CN114840318A - Scheduling method for preempting hardware key encryption and decryption resources through multiple processes - Google Patents
Scheduling method for preempting hardware key encryption and decryption resources through multiple processes Download PDFInfo
- Publication number
- CN114840318A CN114840318A CN202210453521.7A CN202210453521A CN114840318A CN 114840318 A CN114840318 A CN 114840318A CN 202210453521 A CN202210453521 A CN 202210453521A CN 114840318 A CN114840318 A CN 114840318A
- Authority
- CN
- China
- Prior art keywords
- decryption
- encryption
- task
- file
- hardware key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
- G06F9/5038—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals considering the execution order of a plurality of tasks, e.g. taking priority or time dependency constraints into consideration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/5011—Pool
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/5021—Priority
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, which comprises the following steps: step 1, starting a file encryption and decryption service, and automatically creating a performance state thread pool; step 2, the hardware key waits for the submission of the encryption and decryption tasks, defines the encryption and decryption priority of the file, and carries out the encryption and decryption tasks according to the priority; step 3, detecting whether a telephone exists or a video is recorded, pausing the encryption and decryption task, and continuing to submit the task; step 4, releasing hardware key resources, and discarding the files being encrypted and decrypted; and 5, continuing the file encryption and decryption task after the equal telephone or video recording is finished. The invention has the beneficial effects that: other tasks can be performed simultaneously in the process of file encryption and decryption, the file encryption and decryption efficiency is improved, and the normal operation of a system is ensured; for the task of processing file encryption and decryption in batches, a thread pool is created, and hardware resources are distributed according to task priority, so that on one hand, memory consumption is reduced, and on the other hand, system resource management is facilitated.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
Background
With the rapid development of information technology and intelligent terminals, people can not leave the intelligent terminals in life and work, data encryption technology is mature, and more encryption software and hardware devices are available. With the increasing frequency of using the intelligent terminal by people, the intelligent terminal stores a large number of important files which need to be encrypted and decrypted, in the process of encrypting and decrypting the files, the scheduling and the use of hardware key resources need to be involved, in order to better utilize the hardware key resources to carry out the operation of multi-process tasks, the prior art usually carries out the concurrent operation of the multi-tasks, ensures that the multi-process encryption and decryption tasks can be carried out in the same time when the intelligent terminal is applied, and improves the file encryption and decryption efficiency.
In the prior art, a single encryption chip hardware resource is usually called by multiple applications and multiple processes of a terminal machine for calling hardware equipment, so that the problems of low efficiency, resource preemption and the like of the hardware resource exist, the phenomena of disordered hardware state, data calculation, failure in encryption and decryption and the like caused by no process isolation of encryption and decryption data in a chip are caused, and even the intelligent terminal is subjected to unsmooth operation.
The prior terminal machine uses a single hardware resource to solve the problems of low efficiency, resource preemption and the like of multi-application and multi-process calling hardware resources, which easily causes the phenomena of hardware state confusion, data calculation confusion caused by no process isolation of encryption and decryption data in a chip, encryption and decryption failure and the like.
Disclosure of Invention
According to the defects of the prior art, the invention constructs a task scheduling center, sets a process scheduling method between applications, sets a thread pool in the file encryption and decryption process, designs task level priority, processes hardware resources occupied by the hardware resources with high task priority according to the priority of process tasks, and sequentially encrypts and decrypts according to the task submission sequence in a flat manner, so that the tasks are ensured to be performed orderly, congestion and collapse are avoided, the file encryption and decryption efficiency is greatly improved, and the maximum use of the hardware resources is ensured. The technical scheme is as follows.
A scheduling method for preempting hardware key encryption and decryption resources by multiple processes comprises the following steps:
step 1, starting a file encryption and decryption service, and automatically creating a performance state thread pool;
step 2, the hardware key waits for the submission of the encryption and decryption tasks, defines the encryption and decryption priority of the file, and carries out the encryption and decryption tasks according to the priority;
step 3, detecting whether a telephone or video and other service data exist, pausing the encryption and decryption task, and continuing to submit the task;
step 4, releasing hardware key resources, and discarding the files being encrypted and decrypted;
and 5, continuing the file encryption and decryption task after completing the business data of equal telephone or video recording and the like.
The invention has the beneficial effects that: the invention makes optimization aiming at the conditions that the efficiency of the user terminal for calling hardware equipment resources under the multi-application and multi-process state is low, the system is crashed due to resource preemption, encryption and decryption are failed, the stored data cannot be safely isolated and the like, and under different scenes, the hardware equipment resources are reasonably distributed according to different requirements, so that other tasks can be carried out in the process of file encryption and decryption, the file encryption and decryption efficiency is improved, and the normal operation of the system is ensured.
Drawings
FIG. 1 is a diagram of an encryption system structure of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
FIG. 2 is a hardware key resource multi-process processing flow diagram of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
FIG. 3 is a file encryption/decryption flowchart of a scheduling method for preempting hardware key encryption/decryption resources by multiple processes.
FIG. 4 is a schematic diagram of a hardware key resource functional structure of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
FIG. 5 is a diagram illustrating a relationship between hardware resource multiprocess scheduling pools in a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
FIG. 6 is a process flow diagram of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
Detailed Description
The embodiments of the invention will be described in detail below with reference to the drawings, but the invention can be implemented in many different ways as defined and covered by the claims.
As shown in fig. 1, 2, 4, and 5, fig. 1 is a flowchart of an encryption system of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, fig. 2 is a flowchart of hardware key resource multi-process processing of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, fig. 4 is a schematic diagram of process processing of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, and fig. 5 is a schematic diagram of a hardware resource multi-process scheduling pool relationship of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes.
As shown in fig. 1, in an encryption and decryption system, applications related to encryption and decryption are provided in the system, and when the applications are started, basic communication and key exchange between the applications and a hardware key are involved, where the hardware key includes a global monitoring module, an encryption and decryption scheduling module, and a resource control module, where:
the global monitoring module mainly monitors various event processes of the encryption and decryption system, including file encryption and decryption tasks, conversation, information, photographing, video recording and other tasks.
The encryption and decryption scheduling module is a processor for distributing hardware resources for the hardware key and the tasks in the message queue, when the file encryption and decryption tasks exist, the hardware key generates a state thread pool according to the system performance, and task encryption and decryption are carried out according to the priority of the encryption and decryption tasks. When the process of business data such as conversation, message, photographing, video recording and the like occurs and is sent to a message queue, the execution of the file encryption and decryption task is involved, the encryption and decryption scheduling center preferentially schedules hardware resources to be used by external processes of the business data such as conversation, message, photographing, video recording and the like, and the processing of file encryption and decryption is suspended. And after the external event is processed, the encryption and decryption scheduling center returns the hardware resources to the file encryption and decryption task in the queue, and continues to perform the file encryption and decryption task.
As shown in fig. 5, each encryption and decryption related service is set in the encryption and decryption system, when these services are serial, the basic communication and key exchange between the application and the hardware key are involved, a scheduling center is set by the hardware key, the scheduling center configures a service scheduling pool, the service scheduling pool returns a state through the hardware key to perform judgment and then scheduling, and when the current hardware state is an idle state, the highest service process is obtained from the service priority queue and executed; and when the current hardware key state is the occupied state, returning a special code according to the hardware key, and executing a corresponding process.
As shown in fig. 2, when the hardware state is the occupied state, according to the special code returned by the hardware, the hardware key sets the security domain environment and sets the instruction set execution sequence of a service, and the specific classification is as follows:
the first type: and executing instruction processes which take longer, such as key pair generation and key import. The hardware key returns the first special code, and the multithread executes some time-consuming tasks, IO (Input/Output) transceiving, resource release and performance adjustment.
The second type: and (4) security domain environment initialization: an init (initialization) class instruction, a hardware key returns a second special code, the scheduling center executes the rest instructions in the security domain environment of the same process, and the other processes and other instructions of the same process do not perform scheduling processing.
In the third category: the combined instruction ends, but the secure domain environment does not end: an instruction of update class or a matching instruction of HASH + signature verification represents that the service is continuous. And the hardware key returns a third special code, and the instruction priority of the same process is required to be increased during scheduling.
The fourth type: the security domain environment ends: the task representing the thread is immediately finished. And when the hardware key returns the fourth special code, the scheduling center stops the adjustment work of the priority queue, acquires a task instruction with the highest priority, and calls out corresponding source data from the data set to prepare for starting a new service.
And executing corresponding operation according to the security domain environment type corresponding to the hardware special code.
The resource control center is mainly responsible for executing, suspending and recovering tasks, so that hardware resources are orderly used by multiple processes, the utilization rate of the hardware resources is improved, encryption services are guaranteed to be efficiently and smoothly carried out, and the use experience of users is improved.
Various encryption and decryption related services are arranged in the encryption and decryption system, wherein the encryption and decryption related services comprise hardware calculation, hardware encryption and the like, and when the services are serialized, basic communication, key exchange and the like of an application and hardware keys are involved. When a single service process is used for encryption and decryption, hardware key resource preemption is not designed, when the services are in series, hardware resource preemption is involved, in order to ensure that the tasks can be successfully completed, the hardware key is provided with a scheduling center, a security domain environment is set, an instruction set execution sequence of one service is set, and resources are reasonably distributed for multi-process services.
When a plurality of processes need to use hardware resources, the scheduling problem of the hardware resources is involved, the invention sets a hardware resource scheduler, which is externally a scheduling pool and internally a hardware carries out multi-process design on service data processing, service data returning and service operation states according to scheduling and service processing. The service scheduling pool judges and schedules through a hardware return state, and the use state of the hardware resource has an idle state and an occupied state. When the current hardware state is an idle state, acquiring and executing the highest service process from the service priority queue; when the current hardware key state is the occupied state, returning a special code according to the hardware, and executing a corresponding process according to a rule, wherein the specific process is as shown in fig. 4. Completed traffic will return completion status and data.
The invention is based on hardware equipment, and combines and optimizes the process management, the memory management and the mobile phone system resource management of the terminal application program running mechanism again, thereby ensuring that the encryption and decryption tasks can be completed in time, ensuring that other applications can normally use hardware resources, and ensuring the normal running of the system.
Fig. 3 is a flowchart of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, and relates to a scheduling method for encryption and decryption resources, including the following steps:
step 1, starting a file encryption and decryption service, and automatically creating a performance state thread pool;
step 2, the hardware key waits for the submission of the encryption and decryption tasks, defines the encryption and decryption priority of the file, and carries out the encryption and decryption tasks according to the priority;
step 3, detecting whether a telephone exists or a video is recorded, pausing the encryption and decryption task, and continuing to submit the task;
step 4, releasing hardware key resources, and discarding the files being encrypted and decrypted;
and 5, continuing the file encryption and decryption task after the equal telephone or video recording is finished.
After the file encryption and decryption service is started, the system firstly creates a thread pool with the thread number of 1, the thread pool is used for running IO read-write of encryption and decryption tasks and file processing and management of running states of the encryption and decryption tasks, such as progress, result states, error information and the like, and then an encryption and decryption request interface and a task processing state interface are exposed to the outside for other processes to access encryption and decryption requests and states and wait for submission of an encryption and decryption file. The hardware key defines the priority of the encryption and decryption state of the file, the resource scheduling of the hardware key is distributed according to the priority of the file, and the encryption and decryption resources are distributed in the order of submission with the same priority. The hardware key monitors the global resource scheduling of the encryption and decryption system, when business data such as telephone, chat, photographing or video recording exist, the resource control center of the hardware key suspends the file encryption and decryption task, but the task can be continuously submitted and wait in the queue until the file thread pool is full. The hardware key resources occupied by the file encryption and decryption task can be actively released, the files being encrypted and decrypted are discarded, and after conversation, chatting, photographing and video recording are completed, the file encryption and decryption task can immediately recover the original state, and the file encryption and decryption task is continued.
Fig. 5 is a diagram of a relationship between encryption and decryption thread pools of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes. The hardware key carries out multi-process scheduling design on service data processing, service return data and service operation states, and a resource scheduling pool of the hardware key is set, wherein the functions comprise control of concurrency quantity, perception of file encryption and decryption states, suspension and recovery of resource preemption, global notification of file encryption and decryption processing results and the like.
The control of the concurrent number ensures the control of the task number of the hardware key in the same time process, ensures the system to stably run in the bearable maximum threshold value, and maintains the stable encryption and decryption system environment.
The perception function of the file encryption and decryption state is mainly used for judging whether the encryption and decryption system executes, suspends and resumes the encryption and decryption tasks, and the perception of the execution of the file encryption and decryption tasks is mainly used for creating a thread pool of the file encryption and decryption tasks, so that the threads are conveniently managed, and the consumption of hardware resources is reduced. The perception of the suspension and the recovery of the file encryption and decryption task is mainly used for judging that the suspension and the recovery of the file encryption and decryption task are ensured in the process of executing conversation, information and the like or after the conversation, the information and the like are finished.
The pause and recovery function of resource preemption is mainly used for pause and recovery of file encryption and decryption tasks in the process of executing conversation or shooting. The global notification function of the file encryption and decryption processing result is used for judging various application systems of the encryption and decryption system before execution, so that the encryption and decryption tasks are ensured to be smoothly carried out on one hand, the multi-process tasks are ensured to be capable of running concurrently on the other hand, and the system is ensured not to crash.
Fig. 6 is a process processing flow chart of a scheduling method for preempting hardware key encryption and decryption resources by multiple processes, including the following steps:
the method comprises the steps of firstly, when a plurality of tasks such as file and call photographing need to be encrypted and decrypted at the same time, sending a request to a communication interface, wherein the communication interface is a communication bridge for interaction of a resource scheduling internal working state and upper-layer service logic.
The communication interface has the main functions of: 1) the system is responsible for maintaining all resource requests, state storage and data transmission of upper-layer services; 2) the internal encryption and decryption task state, error information and various request responses are transmitted back to the upper layer service; 3) detecting an external resource request, and making an initial request decision on whether the external resource request is a valid request, storage or discarding and the like; 4) and reporting the running state, the life cycle and the resource allocation condition of the resource scheduling running kernel to external interaction at regular time.
In a specific embodiment of the present invention, the specific operation of the communication structure is as follows: when the upper layer service needs to request encryption and decryption, request information is packaged into a message object and sent to a communication interface, and the communication interface analyzes the request information and judges whether the request is an effective request.
If the request is an effective request, the key information parameters are saved and then transferred to an internal request queue, and if the request is an ineffective request, the key information parameters are directly discarded and returned. And submitting a successful request, and continuously returning the execution state (executing, executing progress, execution result) of the current task and the like carried by the communication interface to an upper layer request.
The communication interface isolates the running kernel of the resource scheduling from the outside, hides the internal working mechanism and implementation thereof, ensures the orderly running of the resource scheduling, can ensure that the working and running of the internal kernel are not interfered by the upper-layer service logic, ensures the stability and the robustness of the running period, and also ensures the decoupling of the service codes, the change of the upper-layer service function can not influence the function of the running kernel, and the function expansion or the change of the running kernel can not influence the function of the upper-layer service logic, thereby greatly facilitating the function expansion and the maintenance in the later period.
And secondly, creating a thread pool with the thread number of 1, wherein the thread pool is used for running IO read-write of the encryption and decryption tasks and file processing and managing the running state of the encryption and decryption tasks, such as progress, result state, error information and the like, performing task encryption and decryption according to the priority of the encryption and decryption tasks, and exposing an encryption and decryption request interface and a task processing state interface to the outside for other processes to perform encryption and decryption requests and state access.
Meanwhile, the life cycle management can work synchronously, so that the application can run for a long time in the background, the encryption and decryption task queue can be prevented from being easily interrupted, and meanwhile, important information of the encryption and decryption tasks is protected, so that the next time the encryption and decryption core processes are run again under the condition of violent interruption by a system or a user, the working state can be seamlessly restored, the safety of data is ensured, and when the application leaves the user interface background and runs, after all tasks are completely finished, the encryption and decryption core processes are initiatively killed, and all occupied resources are released.
And thirdly, allocating resources according to the task priority.
The preemptive dynamic resource allocation process is as follows: when multiple encrypted and decrypted requests are received, the requests are saved to a priority queue. The request queues are sorted according to the priority of the requests, the high priority is arranged in front, and the priority of the request queues is sorted for the second round according to the time stamps submitted by the requests. If no encryption/decryption task is running, the encryption/decryption tasks are taken out from the request queue in sequence for processing, if a task is processed, the priority of the first request of the take-out queue is compared with the priority of the current task, if the priority is higher than the priority of the current task, the key information parameter of the current task is reserved, then the current task is discarded and added into the request queue for subsequent processing, and if the priority is not higher than the priority of the current task, the current task continues to be processed.
The principle of the scheduling method of the invention is as follows: hardware encryption only has one communication channel, if unified allocation and scheduling of resources are not performed, long-time channel blocking can be caused under the concurrent request state of a plurality of encryption and decryption tasks, mobile phone system resources are seriously consumed, and the serious problems of data loss, file encryption and decryption read-write messy codes and the like can be caused by preempting hardware resources when a large number of tasks are requested.
The invention makes optimization aiming at the conditions that the efficiency of the user terminal for calling hardware equipment resources under the multi-application and multi-process state is low, the system is crashed due to resource preemption, encryption and decryption are failed, the stored data cannot be safely isolated and the like, and under different scenes, the hardware equipment resources are reasonably distributed according to different requirements, so that other tasks can be carried out in the process of file encryption and decryption, the file encryption and decryption efficiency is improved, and the normal operation of the system is ensured.
For the task of processing the file encryption and decryption in batch, a thread pool is established, and hardware resources are distributed according to the task priority, so that on one hand, the memory consumption is reduced, and on the other hand, the system resource management is facilitated.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A scheduling method for preempting hardware key encryption and decryption resources by multiple processes is characterized by comprising the following steps:
step 1, starting a file encryption and decryption service, and automatically creating a thread pool of a performance state;
step 2, the hardware key waits for the submission of the encryption and decryption tasks, defines the encryption and decryption priority of the file, and carries out the encryption and decryption tasks according to the priority;
step 3, detecting whether business data exists or not, pausing the encryption and decryption tasks, and continuously submitting the tasks;
step 4, releasing hardware key resources, and discarding the files being encrypted and decrypted;
and 5, continuing the file encryption and decryption task after the business data is finished.
2. The scheduling method according to claim 1, wherein in step 2, the hardware key defines the priority of the encryption/decryption status of the file, the resource scheduling of the hardware key is allocated according to the priority of the file, and the encryption/decryption resources are allocated in the order of submission with the same priority.
3. The scheduling method of claim 1, wherein the hardware key resource that has been preempted by the file encryption and decryption task is actively released, and discards the file being encrypted and decrypted, and when the service data processing is completed, the file encryption and decryption task immediately restores to its original state, and continues to perform the file encryption and decryption task.
4. The scheduling method of claim 1 wherein the hardware key listens to the global resource scheduling of the encryption and decryption system, and the resource control center of the hardware key suspends the file encryption and decryption task, but the task can continue to be submitted and wait in the queue until the file thread pool is full.
5. The scheduling method according to claim 1, wherein the hardware key sets an encryption/decryption task scheduling framework based on a thread pool framework, for controlling the concurrency number, sensing the encryption/decryption state of the file, suspending and resuming resource preemption, and globally notifying the encryption/decryption processing result of the file, wherein:
the control of the concurrent number ensures the control of the task number of the hardware key in the same time process, ensures the system to stably run in the bearable maximum threshold value and maintains the stable encryption and decryption system environment;
the perception function of the file encryption and decryption state is mainly used for judging whether the encryption and decryption system executes, suspends and resumes the encryption and decryption tasks, and the perception of the execution of the file encryption and decryption tasks is mainly used for creating a thread pool of the file encryption and decryption tasks, so that the thread is convenient to manage, and the consumption of hardware resources is reduced;
the perception of the suspension and the recovery of the file encryption and decryption task is mainly used for judging that the suspension and the recovery of the file encryption and decryption task are ensured in the process of executing conversation, information and the like or after the conversation, the information and the like are finished;
the global notification function of the file encryption and decryption processing result is used for judging various application systems of the encryption and decryption system before execution.
6. The scheduling method of claim 1 wherein the method for the hardware key to process the multitasking process comprises the following steps:
when a plurality of tasks need to be encrypted and decrypted simultaneously, sending a request to a communication interface;
creating a thread pool with the thread number of 1, wherein the thread pool is used for running IO reading and writing of encryption and decryption tasks and file processing and managing the running state of the encryption and decryption tasks, performing task encryption and decryption according to the priority of the encryption and decryption tasks, and exposing an encryption and decryption request interface and a task processing state interface to the outside for other processes to perform encryption and decryption requests and state access;
and performing resource allocation according to task priority, and storing a plurality of encrypted and decrypted requests into a priority queue when the requests are received.
7. The scheduling method according to claim 6, wherein the method for applying the communication interface comprises the following steps:
when the upper layer service needs to request encryption and decryption, firstly packaging request information into a message object and sending the message object to a communication interface;
the communication interface analyzes the request information, judges whether the request information is an effective request, if the request information is the effective request, the key information parameters are stored and then transmitted to an internal request queue, and if the request information is an ineffective request, the key information parameters are directly discarded and returned;
and submitting a successful request, and continuously returning the execution state of the current task to the upper layer request by the communication interface.
8. The scheduling method according to claim 6, wherein the lifecycle management modules of the thread pool work synchronously to ensure that the encryption and decryption task queue is not easily interrupted and to protect important information of the encryption and decryption tasks;
when the encryption and decryption core process is interrupted, the seamless recovery working state is re-run,
and after all tasks are completed, the life cycle management module initiatively kills the encryption and decryption core process and releases all occupied resources.
9. The scheduling method according to claim 1, wherein each encryption/decryption related service is set in an encryption/decryption system, when the services are serialized, the basic communication and key exchange between the application and the hardware key are involved, a scheduling center is set through the hardware key, the scheduling center is configured with a service scheduling pool, the service scheduling pool is judged and then scheduled through the return state of the hardware key, and when the current hardware key state is in an idle state, the highest service process is obtained from a service priority queue and executed; and when the current hardware key state is an occupied state, returning a special code according to the hardware, and executing a corresponding process.
10. The scheduling method of claim 9, wherein when the hardware key is in an occupied state, the hardware returns a plurality of special codes, and according to the difference between the special codes, the hardware key sets a security domain environment and sets an instruction set execution sequence of a service, specifically:
the first special code is used for executing a command which consumes longer time, and the scheduling center enables a plurality of threads to execute a plurality of time-consuming tasks, IO (Input/Output) receiving and sending, resource releasing and performance adjusting according to the first special code;
the second special code is security domain environment initialization, the scheduling center executes the remaining instructions in the security domain environment of the same process, and the other processes and other instructions of the same process do not perform scheduling processing;
the third special code is that the instruction combination is finished, but the security domain environment is not finished, and the scheduling center increases the instruction priority of the same process;
and the fourth special code is that the security domain environment is ended, which means that the task of the thread is immediately ended, the scheduling center stops the adjustment work of the priority queue, obtains the task instruction with the highest priority, and calls out the corresponding source data from the data set to prepare for starting a new service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210453521.7A CN114840318A (en) | 2022-04-27 | 2022-04-27 | Scheduling method for preempting hardware key encryption and decryption resources through multiple processes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210453521.7A CN114840318A (en) | 2022-04-27 | 2022-04-27 | Scheduling method for preempting hardware key encryption and decryption resources through multiple processes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114840318A true CN114840318A (en) | 2022-08-02 |
Family
ID=82567179
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210453521.7A Pending CN114840318A (en) | 2022-04-27 | 2022-04-27 | Scheduling method for preempting hardware key encryption and decryption resources through multiple processes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114840318A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115221543A (en) * | 2022-08-30 | 2022-10-21 | 成都瑞安信信息安全技术有限公司 | File service-based multi-file concurrent encryption and decryption method and system |
| CN115495223A (en) * | 2022-11-18 | 2022-12-20 | 安徽华云安科技有限公司 | Task safety scheduling method, device, equipment and storage medium |
| CN116339956A (en) * | 2023-05-29 | 2023-06-27 | 天翼云科技有限公司 | Distribution method and device of configuration tasks, electronic equipment and storage medium |
-
2022
- 2022-04-27 CN CN202210453521.7A patent/CN114840318A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115221543A (en) * | 2022-08-30 | 2022-10-21 | 成都瑞安信信息安全技术有限公司 | File service-based multi-file concurrent encryption and decryption method and system |
| CN115221543B (en) * | 2022-08-30 | 2022-11-29 | 成都瑞安信信息安全技术有限公司 | File service-based multi-file concurrent encryption and decryption method and system |
| CN115495223A (en) * | 2022-11-18 | 2022-12-20 | 安徽华云安科技有限公司 | Task safety scheduling method, device, equipment and storage medium |
| CN116339956A (en) * | 2023-05-29 | 2023-06-27 | 天翼云科技有限公司 | Distribution method and device of configuration tasks, electronic equipment and storage medium |
| CN116339956B (en) * | 2023-05-29 | 2023-10-10 | 天翼云科技有限公司 | Distribution method and device of configuration tasks, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7197612B2 (en) | Execution of auxiliary functions on on-demand network code execution systems | |
| CN114840318A (en) | Scheduling method for preempting hardware key encryption and decryption resources through multiple processes | |
| CN108139940B (en) | Management of periodic requests for computing power | |
| CN107291547B (en) | Task scheduling processing method, device and system | |
| US8424007B1 (en) | Prioritizing tasks from virtual machines | |
| US8756613B2 (en) | Scalable, parallel processing of messages while enforcing custom sequencing criteria | |
| CN112181621B (en) | Task scheduling system, method, device and storage medium | |
| EP3306866B1 (en) | Message processing method, device and system | |
| CN106411558B (en) | Method and system for limiting data flow | |
| CN106034120B (en) | method and system for multi-process access to trusted application | |
| CN104102548A (en) | Task resource scheduling processing method and task resource scheduling processing system | |
| US9507637B1 (en) | Computer platform where tasks can optionally share per task resources | |
| WO2016033755A1 (en) | Task handling apparatus and method, and electronic device | |
| CN115237556A (en) | Scheduling method and device, chip, electronic equipment and storage medium | |
| CN115167996A (en) | Scheduling method and device, chip, electronic equipment and storage medium | |
| CN111586140A (en) | Data interaction method and server | |
| WO2024164894A1 (en) | Method for traffic control and data replication, node, system, and storage medium | |
| CN111651279A (en) | Method and system for processing business process | |
| CN111767125B (en) | Task execution method, device, electronic equipment and storage medium | |
| CN116700901A (en) | Container construction and operation system and method based on microkernel | |
| CN113590333B (en) | System resource scheduling method for business engine and electronic equipment | |
| US8869171B2 (en) | Low-latency communications | |
| US12019909B2 (en) | IO request pipeline processing device, method and system, and storage medium | |
| CN113590294B (en) | Self-adaptive and rule-guided distributed scheduling method | |
| Vanga et al. | Supporting low-latency, low-criticality tasks in a certified mixed-criticality OS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |