, wherein the dynamic configuration area is provided with a network port;
the service processing module is used for receiving first scene data sent by service scene equipment through the network port and processing the first scene data based on the service processing file to acquire service data to be subjected to password processing; and/or the presence of a gas in the gas,
the service processing module is used for processing the service data after the password processing based on the service processing file, generating second scene data and sending the second scene data to the service scene equipment through the network port.
11. The cryptographic processing device of claim 1, wherein the cryptographic processing device is implemented based on a field programmable gate array.
12. The cryptographic processing device of claim 1, wherein the cryptographic processing device is deployed in a local server or a cloud server.
13. A control method of a cryptographic processing apparatus, applied to an upper management device, includes:
generating a file loading request, and sending the file loading request to a service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
and receiving the service processing file fed back by the service management server, and issuing the service processing file to a file management module of the password management equipment.
14. The control method according to claim 13, wherein the upper management device includes an upper user management module and an upper file management module, the upper user management module generates a file loading request, and the upper file management module receives a service processing file fed back by the service management server.
15. The method according to claim 14, wherein the sending the file loading request to a service management server includes:
and sending the file loading request to a network access point so that the network access point routes the file loading request to a service management server.
16. The control method according to claim 14, characterized by further comprising:
the upper layer user management module receives first scene data sent by service scene equipment and sends the first scene data to the user management module; and/or the presence of a gas in the gas,
and receiving second scene data sent by the user management module, and feeding back the second scene data to the service scene equipment.
17. The control method according to claim 13, wherein the generating a file loading request includes:
displaying a user management interface;
acquiring a first selection operation of a user for selecting a service processing file based on the user management interface;
generating a file loading request comprising an identification of the service processing file based on the selection operation; alternatively, the first and second electrodes may be,
displaying a user management instruction input window;
acquiring a selection instruction for selecting a service processing file input by a user based on the user management instruction input window;
generating a file loading request comprising an identification of the service processing file based on the selection instruction; alternatively, the first and second electrodes may be,
acquiring and displaying a file selection service page;
acquiring a second selection operation of selecting a corresponding service processing file based on the file selection service page by the user;
generating a file load request including an identification of the service process file based on the second selection operation.
18. A control method of a cryptographic processing apparatus, applied to a service management server, includes:
receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file;
and sending the service processing file corresponding to the identifier to the upper management device, so that the upper management device issues the service processing file to a file management module of the password management equipment.
19. The method according to claim 18, wherein the upper management device includes an upper user management module and an upper file management module, the receiving of the file loading request sent by the upper management device is receiving of the file loading request sent by the upper user management module, and the sending of the service processing file corresponding to the identifier to the upper management device is sending of the service processing file corresponding to the identifier to the upper file management module.
20. The method according to claim 18, wherein after receiving the file loading request sent by the upper management device, the method further comprises:
recording the identifier of an upper management device sending a file loading request and the identifier of a service processing file in a state recording module;
before sending the service processing file corresponding to the identifier to the upper management device, the method further includes:
and traversing the state recording module to acquire the identifier of the upper management device sending the file loading request and the identifier of the corresponding service processing file.
21. The method according to claim 18, wherein before the sending the service process file corresponding to the identifier to the upper management apparatus, the method further comprises:
sending a file acquisition request to the cloud storage device based on the identification of the service processing file;
and receiving a service processing file corresponding to the identifier and fed back by the cloud storage device.
22. A cryptographic processing method, applied to a cryptographic processing apparatus, includes:
dynamically configuring different service processing files in a service processing module, and acquiring service data to be subjected to password processing based on the service processing files;
and carrying out password processing on the service data to be subjected to password processing by using a password processing module based on a password algorithm, and feeding back the service data subjected to the password processing to the service processing module, wherein the password processing comprises encryption processing or decryption processing.
23. A control device for a cryptographic processing apparatus, which is arranged in an upper management device, includes:
the file loading request generating module is used for generating a file loading request and sending the file loading request to the service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
and the service processing file receiving module is used for receiving the service processing file fed back by the service management server and issuing the service processing file to the file management module of the password management equipment.
24. A control device for a cryptographic processing apparatus, which is arranged in a service management server, comprising:
the file loading request receiving module is used for receiving a file loading request sent by an upper management device, wherein the file loading request comprises an identifier of a preloaded service processing file;
and the service processing file sending module is used for sending the service processing file corresponding to the identifier to the upper management device so that the upper management device issues the service processing file to the file management module of the password management equipment.
25. A cryptographic processing system, comprising:
the upper management device is used for generating a file loading request and sending the file loading request to the service management server, wherein the file loading request comprises an identifier of a preloaded service processing file;
the service management server is used for receiving a file loading request sent by the upper management device and sending a service processing file corresponding to the identifier to the upper management device;
the upper management device is also used for receiving the service processing file fed back by the service management server and sending the service processing file to a file management module of the password management equipment;
the file management module of the password management equipment is used for sending the service processing file to the service processing module of the password management equipment;
the service processing module of the password management equipment is used for acquiring service data to be subjected to password processing based on the service processing file and sending the service data to be subjected to password processing to the password processing module of the password management equipment;
and the password processing module of the password management equipment is used for performing password processing on the service data to be subjected to password processing based on a password algorithm and feeding back the service data subjected to the password processing to the service processing module, and the password processing comprises encryption processing or decryption processing.
26. An electronic device, comprising a memory and a processor, wherein the memory stores therein a computer program that, when executed by the processor, executes the method of controlling a cryptographic processing device of any one of claims 13-17, or the method of controlling a cryptographic processing device of any one of claims 18-21.
27. A computer-readable storage medium, characterized in that a computer program is stored in the storage medium, which, when executed by a processor, executes the method of controlling a cryptographic processing apparatus of any one of claims 13-17, or the method of controlling a cryptographic processing apparatus of any one of claims 18-21.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110089796.2A CN113297588A (en) | 2021-01-22 | 2021-01-22 | Password processing device, and control method and device of password processing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110089796.2A CN113297588A (en) | 2021-01-22 | 2021-01-22 | Password processing device, and control method and device of password processing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113297588A true CN113297588A (en) | 2021-08-24 |
Family
ID=77318867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110089796.2A Pending CN113297588A (en) | 2021-01-22 | 2021-01-22 | Password processing device, and control method and device of password processing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113297588A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116541898A (en) * | 2023-07-07 | 2023-08-04 | 山东多次方半导体有限公司 | FPGA-based reconfigurable password card design method for realizing multiple algorithms |
-
2021
- 2021-01-22 CN CN202110089796.2A patent/CN113297588A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116541898A (en) * | 2023-07-07 | 2023-08-04 | 山东多次方半导体有限公司 | FPGA-based reconfigurable password card design method for realizing multiple algorithms |
| CN116541898B (en) * | 2023-07-07 | 2023-10-13 | 山东多次方半导体有限公司 | FPGA-based reconfigurable password card design method for realizing multiple algorithms |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| EP3365830A1 (en) | Establishing trust between containers | |
| CN112039826B (en) | Login method and device applied to applet end, electronic equipment and readable medium | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| CN112866385B (en) | Interface calling method and device, electronic equipment and storage medium | |
| CN113742709B (en) | Information processing method and device, readable medium and electronic equipment | |
| CN111914229A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN107920060B (en) | Data access method and device based on account | |
| CN114826733A (en) | File transfer method, device, system, apparatus, medium, and program product | |
| CN113821821B (en) | Security architecture system, cryptographic operation method of security architecture system and computing device | |
| CN110705985A (en) | Method and apparatus for storing information | |
| CN113282951B (en) | Application program security verification method, device and equipment | |
| CN113297588A (en) | Password processing device, and control method and device of password processing device | |
| CN110602700B (en) | Seed key processing method and device and electronic equipment | |
| WO2023185514A1 (en) | Message transmission methods and apparatuses, storage medium and electronic device | |
| CN110414269B (en) | Processing method, related device, storage medium and system of application installation package | |
| US11425122B2 (en) | System and method for providing a configuration file to client devices | |
| US10992741B2 (en) | System and method for providing a configuration file to client devices | |
| CN112767142B (en) | Processing method, device, computing equipment and medium for transaction file | |
| CN114780124A (en) | Differential upgrading method, device, medium and electronic equipment | |
| EP3975015B9 (en) | Applet package sending method and device and computer readable medium | |
| CN113961931A (en) | Adb tool using method and device and electronic equipment | |
| CN110808993A (en) | Data transmission control method, device, computer system and medium | |
| CN111835846B (en) | Information updating method and device and electronic equipment | |
| CN115174062B (en) | Cloud service authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |