CN115118475A - Method, device, equipment and medium for dispatching cryptographic equipment cluster - Google Patents

Method, device, equipment and medium for dispatching cryptographic equipment cluster Download PDF

Info

Publication number
CN115118475A
CN115118475A CN202210704530.9A CN202210704530A CN115118475A CN 115118475 A CN115118475 A CN 115118475A CN 202210704530 A CN202210704530 A CN 202210704530A CN 115118475 A CN115118475 A CN 115118475A
Authority
CN
China
Prior art keywords
scheduling
password
service
cryptographic device
cryptographic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210704530.9A
Other languages
Chinese (zh)
Inventor
廖成军
张建军
宋飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Westone Information Industry Inc
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202210704530.9A priority Critical patent/CN115118475A/en
Publication of CN115118475A publication Critical patent/CN115118475A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1008Server selection for load balancing based on parameters of servers, e.g. available memory or workload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a cryptographic device cluster scheduling method, a device and a medium, relating to the technical field of information security passwords, wherein the method comprises the following steps: acquiring a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster, and receiving an access request containing business transaction data initiated by a business system; sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result; and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system. By the scheme, the password equipment for processing the transaction data of the business system can be reasonably determined by analyzing the load condition of each password equipment, so that a powerful support is provided for intelligent scheduling of the password equipment cluster for the password service.

Description

Method, device, equipment and medium for dispatching cryptographic equipment cluster
Technical Field
The present invention relates to the field of information security cryptography, and in particular, to a cryptographic device cluster scheduling method, apparatus, device, and medium.
Background
With the rapid development of the national information industry, the application scale of the password service in the information business system is continuously increased, and the demand of the information business system for the password service is continuously increased. The password equipment is an infrastructure for password security in the information industry, the password service is combined with the password equipment to provide diversified password service for the outside, the security protection can be performed on key data, the confidentiality, the integrity and the non-repudiation of the key data are realized, and the security of a business system transaction process in the information industry is ensured. The existing password service technology is a bridge for establishing data transaction between a single password device and a service system, but as the scale of the informatization industry is continuously expanded, the number of password devices for providing password security support is also expanded, so that the situation that the facing of the single password device is gradually changed into the facing of the cluster scale password device exists, and the existing password service technology lacks effective password device load calculation capacity and password device scheduling strategy exists.
In summary, how to analyze the load condition of the cryptographic device and implement the cryptographic service to reasonably schedule the cryptographic device cluster is a problem to be solved in the field.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method, an apparatus, a device and a medium for scheduling a cryptographic device cluster, which can analyze a cryptographic device load condition and implement a cryptographic service to perform reasonable scheduling on the cryptographic device cluster. The specific scheme is as follows:
in a first aspect, the present application discloses a cryptographic device cluster scheduling method, applied to a cryptographic service platform, including:
acquiring a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster, and receiving an access request containing business transaction data initiated by a business system;
sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result;
and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system.
Optionally, before the obtaining of the scheduling policy sent by the scheduling service based on the load amount of the cryptographic device cluster, the method further includes:
and starting a timing task, initiating a scheduling policy acquisition request to a scheduling service so that the scheduling service receives and processes the scheduling policy acquisition request, and generating a scheduling policy based on monitoring information in a cache.
Optionally, before the starting the timing task and initiating a request for obtaining a scheduling policy to a scheduling service, the method further includes:
and starting a timing task through a scheduling service, acquiring monitoring information of the password equipment, and then summarizing and caching the monitoring information.
Optionally, the obtaining of the scheduling policy sent by the scheduling service based on the load amount of the cryptographic device cluster includes:
and acquiring a scheduling policy which is sent by the scheduling service based on the load of the cryptographic device cluster and contains any one or more of an index value of a local master key in the current cryptographic device, a port corresponding to the current accessible cryptographic device, a current accessible service system identifier, a group identifier to which the current cryptographic device belongs and an IP address of the current cryptographic device in an idle state.
Optionally, before sending the service transaction data to the cryptographic device through the target connection pool determined based on the scheduling policy, the method further includes:
and creating a connection pool for data transmission with the cryptographic device cluster.
Optionally, the cryptographic device cluster scheduling method further includes:
and sending a heartbeat detection request for detecting the state of the password equipment and the state of the target connection pool to the password equipment at regular time, and acquiring heartbeat response information returned by the password equipment aiming at the heartbeat detection request.
Optionally, after obtaining the heartbeat response information returned by the cryptographic device for the heartbeat detection request, the method further includes:
if the heartbeat response information represents that the state of the password equipment is abnormal, maintaining the password equipment;
and/or if the heartbeat response information represents that the state of the target connection pool is abnormal, performing maintenance processing on the target connection pool.
In a second aspect, the present application discloses a cryptographic device cluster scheduling apparatus, which is applied to a cryptographic service platform, and includes:
the policy acquisition module is used for acquiring a scheduling policy sent by the scheduling service based on the load of the cryptographic equipment cluster;
the request receiving module is used for receiving an access request which is initiated by a service system and contains service transaction data;
the data sending module is used for sending the business transaction data to the password equipment through a target connection pool determined based on the scheduling strategy so that the password equipment receives the business transaction data to perform transaction processing to obtain a transaction result;
and the result returning module is used for receiving the transaction result returned by the password equipment and sending the transaction result to the service system.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing said computer program for implementing the steps of the cryptographic device cluster scheduling method as disclosed in the foregoing.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program realizes the steps of the cryptographic device cluster scheduling method as disclosed in the foregoing when executed by a processor.
Therefore, the method includes the steps that firstly, a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster is obtained, and an access request which is initiated by a service system and contains service transaction data is received; sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result; and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system. Therefore, the password equipment used for processing the transaction data of the business system can be reasonably determined based on the acquired scheduling strategy sent by the scheduling service, and because the scheduling strategy is determined based on the load of the password equipment cluster by the scheduling service, the password equipment with lower load is timely called by analyzing the load condition of each password equipment, the transaction data is sent and the transaction result is received through the target connection pool, and powerful support is provided for the password service to realize intelligent scheduling of the password equipment cluster.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a cryptographic device cluster scheduling method disclosed in the present application;
fig. 2 is a schematic diagram of a cryptographic device cluster scheduling structure disclosed in the present application;
fig. 3 is a flowchart of a specific cryptographic device cluster scheduling method disclosed in the present application;
fig. 4 is a flowchart of a specific cryptographic device cluster scheduling method disclosed in the present application;
fig. 5 is a flowchart of a specific cryptographic device cluster scheduling method disclosed in the present application;
fig. 6 is a schematic structural diagram of a cryptographic device cluster scheduling apparatus disclosed in the present application;
fig. 7 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The existing password service technology is a bridge for establishing data transaction between a single password device and a service system, but along with the continuous expansion of the scale of the informatization industry, the number of password devices for providing password security support is expanded, so that the situation that the single password device is gradually changed into the password device facing the cluster scale is changed, and the existing password service technology lacks effective password device load calculation capacity and a password device scheduling strategy.
Therefore, the application correspondingly provides a cryptographic device cluster scheduling scheme, which can analyze the load condition of the cryptographic device and reasonably schedule the cryptographic device cluster by the cryptographic service.
Referring to fig. 1, an embodiment of the present invention discloses a cryptographic device cluster scheduling method, which is applied to a cryptographic service platform, and includes:
step S11: and acquiring a scheduling strategy sent by the scheduling service based on the load of the cryptographic equipment cluster, and receiving an access request containing business transaction data initiated by a business system.
In this embodiment, before the obtaining of the scheduling policy sent by the scheduling service based on the load of the cryptographic device cluster, the method further includes: and starting a timing task, initiating a request for obtaining a scheduling policy to a scheduling service so that the scheduling service receives and processes the request for obtaining the scheduling policy, and generating the scheduling policy based on the monitoring information in the cache.
In this embodiment, before the starting the timing task and initiating a request for obtaining a scheduling policy to a scheduling service, the method further includes: and starting a timing task through a scheduling service, acquiring monitoring information of the password equipment, and then summarizing and caching the monitoring information. Referring to the schematic structural diagram shown in fig. 2, the scheduling service is responsible for calculating the current load of the cryptographic device in real time, and generating the cryptographic device scheduling policy according to the current load. Meanwhile, the dispatching service is responsible for dynamic lateral expansion of the cryptographic device cluster, dynamic online of the cryptographic devices and automatic fault isolation. The password service completes real-time scheduling and dynamic access control of the password equipment cluster according to the password equipment scheduling strategy, provides diversified password services for the external business system based on the password equipment, can perform security protection on sensitive data, realizes confidentiality, integrity and non-repudiation of the sensitive data, and ensures the security of the business system transaction process in the information industry. The cryptographic equipment is an infrastructure of cryptographic service, and provides a safe, legal and effective cryptographic operation function for the upper-layer cryptographic service in a cryptographic equipment cluster mode.
Step S12: and sending the business transaction data to the password equipment through a target connection pool determined based on the scheduling strategy so that the password equipment receives the business transaction data to perform transaction processing to obtain a transaction result.
It can be understood that, in this embodiment, before sending the service transaction data to the cryptographic device through the target connection pool determined based on the scheduling policy, the method further includes: and creating a connection pool for data transmission with the cryptographic device cluster. Connection pooling is a technique for creating and managing a buffer pool of connections, created in advance for use by any thread that needs them. It should be noted that the scheduling policy includes the load amount of each cryptographic device in the current cryptographic device cluster, and when the service transaction data needs to be processed, the cryptographic device with the lowest load amount may be selected to process the transaction data.
Step S13: and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system.
In this embodiment, after the cryptographic device processes the transaction data, a transaction result is obtained, and the transaction result is returned to the cryptographic service platform, and then the cryptographic service platform returns the transaction result to the business system.
Therefore, the method includes the steps that firstly, a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster is obtained, and an access request which is initiated by a service system and contains service transaction data is received; sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result; and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system. Therefore, the password equipment used for processing the transaction data of the business system can be reasonably determined based on the acquired scheduling strategy sent by the scheduling service, and because the scheduling strategy is determined based on the load of the password equipment cluster by the scheduling service, the password equipment with lower load is timely called by analyzing the load condition of each password equipment, the transaction data is sent and the transaction result is received through the target connection pool, and powerful support is provided for the password service to realize intelligent scheduling of the password equipment cluster.
Referring to fig. 3, the embodiment of the present invention discloses a specific cryptographic device cluster scheduling method, and this embodiment further describes and optimizes the technical solution with respect to the previous embodiment. Specifically, the method comprises the following steps:
step S21: and acquiring a scheduling strategy sent by a scheduling service based on the load of the cryptographic equipment cluster, and receiving an access request which is initiated by a service system and contains service transaction data.
Step S22: and sending the business transaction data to the password equipment through a target connection pool determined based on the scheduling strategy so that the password equipment receives the business transaction data to perform transaction processing to obtain a transaction result.
Step S23: and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system.
Step S24: and sending a heartbeat detection request for detecting the state of the password equipment and the state of the target connection pool to the password equipment at regular time, and acquiring heartbeat response information returned by the password equipment aiming at the heartbeat detection request.
In this embodiment, after obtaining the heartbeat response information returned by the cryptographic device for the heartbeat detection request, the method further includes: if the heartbeat response information represents that the state of the password equipment is abnormal, maintaining the password equipment; and/or if the heartbeat response information represents that the state of the target connection pool is abnormal, performing maintenance processing on the target connection pool. It can be understood that, when the state of the cryptographic device is abnormal, the cryptographic service can automatically isolate and off-shelf process the abnormal cryptographic device without restarting, so that the scheduling service generates a new reasonable scheduling policy based on the acquired monitoring information of the cryptographic device, and the transaction process of the upper business system is not affected.
For more specific working processes of the steps S21, S22, and S23, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, in the service transaction process, when a certain password device in the cluster has an abnormal fault, the password service can automatically remove the cluster from the password device with the abnormal fault under the condition of not restarting, so that the automatic isolation and off-shelf maintenance of the password device with the abnormal fault are realized, the service transaction interruption caused by the abnormal fault of the certain password device in the cluster is effectively avoided, and the continuity and stability of the service transaction process are ensured.
Referring to fig. 4, an embodiment of the present invention discloses a specific cryptographic device cluster scheduling method, including:
step S31: and acquiring a scheduling policy of any one or more information of an index value containing a local master key in the current password device, a port corresponding to the current accessible password device, a current accessible service system identifier, a group identifier of the current password device and an IP address of the current password device in an idle state, which is sent by the scheduling service based on the password device cluster load.
In this embodiment, the scheduling policy information is represented in json (JavaScript Object Notation) format, status is 0, status indicates that the acquisition is successful, the time field indicates the acquisition time, the data array includes addresses of cryptographic devices used by different services before the scheduling policy is acquired next time, where the data array includes an index value (lmk) of a local master key in the current cryptographic device, a port (port) corresponding to the current accessible cryptographic device, a currently accessible service system identifier (appld), a group identifier (group) to which the current cryptographic device belongs, and an IP (Internet Protocol) address (IP) of the cryptographic device currently in an idle state, for example, the scheduling service successfully acquires monitoring information of the cryptographic device when time is 2021-03-1715: 15:16.442, generates the scheduling policy, where the current scheduling policy includes two accessible cryptographic devices, lmk of the first cryptographic device is "136", port is "6666", group is "123", ip is "192.168.6.57" and app is AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, lmk of the second cryptographic device is "136", port is "6666", group is "456", ip is "192.168.6.58" and app is 4AA8A3E4DB8343C194C7C587A9DEE 49B.
It can be understood that the cryptographic service can dynamically create or break the connection between the specified cryptographic devices, support the dynamic lateral expansion of the cryptographic device cluster, and reasonably solve the problem of dynamic expansion of the cryptographic devices. When the password equipment in the cluster expands, the password service can support the dynamic online of the newly-added password equipment without restarting, the password service scheduling is automatically received, and the newly-added and dynamic online processes of the password equipment are insensitive to upper-layer users.
Step S32: an access request initiated by a business system containing business transaction data is received.
Step S33: and sending the business transaction data to the password equipment through a target connection pool determined based on the scheduling strategy so that the password equipment receives the business transaction data to perform transaction processing to obtain a transaction result.
Step S34: and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system.
For more specific working processes of the steps S32, S33, and S34, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the scheduling service platform acquires the monitoring information of the cryptographic device cluster, knows the working state of the cryptographic device cluster in time, searches the cryptographic device with the lowest current load capacity according to the service type, the cryptographic device grouping and other information, generates the cryptographic device scheduling strategy and provides support for intelligent scheduling of the cryptographic device cluster for the cryptographic service. The password service can dynamically establish or disconnect the connection between the appointed password devices, dynamically maintain a connection pool in the password device cluster, realize the dynamic transverse expansion of the password device cluster, and effectively solve the problem of dynamic capacity expansion of the password devices.
The following describes the technical solution of the present application with reference to fig. 5 as an example. The scheduling service platform starts a timing task, acquires password equipment monitoring information returned by the password equipment (cluster), and then collects and caches the monitoring information and calculates the connection occupancy rate; the method comprises the steps that a password service starts a timing task, a scheduling strategy which is sent by the scheduling service based on the load of a password device cluster and contains any one or more of an index value of a local master key in current password devices, a port corresponding to the current accessible password device, a current accessible service system identifier and a grouping identifier of the current password devices is obtained, when the service system initiates an access request, the request is received, a connection pool of the password devices is determined according to the scheduling strategy, then service transaction data are sent to the password devices through the connection pool, so that the password devices can perform transaction processing and return transaction results, and the password service platform sends the returned transaction results to the service system to complete the data transaction. In the process, the password service platform sends heartbeat requests to the password equipment at regular time or periodically to detect whether the states of the password equipment and the connection pool are abnormal, and when the heartbeat response information returned based on the states of the password equipment and the connection pool shows that the states are abnormal, corresponding maintenance processing is carried out.
Referring to fig. 6, an embodiment of the present invention discloses a specific cryptographic device cluster scheduling apparatus, which is applied to a cryptographic service platform, and includes:
the policy obtaining module 11 is configured to obtain a scheduling policy sent by a scheduling service based on a load of the cryptographic device cluster;
a request receiving module 12, configured to receive an access request containing service transaction data initiated by a service system;
the data sending module 13 is configured to send the service transaction data to the cryptographic device through a target connection pool determined based on the scheduling policy, so that the cryptographic device receives the service transaction data and performs transaction processing to obtain a transaction result;
and the result returning module 14 is configured to receive the transaction result returned by the cryptographic device, and send the transaction result to the service system.
Therefore, the method comprises the steps of firstly obtaining a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster, and receiving an access request which is initiated by a service system and contains service transaction data; sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result; and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system. Therefore, the password equipment used for processing the transaction data of the business system can be reasonably determined based on the acquired scheduling strategy sent by the scheduling service, and because the scheduling strategy is determined based on the load of the password equipment cluster by the scheduling service, the password equipment with lower load is timely called by analyzing the load condition of each password equipment, the transaction data is sent and the transaction result is received through the target connection pool, and powerful support is provided for the password service to realize intelligent scheduling of the password equipment cluster.
In some specific embodiments, the policy obtaining module 11 includes:
the request initiating unit is used for starting a timing task, initiating a request for acquiring a scheduling strategy to a scheduling service so that the scheduling service can receive and process the request for acquiring the scheduling strategy and generate the scheduling strategy based on monitoring information in a cache; and starting a timing task through a scheduling service, acquiring monitoring information of the password equipment, and then summarizing and caching the monitoring information.
And the policy obtaining unit is used for obtaining a scheduling policy which is sent by the scheduling service based on the cryptographic device cluster load and contains any one or more of an index value of a local master key in the current cryptographic device, a port corresponding to the current accessible cryptographic device, a current accessible service system identifier and a group identifier to which the current cryptographic device belongs.
In some embodiments, the request receiving module 12 includes:
and the connection pool creating unit is used for creating a connection pool for data transmission between the password equipment cluster and the connection pool.
And the state detection unit is used for sending a heartbeat detection request for detecting the state of the password device and the state of the target connection pool to the password device at regular time, and acquiring heartbeat response information returned by the password device aiming at the heartbeat detection request.
The maintenance processing unit is used for performing maintenance processing on the password equipment if the heartbeat response information represents that the password equipment is abnormal in state; and/or if the heartbeat response information represents that the state of the target connection pool is abnormal, performing maintenance processing on the target connection pool.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The method specifically comprises the following steps: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is configured to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the cryptographic device cluster scheduling method executed by a computer device disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the computer device 20; the communication interface 24 can create a data transmission channel between the computer device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to acquire external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
In addition, the storage 22 is used as a carrier for storing resources, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the resources stored thereon include an operating system 221, a computer program 222, data 223, etc., and the storage may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the computer device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, which may be Windows, Unix, Linux, or the like. The computer program 222 may further comprise a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the cryptographic device cluster scheduling method performed by the computer device 20 disclosed in any of the foregoing embodiments. The data 223 may include data received by the computer device and transmitted from an external device, or may include data collected by the input/output interface 25 itself.
Further, an embodiment of the present application further discloses a storage medium, where a computer program is stored, and when the computer program is loaded and executed by a processor, the method steps executed in the cryptographic device cluster scheduling process disclosed in any of the foregoing embodiments are implemented.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above details about the cryptographic device cluster scheduling method, apparatus, device and medium provided by the present invention, and the specific examples are applied herein to explain the principle and implementation of the present invention, and the descriptions of the above examples are only used to help understanding the method and core ideas of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A cryptographic device cluster scheduling method is applied to a cryptographic service platform, and comprises the following steps:
acquiring a scheduling strategy sent by a scheduling service based on the load of a cryptographic device cluster, and receiving an access request containing business transaction data initiated by a business system;
sending the business transaction data to a password device through a target connection pool determined based on the scheduling strategy so that the password device receives the business transaction data to perform transaction processing to obtain a transaction result;
and receiving the transaction result returned by the password equipment, and sending the transaction result to the service system.
2. The method for scheduling a cryptographic device cluster according to claim 1, wherein before the obtaining of the scheduling policy sent by the scheduling service based on the load amount of the cryptographic device cluster, the method further comprises:
and starting a timing task, initiating a request for obtaining a scheduling policy to a scheduling service so that the scheduling service receives and processes the request for obtaining the scheduling policy, and generating the scheduling policy based on the monitoring information in the cache.
3. The cryptographic device cluster scheduling method of claim 2, wherein before the starting the timing task and initiating the request for obtaining the scheduling policy to the scheduling service, the method further comprises:
and starting a timing task through a scheduling service, acquiring monitoring information of the password equipment, and then summarizing and caching the monitoring information.
4. The cryptographic device cluster scheduling method of claim 1, wherein the obtaining of the scheduling policy that the scheduling service sends based on the load amount of the cryptographic device cluster comprises:
and acquiring a scheduling policy which is sent by the scheduling service based on the load of the cryptographic device cluster and contains any one or more of an index value of a local master key in the current cryptographic device, a port corresponding to the current accessible cryptographic device, a current accessible service system identifier, a group identifier to which the current cryptographic device belongs and an IP address of the current cryptographic device in an idle state.
5. The method for dispatching the cryptographic device cluster according to claim 1, wherein before sending the business transaction data to the cryptographic device through the target connection pool determined based on the dispatching policy, the method further comprises:
and creating a connection pool for data transmission with the cryptographic device cluster.
6. The cryptographic device cluster scheduling method of any of claims 1 to 5, further comprising:
and sending a heartbeat detection request for detecting the state of the password equipment and the state of the target connection pool to the password equipment at regular time, and acquiring heartbeat response information returned by the password equipment aiming at the heartbeat detection request.
7. The method for dispatching the cryptographic device cluster according to claim 6, wherein after obtaining the heartbeat response information returned by the cryptographic device for the heartbeat detection request, the method further comprises:
if the heartbeat response information represents that the state of the password equipment is abnormal, maintaining the password equipment;
and/or if the heartbeat response information represents that the state of the target connection pool is abnormal, performing maintenance processing on the target connection pool.
8. The utility model provides a cryptographic equipment cluster scheduling device which characterized in that, is applied to password service platform, includes:
the policy acquisition module is used for acquiring a scheduling policy sent by the scheduling service based on the load of the cryptographic equipment cluster;
the request receiving module is used for receiving an access request which is initiated by a service system and contains service transaction data;
the data sending module is used for sending the business transaction data to the password equipment through a target connection pool determined based on the scheduling strategy so that the password equipment receives the business transaction data to perform transaction processing to obtain a transaction result;
and the result returning module is used for receiving the transaction result returned by the password equipment and sending the transaction result to the service system.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program for carrying out the steps of the cryptographic device cluster scheduling method of any of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program realizes the steps of the cryptographic device cluster scheduling method of any one of claims 1 to 7 when executed by a processor.
CN202210704530.9A 2022-06-21 2022-06-21 Method, device, equipment and medium for dispatching cryptographic equipment cluster Pending CN115118475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210704530.9A CN115118475A (en) 2022-06-21 2022-06-21 Method, device, equipment and medium for dispatching cryptographic equipment cluster

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210704530.9A CN115118475A (en) 2022-06-21 2022-06-21 Method, device, equipment and medium for dispatching cryptographic equipment cluster

Publications (1)

Publication Number Publication Date
CN115118475A true CN115118475A (en) 2022-09-27

Family

ID=83327486

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210704530.9A Pending CN115118475A (en) 2022-06-21 2022-06-21 Method, device, equipment and medium for dispatching cryptographic equipment cluster

Country Status (1)

Country Link
CN (1) CN115118475A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097564A (en) * 2023-10-18 2023-11-21 沃通电子认证服务有限公司 Password service calling method, device, terminal equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506304A (en) * 2014-11-20 2015-04-08 成都卫士通信息产业股份有限公司 An adaptation control system and method for enhancing password device on-demand service capacity
CN107040589A (en) * 2017-03-15 2017-08-11 西安电子科技大学 The system and method for cryptographic service is provided by virtualizing encryption device cluster
CN108228316A (en) * 2017-12-26 2018-06-29 成都卫士通信息产业股份有限公司 A kind of method and apparatus of encryption device virtualization
CN109672684A (en) * 2018-12-25 2019-04-23 山东超越数控电子股份有限公司 A kind of management service system of network cryptographic machine
CN110321695A (en) * 2019-07-11 2019-10-11 成都卫士通信息产业股份有限公司 Big data system password method of servicing, device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506304A (en) * 2014-11-20 2015-04-08 成都卫士通信息产业股份有限公司 An adaptation control system and method for enhancing password device on-demand service capacity
CN107040589A (en) * 2017-03-15 2017-08-11 西安电子科技大学 The system and method for cryptographic service is provided by virtualizing encryption device cluster
CN108228316A (en) * 2017-12-26 2018-06-29 成都卫士通信息产业股份有限公司 A kind of method and apparatus of encryption device virtualization
CN109672684A (en) * 2018-12-25 2019-04-23 山东超越数控电子股份有限公司 A kind of management service system of network cryptographic machine
CN110321695A (en) * 2019-07-11 2019-10-11 成都卫士通信息产业股份有限公司 Big data system password method of servicing, device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097564A (en) * 2023-10-18 2023-11-21 沃通电子认证服务有限公司 Password service calling method, device, terminal equipment and storage medium
CN117097564B (en) * 2023-10-18 2024-02-02 沃通电子认证服务有限公司 Password service calling method, device, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109886693B (en) Consensus realization method, device, equipment and medium for block chain system
CN109783151B (en) Method and device for rule change
CN108737573A (en) A kind of distributed storage cluster and its service response control method, device and equipment
CN115118475A (en) Method, device, equipment and medium for dispatching cryptographic equipment cluster
CN109788251B (en) Video processing method, device and storage medium
CN112631800A (en) Kafka-oriented data transmission method and system, computer equipment and storage medium
CN112152879A (en) Network quality determination method and device, electronic equipment and readable storage medium
CN112363980A (en) Data processing method and device for distributed system
CN116567077A (en) Bare metal instruction sending method, device, equipment and storage medium
CN115757998A (en) Dynamic rendering method and device for power grid data
CN115525666A (en) Real-time data updating method and device, electronic equipment and storage medium
CN115686813A (en) Resource scheduling method and device, electronic equipment and storage medium
CN115174447B (en) Network communication method, device, system, equipment and storage medium
CN115801569B (en) Access rule deployment method, device, equipment, medium and cloud platform
CN113704072B (en) Method and equipment for calculating load coefficient of data center
CN115525415B (en) Data processing method, device, equipment and medium
CN113360689B (en) Image retrieval system, method, related device and computer program product
CN110262756B (en) Method and device for caching data
CN114924806A (en) Dynamic synchronization method, device, equipment and medium for configuration information
CN115665240A (en) Proxy service adding method, device, electronic equipment and storage medium
CN115756855A (en) Cluster switching method, device, terminal and storage medium
CN115203876A (en) Red and black image updating method, device, equipment and medium
CN115470193A (en) Radar data simulation method, device, equipment and medium
CN115907779A (en) Transaction proposal verification method, device, server and storage medium
CN114115718A (en) Distributed block storage system service quality control method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination