CN115941600A - Message distribution method, system and computer readable storage medium - Google Patents
Message distribution method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN115941600A CN115941600A CN202310241352.5A CN202310241352A CN115941600A CN 115941600 A CN115941600 A CN 115941600A CN 202310241352 A CN202310241352 A CN 202310241352A CN 115941600 A CN115941600 A CN 115941600A
- Authority
- CN
- China
- Prior art keywords
- target
- encrypted
- processor
- message data
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a message distribution method, a system and a computer readable storage medium, wherein the method is applied to a receiving end and comprises the following steps: receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in a preset processor set based on the encrypted field, and distributing the encrypted message data to a waiting queue corresponding to the target processor. The invention determines the target processor corresponding to the encrypted message data without decryption by extracting the encrypted field of the encrypted message data, and distributes the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of a receiving end in distributing the encrypted message data, reducing the possibility of causing the encrypted message data to be blocked and improving the network bandwidth performance.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and a system for message distribution and a computer-readable storage medium.
Background
Distributed collaborative network simulation verification platforms have become a research hotspot of various countries in the world and a development trend of network target range technology, and the platforms enter a large-scale distributed platform construction stage at present in order to more effectively perform collaborative work and resource sharing. The platforms are interconnected through a special line, the Internet and other modes, wherein the connection through the Internet is a relatively universal mode. Different platforms establish a safe encryption tunnel on the Internet through gateway equipment, encrypted message data between federal targets are transmitted on the encryption tunnel, the target station gateway equipment receives the encrypted message data, firstly decrypts the encrypted message data, then obtains values of an IP address, a protocol and a port in the decrypted message data, and sends the decrypted message data to a target host from different physical interfaces based on the values and a routing forwarding rule.
The existing method needs to decrypt when the receiver receives the encrypted message data, so as to determine the destination host corresponding to the encrypted message data, which can cause the efficiency of the receiver in shunting the encrypted message to be reduced, and can easily cause the message data to be blocked, thereby reducing the network bandwidth performance.
Therefore, how to improve the message transmission efficiency and the network bandwidth performance is an urgent problem to be solved.
Disclosure of Invention
The invention mainly aims to provide a message distribution method, a message distribution system and a computer readable storage medium, and aims to solve the problem of how to improve the message transmission efficiency and the network bandwidth performance.
In order to achieve the above object, the present invention provides a packet offloading method, which is applied to receiving, and includes the following steps:
receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and determining a target processor in a preset processor set based on the encrypted field, and shunting the encrypted message data to a waiting queue corresponding to the target processor.
Optionally, the step of determining a target processor in a preset set of processors based on the encrypted field comprises:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
Optionally, the step of determining a target processor in a preset processor set according to the first target hash value includes:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Optionally, the step of obtaining a first current usage rate of the first preprocessor and comparing the first current usage rate with a preset usage rate threshold includes:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field are obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Optionally, the step of determining a target processor in a preset set of processors according to the first current usage rate and the second target hash value includes:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, taking the first preprocessor as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Optionally, after the step of distributing the encrypted packet data to the waiting queue corresponding to the target processor, the method includes:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out relevant processing on the decrypted message data through the target processor.
In addition, the message distribution method is applied to a sending end, and comprises the following steps:
acquiring message data to be transmitted and a public key of the receiving end;
encrypting the address and the port number of a target processor of the message data to be sent based on the public key to obtain encrypted message data;
and sending the encrypted message data to the receiving end.
Optionally, the step of encrypting, based on the public key, the destination processor address and the destination processor port number of the message data to be sent includes:
encrypting the address of the target processor of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
and encrypting the address of the target processor of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
In addition, to achieve the above object, the present invention further provides a message distribution device, where the message distribution device is applied to a receiving end, and the message distribution device includes:
the receiving module is used for receiving encrypted message data sent by a sending end and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and the determining module is used for determining a target processor in a preset processor set based on the encrypted field and distributing the encrypted message data to a waiting queue corresponding to the target processor.
Further, the determining module is further configured to:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
Further, the determining module is further configured to:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Further, the determining module is further configured to:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field are obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Further, the determining module is further configured to:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, taking the first preprocessor as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Further, the determining module further comprises a processing module, the processing module is configured to:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out relevant processing on the decrypted message data through the target processor.
In addition, to achieve the above object, the present invention further provides another packet splitting device, where the packet splitting device is applied to a sending end, and the packet splitting device includes:
the acquisition module is used for acquiring message data to be transmitted and a public key of the receiving end;
an obtaining module, configured to encrypt a target processor address and a target processor port number of the to-be-sent message data based on the public key to obtain encrypted message data;
and the sending module is used for sending the encrypted message data to the receiving end.
Further, the obtaining module is further configured to:
encrypting the address of the target processor of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
and encrypting the address of the target processor of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
In addition, to achieve the above object, the present invention further provides a packet offloading system, including: the message distribution method comprises a memory, a processor and a message distribution program which is stored on the memory and can run on the processor, wherein the message distribution program realizes the steps of the message distribution method when being executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer-readable storage medium, where a message distribution program is stored, and when executed by a processor, the message distribution program implements the steps of the message distribution method described above.
The message distribution method provided by the invention comprises the steps of receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of a receiving end; and determining a target processor in a preset processor set based on the encrypted field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. The invention determines the target processor corresponding to the encrypted message data without decryption by extracting the encrypted field of the encrypted message data, and distributes the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of a receiving end in distributing the encrypted message data, reducing the possibility of causing the encrypted message data to be blocked and improving the network bandwidth performance.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a packet offloading method according to a first embodiment of the present invention;
fig. 3 is a flowchart illustrating a message distribution method according to a second embodiment of the present invention;
fig. 4 is a flowchart illustrating a packet offloading method according to a third embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
The device of the embodiment of the invention can be a PC or a server device.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the apparatus shown in fig. 1 is not intended to be limiting of the apparatus and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a message distribution program.
The operating system is a program for managing and controlling the portable message distribution system and software resources, and supports the operation of a network communication module, a user interface module, a message distribution program and other programs or software; the network communication module is used for managing and controlling the network interface 1002; the user interface module is used to manage and control the user interface 1003.
In the packet diversion system shown in fig. 1, the packet diversion system calls, through the processor 1001, a packet diversion program stored in the memory 1005 and performs operations in the following embodiments of the packet diversion method.
Based on the above hardware structure, the embodiment of the message distribution method of the present invention is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of a packet offloading method of the present invention, where the method includes:
step S10, receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and S20, determining a target processor in a preset processor set based on the encrypted field, and distributing the encrypted message data to a waiting queue corresponding to the target processor.
The message distribution method of the embodiment is applied to a receiving end of a message distribution system, the message distribution system further comprises a sending end, the receiving end and the sending end can be intelligent terminals or PC equipment and the like, and for convenience of description, the receiving end is taken as an example for description; the receiving end receives encrypted message data sent by the sending end and acquires an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; the receiving end obtains first target encrypted data in the encrypted field, and calculates a first target hash value according to a preset hash function and the first target encrypted data; the receiving end determines a first preprocessor in a preset processor set according to the first target hash value, acquires a first current utilization rate of the first preprocessor, and compares the first current utilization rate with a preset utilization rate threshold value; and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor and shunting the encrypted message data to a waiting queue corresponding to the target processor. It should be noted that the encrypted message data is encrypted message data that is based on a WireGuard Protocol and encapsulated by using UDP, the WireGuard Protocol is a Virtual Private Network (VPN) Protocol, UDP is an abbreviation of User data Protocol, and a chinese name is a User Datagram Protocol, which is a connectionless transport layer Protocol.
The message distribution method of the embodiment receives encrypted message data sent by a sending end, and obtains an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in the preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. The invention determines the target processor corresponding to the encrypted message data without decryption by extracting the encrypted field of the encrypted message data, and distributes the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of a receiving end in distributing the encrypted message data, reducing the possibility of causing the encrypted message data to be blocked and improving the network bandwidth performance.
The respective steps will be described in detail below:
step S10, receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
in this embodiment, a receiving end and a sending end are interconnected through a dedicated line, the internet and other modes, the sending end firstly determines an object needing to send message data, namely, the receiving end, the sending end obtains a public key of the receiving end, encrypts the message data to be sent based on the public key to obtain encrypted message data, and then sends the encrypted message data to the receiving end, after the receiving end receives the encrypted message data sent by the sending end, the receiving end analyzes the encrypted message data to obtain an encrypted field in the encrypted message data, and the encrypted field is encrypted data in a message header in the encrypted message data; it should be noted that, the sending end performs homomorphic encryption on the message data to be sent based on the public key of the receiving end to obtain encrypted message data; homomorphic encryption is a special form of encryption that allows a particular form of algebraic operation on ciphertext to produce a result that is still encrypted and the same result as the same operation on plaintext, in other words, this technique allows operations such as retrieval, comparison, etc. to be performed on the encrypted data to produce the correct result without decrypting the data throughout the process.
And S20, determining a target processor in a preset processor set based on the encrypted field, and distributing the encrypted message data to a waiting queue corresponding to the target processor.
In this embodiment, after acquiring an encrypted field of encrypted message data, a receiving end determines a target processor in a preset processor set based on the encrypted field, and distributes the encrypted message data to a waiting queue corresponding to the target processor; it should be noted that the number of processors at the receiving end is determined, one processor corresponds to one waiting queue, that is, the number of waiting queues is also determined, the receiving end homomorphically encrypts the address of each processor and the port number of the waiting queue corresponding to each processor based on its own public key and stores the addresses and the port numbers in the data structure to obtain a preset processor set, the receiving end and the sending end homomorphically encrypts data based on the same method, the receiving end calculates a ciphertext result based on the encryption field, and the ciphertext result is compared with the encrypted data in the preset processor set, so that the target processor corresponding to the encrypted message data can be determined.
Further, the step of determining a target processor in a preset set of processors based on the encrypted field comprises:
step S201, acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
in the step, a receiving end acquires first target encrypted data in an encrypted field, and calculates a first target hash value according to a preset hash function and the first target encrypted data; specifically, the encrypted field includes all encrypted data in a header of the encrypted message data, and the format of the header is as follows: the type field is used for indicating the type of the encrypted message data, the reserved field is a reserved field, the receiver field represents a receiver of the encrypted message data, the sending end conducts homomorphic encryption on the address of a target processor which receives the encrypted message data based on a public key of the receiving end and fills the address into the receiver field, the port number of a waiting queue corresponding to the target processor which receives the encrypted message data is conducted homomorphic encryption on the port number of the waiting queue based on the public key of the receiving end and fills the received field, the first target encrypted data in the encrypted field acquired by the receiving end is the encrypted data in the receiver field, and the first target hash value is calculated according to a preset hash function and the first target encrypted data.
For example, the preset hash function may be an addition hash or a multiplication hash, and the receiving end calculates the first target encrypted data, that is, the encrypted data of the address of the target processor, by the addition hash or the multiplication hash to obtain a first target hash value.
Step S202, determining a target processor in a preset processor set according to the first target hash value.
In the step, after a receiving end calculates a first target hash value, a target processor is determined in a preset processor set according to the first target hash value; specifically, the receiving end performs complementation on the first target hash value to obtain a first target remainder, compares the first target remainder with address encryption data corresponding to each processor in the preset processor set, and further determines a target processor in the preset processor set.
Further, the step of determining a target processor in a preset set of processors according to the first target hash value includes:
step S2021, determining a first preprocessor in a preset processor set according to the first target hash value;
in this step, after the receiving end calculates the first target hash value, a first preprocessor is determined in a preset processor set according to the first target hash value; specifically, the receiving end performs complementation on the first target hash value to obtain a first target remainder, compares the first target remainder with address encryption data corresponding to each processor in a preset processor set, and uses a processor with the address encryption data being the same as the first target remainder as a first preprocessor.
Step S2022, acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold value;
in the step, a receiving end obtains a first current utilization rate of a first preprocessor and compares the first current utilization rate with a preset utilization rate threshold value; specifically, the receiving end acquires the current utilization rate corresponding to each processor in the preset processor set in real time, takes the homomorphic encryption result of the serial number corresponding to each processor as a key, takes the utilization rate in the preset processor set as a value, and writes the value into an eBPF Map, wherein the eBPF Map is a universal data structure for storing different types of data, and provides functions of user-mode and kernel-mode data interaction, data storage, multi-program shared data and the like; the receiving end can obtain the first current utilization rate of the first preprocessor through the eBPF Map, and compares the first current utilization rate with a preset utilization rate threshold value.
Step S2023, if the first current usage rate is smaller than the preset usage rate threshold, using the first preprocessor as a target processor.
In this step, if the receiving end determines that the first current utilization rate is smaller than a preset utilization rate threshold, the receiving end takes the first preprocessor as a target processor; illustratively, the preset utilization rate threshold is 80%, and if the first current utilization rate is less than 80%, it indicates that the utilization rate of the first preprocessor is low and the load is low, and the first preprocessor may be used as a target processor, and the encrypted message data is shunted to a waiting queue corresponding to the target processor.
Further, after the step of distributing the encrypted message data to the waiting queue corresponding to the target processor, the method includes:
step a, acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and b, carrying out related processing on the decrypted message data through the target processor.
In the steps from a to b, the receiving end obtains the encrypted message data in the waiting queue through the target processor, checks the encrypted message data, and decrypts the encrypted message data subjected to the check based on the private key to obtain decrypted message data; and carrying out relevant processing such as forwarding on the decrypted message data through the target processor.
The receiving end of the embodiment receives encrypted message data sent by the sending end, and obtains an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in the preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. By extracting the encrypted field of the encrypted message data, the target processor corresponding to the encrypted message data is determined under the condition of not decrypting, and the encrypted message data is distributed to the waiting queue corresponding to the target processor, so that the efficiency of a receiving end in distributing the encrypted message data is improved, the possibility of causing the encrypted message data to be blocked is reduced, and the network bandwidth performance is improved.
Further, referring to fig. 3, a second embodiment of the packet offloading method according to the present invention is provided based on the first embodiment of the packet offloading method according to the present invention.
The second embodiment of the message splitting method is different from the first embodiment of the message splitting method in that the step of obtaining the first current usage rate of the first preprocessor and comparing the first current usage rate with the preset usage rate threshold includes:
step S2024, if the first current usage rate is not less than the preset usage rate threshold, obtaining second target encrypted data in the encrypted field, calculating a second target hash value according to the preset hash function, the first target encrypted data, and the second target encrypted data, and determining a target processor in a preset processor set according to the first current usage rate and the second target hash value.
In this embodiment, after comparing the first current usage rate with the preset usage rate threshold, if it is determined that the first current usage rate is not less than the preset usage rate threshold, the receiving end obtains second target encrypted data in the encrypted field, calculates a second target hash value according to the preset hash function, the first target encrypted data, and the second target encrypted data, and determines a target processor in the preset processor set according to the first current usage rate and the second target hash value. Specifically, the second target encrypted data in the encrypted field is a reserved field in a packet header of the encrypted packet data, the preset hash function may be an addition hash or a multiplication hash, the receiving end calculates the first target encrypted data and the second target encrypted data through the addition hash or the multiplication hash to obtain a second target hash value, and determines the target processor in the preset processor set according to the first current usage rate and the second target hash value.
Further, the step of determining a target processor in a preset set of processors according to the first current utilization rate and the second target hash value includes:
step S20241, determining a second preprocessor in the preset processor set according to the second target hash value;
in the step, the receiving end determines a second preprocessor in a preset processor set according to a second target hash value; specifically, the receiving end performs complementation on the second target hash value to obtain a second target remainder, compares the second target remainder with the address encrypted data corresponding to each processor in the preset processor set, and further determines a second preprocessor in the preset processor set.
Step S20242, acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
in the step, the receiving end obtains a second current utilization rate of the second preprocessor and compares the second current utilization rate with the first current utilization rate; specifically, a receiving end acquires the current utilization rate corresponding to each processor in a preset processor set in real time, takes the homomorphic encryption result of the serial number corresponding to each processor as a key, takes the utilization rate in the preset processor set as a value, and writes the value into an eBPF Map, wherein the eBPF Map is a universal data structure for storing different types of data, and provides functions of user-mode and kernel-mode data interaction, data storage, multi-program shared data and the like; the receiving end can obtain the second current utilization rate of the second preprocessor through the eBPF Map, and compare the second current utilization rate with the second current utilization rate.
Step S20243, if the first current utilization rate is smaller than the second current utilization rate, taking the first preprocessor as a target processor;
step S20244, if the second current utilization rate is smaller than the first current utilization rate, the second preprocessor is used as a target processor.
In steps S20243 to S20244, if the receiving end determines that the first current usage rate is smaller than the second current usage rate, it indicates that the usage rate of the first preprocessor is low, the load is low, the first preprocessor can be used as a target processor, and the encrypted packet data is shunted to a waiting queue corresponding to the target processor; if the second current utilization rate is determined to be smaller than the first current utilization rate, the utilization rate and the load of the second preprocessor are low, the second preprocessor can be used as a target processor, and the encrypted message data can be distributed to a waiting queue corresponding to the target processor.
Further, if the second current usage rate and the second current usage rate are not less than the preset usage rate threshold, at this time, the receiving end may select a processor with the lowest usage rate from the preset processor set as the target processor, distribute the encrypted message data to the waiting queue corresponding to the target processor, and send the address corresponding to the target processor to the matching sending end.
If the receiving end determines that the first current utilization rate is not less than the preset utilization rate threshold, the receiving end obtains second target encrypted data in the encrypted field, calculates a second target hash value according to a preset hash function, the first target encrypted data and the second target encrypted data, and determines a target processor in a preset processor set according to the first current utilization rate and the second target hash value. The final target processor is determined through the utilization rates of the two preprocessors, and the problem that the encrypted message data are unevenly distributed due to overlarge flow of a certain processor is solved, so that the efficiency of a receiving end in distributing the encrypted message data is improved, the possibility of causing the encrypted message data to be blocked is reduced, and the network bandwidth performance is improved.
Further, referring to fig. 4, a third embodiment of the packet offloading method according to the present invention is proposed based on the first embodiment and the second embodiment of the packet offloading method according to the present invention.
The third embodiment of the message splitting method is different from the first and second embodiments of the message splitting method in that the message splitting method is applied to a sending end, and the message splitting method includes the following steps:
step S30, obtaining message data to be sent and a public key of the receiving end;
in this embodiment, a sending end obtains message data to be sent and a public key of a receiving end; specifically, the message data to be sent may be generated by the sending end, or may also be data sent by other sending ends received by the sending end; the receiving end and the sending end are interconnected through a special line, the Internet and other modes, and the sending end sends an acquisition instruction to the receiving end after determining the corresponding receiving end, so as to acquire the public key of the receiving end.
Step S40, based on the public key, encrypting the address and port number of the target processor of the message data to be sent to obtain encrypted message data;
in this embodiment, after receiving the public key of the receiving end, the sending end encrypts a target processor address and a target processor port number corresponding to the message data to be sent based on the public key to obtain encrypted message data; it should be noted that the address of the target processor corresponding to the message data to be sent refers to an address of a processor in the receiving end that processes the encrypted message data corresponding to the message data to be sent, and the port number of the target processor refers to a port number corresponding to a waiting queue of the processor in the receiving end that processes the encrypted message data corresponding to the message data to be sent.
Further, step S40 includes:
step S401, based on the public key, encrypting the address of the target processor of the message data to be sent to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
step S402, based on the public key, encrypting the address of the target processor of the message data to be sent to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
In steps S401 to S402, the sending end performs homomorphic encryption on an address of a target processor to send message data based on a public key of the receiving end to obtain first target encrypted data, fills the first target encrypted data into a receiver field in a message header of the message data to be sent, performs homomorphic encryption on a port number of the target processor to send the message data based on the public key of the receiving end to obtain second target encrypted data, and fills the second target encrypted data into a reserved field in the message header of the message data to be sent, further performs homomorphic encryption on the whole message data to be sent based on the public key of the receiving end, and obtains encrypted message data corresponding to the message data based on the receiver field in the message header, the reserved field in the message header, and the data after the homomorphic encryption on the whole message data to be sent.
Step S50, the encrypted message data is sent to the receiving end.
In this step, the sending end sends the encrypted message data to the receiving end through the dedicated line and the internet connection between the receiving end and the sending end.
Acquiring message data to be sent and a public key of a receiving end at a sending end of the embodiment; based on the public key, encrypting the address and the port number of a target processor of the message data to be sent to obtain encrypted message data; and sending the encrypted message data to a receiving end. By carrying out homomorphic encryption on the address and the port number of the target processor, the sending end and the receiving end use the same homomorphic encryption method, so that the receiving end can determine the target processor corresponding to the encrypted message data only by comparing ciphertext results, the encrypted message data distribution is realized, the efficiency of the receiving end in distributing the encrypted message data is further improved, the possibility of causing the encrypted message data to be blocked is reduced, and the network bandwidth performance is improved.
The invention also provides a message shunting device, which is applied to a receiving end and comprises:
the receiving module is used for receiving encrypted message data sent by a sending end and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and the determining module is used for determining a target processor in a preset processor set based on the encrypted field and shunting the encrypted message data to a waiting queue corresponding to the target processor.
Further, the determining module is further configured to:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
Further, the determining module is further configured to:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Further, the determining module is further configured to:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field are obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Further, the determining module is further configured to:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, taking the first preprocessor as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Further, the determining module further comprises a processing module, the processing module is configured to:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out relevant processing on the decrypted message data through the target processor.
The invention also provides another message shunting device, which is applied to a sending end and comprises:
the acquisition module is used for acquiring message data to be transmitted and a public key of the receiving end;
an obtaining module, configured to encrypt, based on the public key, a target processor address and a target processor port number of the to-be-sent message data to obtain encrypted message data;
and the sending module is used for sending the encrypted message data to the receiving end.
Further, the obtaining module is further configured to:
encrypting the address of the target processor of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
and encrypting the address of the target processor of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
The invention also provides a message distribution system.
The message distribution system of the invention comprises: the message distribution method comprises a memory, a processor and a message distribution program which is stored on the memory and can run on the processor, wherein when the message distribution program is executed by the processor, the message distribution method comprises the steps of the message distribution method.
The method implemented when the message distribution program running on the processor is executed may refer to each embodiment of the message distribution method of the present invention, and details are not described here.
The invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention stores a message distribution program, and when the message distribution program is executed by a processor, the message distribution program implements the steps of the message distribution method described above.
The method implemented when the message distribution program running on the processor is executed may refer to each embodiment of the message distribution method of the present invention, and details are not described here again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A message distribution method is characterized in that the message distribution method is applied to a receiving end, and the message distribution method comprises the following steps:
receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and determining a target processor in a preset processor set based on the encrypted field, and distributing the encrypted message data to a waiting queue corresponding to the target processor.
2. The message splitting method as claimed in claim 1, wherein the step of determining the target processor in the preset processor set based on the encrypted field comprises:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
3. The message splitting method according to claim 2, wherein the step of determining the target processor in the preset processor set according to the first target hash value includes:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
4. The message splitting method according to claim 3, wherein the step of obtaining the first current usage rate of the first preprocessor and comparing the first current usage rate with a preset usage rate threshold value comprises:
if the first current utilization rate is not less than the preset utilization rate threshold, second target encrypted data in the encrypted field are obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
5. The message splitting method according to claim 4, wherein the step of determining the target processor in the preset processor set according to the first current usage rate and the second target hash value comprises:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, taking the first preprocessor as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
6. The message splitting method according to claim 1, wherein after the step of splitting the encrypted message data into the waiting queue corresponding to the target processor, the method comprises:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out relevant processing on the decrypted message data through the target processor.
7. The message distribution method according to claim 1, wherein the message distribution method is applied to a sending end, and the message distribution method includes the following steps:
acquiring message data to be sent and a public key of the receiving end;
encrypting the address and the port number of a target processor of the message data to be sent based on the public key to obtain encrypted message data;
and sending the encrypted message data to the receiving end.
8. The message splitting method according to claim 7, wherein the step of encrypting the destination processor address and the destination processor port number of the message data to be sent based on the public key comprises:
encrypting the address of the target processor of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
and encrypting the address of the target processor of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
9. A message distribution system, comprising: a memory, a processor, and a message distribution program stored on the memory and executable on the processor, the message distribution program implementing the steps of the message distribution method according to any one of claims 1 to 7 when executed by the processor.
10. A computer-readable storage medium, having a message distribution program stored thereon, which when executed by a processor implements the steps of the message distribution method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310241352.5A CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310241352.5A CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115941600A true CN115941600A (en) | 2023-04-07 |
| CN115941600B CN115941600B (en) | 2023-05-26 |
Family
ID=85828985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310241352.5A Active CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115941600B (en) |
Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000315997A (en) * | 1999-04-30 | 2000-11-14 | Toshiba Corp | Encryption communication method and node unit |
| CN101471772A (en) * | 2007-12-27 | 2009-07-01 | 华为技术有限公司 | Communication method, device and system |
| CN102299799A (en) * | 2010-06-24 | 2011-12-28 | 索尼公司 | Information processing device and method, program, and information processing system |
| CN108347419A (en) * | 2017-01-24 | 2018-07-31 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108566393A (en) * | 2018-04-13 | 2018-09-21 | 清华大学无锡应用技术研究院 | The methods, devices and systems of data encryption |
| CN110061840A (en) * | 2019-03-12 | 2019-07-26 | 平安科技(深圳)有限公司 | Data ciphering method, device, computer equipment and storage medium |
| CN111756522A (en) * | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN112073332A (en) * | 2020-08-10 | 2020-12-11 | 烽火通信科技股份有限公司 | Message distribution method, multi-core processor and readable storage medium |
| US20210136049A1 (en) * | 2019-11-05 | 2021-05-06 | Vmware, Inc. | Deterministic load balancing of ipsec packet processing |
| CN113079109A (en) * | 2021-04-07 | 2021-07-06 | 鹏城实验室 | Data message processing method and system, intelligent terminal and storage medium |
| CN113194504A (en) * | 2021-04-27 | 2021-07-30 | 缪周航 | Method and system for optimizing transmission protocol based on multiplex detection and opposite-end remote measurement |
| CN113821810A (en) * | 2021-08-26 | 2021-12-21 | 上海赢科信息技术有限公司 | Data processing method and system, storage medium and electronic device |
| CN113849797A (en) * | 2021-09-29 | 2021-12-28 | 深圳市电子商务安全证书管理有限公司 | Method, device, equipment and storage medium for repairing data security vulnerability |
| CN114039785A (en) * | 2021-11-10 | 2022-02-11 | 奇安信科技集团股份有限公司 | Data encryption, decryption and processing method, device, equipment and storage medium |
| CN114448730A (en) * | 2022-04-07 | 2022-05-06 | 中国工商银行股份有限公司 | Packet forwarding method and device based on block chain network and transaction processing method |
| CN114500093A (en) * | 2022-02-24 | 2022-05-13 | 中国工商银行股份有限公司 | Safe interaction method and system for message information |
| CN114679395A (en) * | 2022-05-27 | 2022-06-28 | 鹏城实验室 | Data transmission detection method and system for heterogeneous network |
| CN114785496A (en) * | 2022-04-19 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Method, device and system for sharing private data and receiving private data |
| CN114826672A (en) * | 2022-03-25 | 2022-07-29 | 阿里云计算有限公司 | Encryption and decryption methods and devices of cloud network, computing node and system |
| CN114866486A (en) * | 2022-03-18 | 2022-08-05 | 广州大学 | Encrypted flow classification system based on data packet |
-
2023
- 2023-03-14 CN CN202310241352.5A patent/CN115941600B/en active Active
Patent Citations (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000315997A (en) * | 1999-04-30 | 2000-11-14 | Toshiba Corp | Encryption communication method and node unit |
| CN101471772A (en) * | 2007-12-27 | 2009-07-01 | 华为技术有限公司 | Communication method, device and system |
| CN102299799A (en) * | 2010-06-24 | 2011-12-28 | 索尼公司 | Information processing device and method, program, and information processing system |
| CN108347419A (en) * | 2017-01-24 | 2018-07-31 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108566393A (en) * | 2018-04-13 | 2018-09-21 | 清华大学无锡应用技术研究院 | The methods, devices and systems of data encryption |
| CN110061840A (en) * | 2019-03-12 | 2019-07-26 | 平安科技(深圳)有限公司 | Data ciphering method, device, computer equipment and storage medium |
| US20210136049A1 (en) * | 2019-11-05 | 2021-05-06 | Vmware, Inc. | Deterministic load balancing of ipsec packet processing |
| CN111756522A (en) * | 2020-06-28 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN112073332A (en) * | 2020-08-10 | 2020-12-11 | 烽火通信科技股份有限公司 | Message distribution method, multi-core processor and readable storage medium |
| CN113079109A (en) * | 2021-04-07 | 2021-07-06 | 鹏城实验室 | Data message processing method and system, intelligent terminal and storage medium |
| CN113194504A (en) * | 2021-04-27 | 2021-07-30 | 缪周航 | Method and system for optimizing transmission protocol based on multiplex detection and opposite-end remote measurement |
| CN113821810A (en) * | 2021-08-26 | 2021-12-21 | 上海赢科信息技术有限公司 | Data processing method and system, storage medium and electronic device |
| CN113849797A (en) * | 2021-09-29 | 2021-12-28 | 深圳市电子商务安全证书管理有限公司 | Method, device, equipment and storage medium for repairing data security vulnerability |
| CN114039785A (en) * | 2021-11-10 | 2022-02-11 | 奇安信科技集团股份有限公司 | Data encryption, decryption and processing method, device, equipment and storage medium |
| CN114500093A (en) * | 2022-02-24 | 2022-05-13 | 中国工商银行股份有限公司 | Safe interaction method and system for message information |
| CN114866486A (en) * | 2022-03-18 | 2022-08-05 | 广州大学 | Encrypted flow classification system based on data packet |
| CN114826672A (en) * | 2022-03-25 | 2022-07-29 | 阿里云计算有限公司 | Encryption and decryption methods and devices of cloud network, computing node and system |
| CN114448730A (en) * | 2022-04-07 | 2022-05-06 | 中国工商银行股份有限公司 | Packet forwarding method and device based on block chain network and transaction processing method |
| CN114785496A (en) * | 2022-04-19 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Method, device and system for sharing private data and receiving private data |
| CN114679395A (en) * | 2022-05-27 | 2022-06-28 | 鹏城实验室 | Data transmission detection method and system for heterogeneous network |
Non-Patent Citations (3)
| Title |
|---|
| RAFIK HAMZA: "Hash Based Encryption for Keyframes of Diagnostic Hysteroscopy", 《IEEE XPLORE》 * |
| WANG TAO: "Seepage analysis of a diversion tunnel with high pressure in different periods: a case study", 《百度学术》 * |
| 邓涛: "基于组合RSA的网络分流器的设计与实现", 《CNKI中国知网》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115941600B (en) | 2023-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3632057B1 (en) | Distributed ipsec gateway | |
| CN106713320B (en) | Terminal data transmission method and device | |
| CN105376216B (en) | A kind of remote access method, proxy server and client | |
| WO2018014723A1 (en) | Key management method, apparatus, device and system | |
| US11470060B2 (en) | Private exchange of encrypted data over a computer network | |
| US20200351107A1 (en) | Secure authentication of remote equipment | |
| EP2974121A1 (en) | Secure network communication | |
| CN111614683B (en) | Data processing method, device and system and network card | |
| CN107547559B (en) | Message processing method and device | |
| CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
| CN110177099B (en) | Data exchange method, transmitting terminal and medium based on asymmetric encryption technology | |
| KR20220066114A (en) | Processing requests to control information stored on multiple servers | |
| CN112153015A (en) | Multi-encryption interface authentication method, device, equipment and readable storage medium | |
| CN112217833B (en) | Secure socket protocol unloading method and device, storage medium and electronic equipment | |
| CN113438215B (en) | Data transmission method, device, equipment and storage medium | |
| CN113810397A (en) | Protocol data processing method and device | |
| CN111163102B (en) | Data processing method and device, network equipment and readable storage medium | |
| WO2021222651A1 (en) | Methods, apparatus, and articles of manufacture to securely audit communications | |
| US9219712B2 (en) | WAN optimization without required user configuration for WAN secured VDI traffic | |
| WO2014089968A1 (en) | Virtual machine system data encryption method and device | |
| CN115941600B (en) | Message distribution method, system and computer readable storage medium | |
| CN115766902A (en) | Method, device, equipment and medium for transmitting non-sensitive data through QUIC | |
| CN115378627A (en) | Data processing method, device, equipment and storage medium | |
| CN111131455B (en) | Data proxy method, device, equipment and storage medium | |
| CN112398718A (en) | Network transmission method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |