CN116708305A - Financial data transaction cryptographic algorithm application method and device - Google Patents
Financial data transaction cryptographic algorithm application method and device Download PDFInfo
- Publication number
- CN116708305A CN116708305A CN202310972238.XA CN202310972238A CN116708305A CN 116708305 A CN116708305 A CN 116708305A CN 202310972238 A CN202310972238 A CN 202310972238A CN 116708305 A CN116708305 A CN 116708305A
- Authority
- CN
- China
- Prior art keywords
- data
- job
- packet
- queue
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000012545 processing Methods 0.000 claims abstract description 69
- 230000008569 process Effects 0.000 claims abstract description 12
- 238000007726 management method Methods 0.000 claims description 31
- 238000007781 pre-processing Methods 0.000 claims description 17
- 230000001419 dependent effect Effects 0.000 claims description 10
- 238000013507 mapping Methods 0.000 claims description 5
- 230000003044 adaptive effect Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000002360 preparation method Methods 0.000 claims description 3
- 239000012634 fragment Substances 0.000 claims 1
- 238000013461 design Methods 0.000 abstract description 2
- 238000013508 migration Methods 0.000 abstract description 2
- 230000005012 migration Effects 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/56—Queue scheduling implementing delay-aware scheduling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/50—Queue scheduling
- H04L47/60—Queue scheduling implementing hierarchical scheduling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application discloses a method and a device for applying a financial data transaction cryptographic algorithm, which relate to the field of method application and comprise the following steps: s1, receiving a financial transaction password data stream; according to the application method and the device for the financial data transaction cryptographic algorithm, the hierarchical scheduling method based on the service identification or the random job flow scheduling method based on the load balancing is selected in the application process of the financial data transaction cryptographic algorithm, so that the sequence consistency requirement of associated services in random cross service flow cryptographic operation processing is realized, the design of a software layer is simplified, synchronization among tasks is not required to be considered when the software layer performs task parallelization processing, synchronization expenditure is reduced, the flow direction control of a job packet entering a processing unit is realized by recording the service index number BIN of data entering and exiting the processing unit, the work singleness and continuity of the processing unit are ensured, the migration of the data on a chip is reduced, and the processing speed of cryptographic services is accelerated.
Description
Technical Field
The application relates to a method application technology, in particular to a financial data transaction cryptographic algorithm application method and device.
Background
Mobile payment is a convenient and safe service way for mobile users to pay accounts for goods or services consumed by mobile terminals (usually mobile phones), and has been rapidly developed in recent decades at home and abroad. The development of mobile payment can be divided into three stages according to the development of mobile communication technology and the transition of business model. The first stage is a payment mode using short messages and voices as information carriers, wherein the short message payment is expansion of short messages and multimedia message services, and the interactive voices are expansion of voice communication services. The business threshold is low, the mode is simple, the mobile phone number is bound with the bank account number, and payment is carried out through the short message. The second phase is a payment mode based on WAP and mobile phone client software. The third generation mobile payment is to embed a financial card on a mobile phone card to ensure financial security, and add a near field communication chip to realize mobile phone field card swiping payment. However, with the continuous breakthrough innovation of information security technology, the security problem of mobile payment is also increasingly serious. Currently, the existing mobile payment technologies can be divided into three types according to the relationship between the financial card and the mobile terminal: full terminal mode, terminal card cooperation mode, full card mode. The whole mobile payment system can be roughly divided into a mobile terminal (mobile payment financial card), a field payment terminal, a mobile communication network, a remote merchant, a mobile payment platform, a financial transaction transfer system and a financial institution (card issuing bank and acquiring bank). Security is the core of mobile payment technology from the development of the existing mobile payment industry. The technical barriers are extended around the characteristic of security, and the transaction cryptographic algorithm is naturally the important weight of mobile payment as the basis of information security.
When the conventional financial transaction password is used, data is sent to different processors through a Dispatcher to realize parallelization processing of an isomorphic encryption algorithm, a scheduling method realized by software has the advantage of flexible processing, but the speed is limited, the scheduling processing is relatively delayed, the rapid and effective processing of massive data cannot be well met, the user experience is influenced, and meanwhile, the situation of data flow congestion is easy to occur in the using process of multi-source massive data.
Disclosure of Invention
The application aims to provide a method and a device for applying a financial data transaction cryptographic algorithm, which are used for solving the defects in the prior art.
In order to achieve the above object, the present application provides the following technical solutions: a financial data transaction cryptographic algorithm application method comprises the following steps:
s1, receiving a financial transaction password data stream;
s2, judging whether a hierarchical scheduling method based on service identification is adopted in a scheduling method of the financial transaction password data stream;
s3, if the judgment result in the step S2 is yes, selecting a hierarchical scheduling method based on service identification to schedule the financial transaction password data stream, generating a data packet, and if the judgment result in the step S2 is no, selecting a random job stream scheduling method based on load balancing to schedule the financial transaction password data stream, and generating the data packet;
s4, performing self-adaptive active queue management on the data packet;
s5, judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard;
and S6, if the judgment result in the step S5 is yes, returning to the step S1, continuously receiving the financial transaction password data stream, and if the judgment result in the step S5 is no, returning to the step S4, and carrying out queue management again.
Further, the hierarchical scheduling method based on the service identification comprises the following steps:
a1, receiving different business data which flow in a random cross way by an entrance queue, and sharing by all IP cores;
a2, carrying out first-stage scheduling on the data flow of the inlet queue and then sending the data flow into the pretreatment queue;
a3, carrying out second-stage scheduling on the data stream subjected to the first-stage scheduling;
a4, carrying out data feedback on the data stream of which the second-stage scheduling is completed;
a5, the data of the outlet queue is distributed to different CPU processes.
Further, the specific method of the first-stage scheduling is as follows:
b1, if the input queue is not empty, reading the header data of the job packet from the input queue;
b2, analyzing the packet header data to obtain the cluster identification of the processing node cluster and the length data of the operation packet;
b3, searching a pretreatment queue index table according to the cluster identification, and sending the packet head data to a corresponding pretreatment queue; otherwise, the cluster mark is an illegal algorithm cluster number, and the data is sent to an ERROR_FIFO;
b4, if the value in the length counter is different from the value in the length register, the data in the input queue is sent to be queued in advance; otherwise, entering a step B6;
b5, adding w/8 to the length counter, and returning to the step B4;
b6, returning to the step B1.
Further, the specific method of the second-stage scheduling is as follows:
c1, if the pre-queuing is not empty, the associated control module reads the data of the job packet header from the pre-queuing;
c2, the association control module analyzes the packet header data to obtain the ip_id number, the operation packet length and the algorithm working mode, and if the mode is i If the operation is not related to ECB, the selection switch s1 is controlled to send data to data_reg, if the operation is mode i For CBC|OFB|CFB, this bundle will BIN for the associated bundle i Comparing with the associated ID table, if the same index number BIN exists i The selection switch s1 is controlled to send the data to the associated queue, otherwise, the job packet is the first job packet of the associated task, the data is sent to the data_reg, and the BIN of the job packet is sent at the same time i Adding the data to an association ID table;
if the related control module does not receive the req request, the selector switch s2 sends the data in the data_reg to the preprocessing module for preparation before operation according to the ip_id of the request; otherwise, the switch s2 selects BIN with the same from the associated queue according to the ip_id of the request i The job package of (2) is sent to a preprocessing module;
and C4, preparing algorithm operation by the preprocessing module, acquiring data required by the IP core operation, including keys and IV, and sending the data to a cryptographic algorithm entrance queue.
Further, the method for managing the intermediate state comprises the following steps:
d1, adding a secret key and an intermediate state register KSM in a system, wherein the secret key and the intermediate state register KSM are used for storing secret keys of each job package and intermediate state data generated in the operation process of different job packages;
d2, using service unique identification number BIN i Storing and acquiring a secret key and an intermediate state as pointers;
d3, the algorithm processing module IP outputs the operation result and uses BIN together with the key thereof i Storing the storage address into the KSM, namely, each business process has a unique KSM address, thereby ensuring the correctness of the extraction of the intermediate state data;
d4, before the job packet enters the algorithm processing queue IP_queue, the algorithm preprocessing module firstly carries out the processing according to the BIN in the job packet head i Acquiring key and intermediate state required by the job package, and according to operation mode i The correct algorithm module entry data is obtained.
Further, the random job flow scheduling method based on load balancing comprises the following steps:
e1, according to the operation mode i Judging the dependency;
e2, acquiring the residual capacity of the processing nodes of the cluster according to the processing node state table;
e3, acquiring the speed weight of the non-empty processing node with the residual capacity according to the processing node state table and the processing algorithm type;
e4, calculating the weight of the remaining capacity non-empty processing nodes, and selecting the processing node with the largest weight;
e5, if the job packet belongs to the dependent job, adding the processing node ip_id into the BIN i A corresponding entry; otherwise, entering a step E6;
e6, putting the job packet into a task queue of the processing node ip_id;
e7, if the job package is the associated job package, judging whether the job package is the last slice of the job when the job package processing is completed, if so, setting the job package BIN from the selection relation table i Deleting the corresponding table entry, and directly returning the operation result to the request end; otherwise, the operation result of the operation package is stored as an intermediate state to an intermediate state storage module, and if the operation package does not belong to the dependent operation, the operation result is directly returned to the request end.
Further, the adaptive active queue management method comprises the following steps:
f1, firstly, after a data packet enters a switch, outputting the target flow of target data flow information at the moment and the change trend of congestion state to provide network state information for a subsequent active queue management mechanism;
f2, aiming at the congestion tendency in the network, the switch acquires a queue depth field corresponding to the output port and compares the queue depth field with a preset queue threshold;
f3, after the packet loss probability of the data packet is judged to be true, setting a packet loss identification field of the data packet to be 1, wherein the packet loss identification field represents that the data packet needs to be subjected to packet loss pretreatment, otherwise, the data packet is forwarded normally;
f4, comparing the source IP address of the data packet needing packet loss pretreatment with the source IP address of the target flow;
f5, judging whether the data stream is a target data stream or not; and if the judging result is the target data flow, executing packet loss operation, otherwise, executing normal forwarding of the data packet.
A financial data transaction cryptographic algorithm application apparatus comprising:
the financial transaction password data stream receiving module is used for receiving a financial transaction password data stream;
the scheduling method judging module is used for judging whether a hierarchical scheduling method based on service identification is adopted in a scheduling method of the financial transaction password data stream or not;
the hierarchical scheduling module based on the service identification comprises:
the first-stage scheduling module is used for extracting data in an input queue, acquiring an algorithm type through analyzing a job packet, distributing the data to a preprocessing queue of a corresponding algorithm to realize data distribution, and ensuring the correctness of mapping between the job packet and the algorithm;
the second-stage scheduling module is used for judging the working state of the job packet, determining the time sequence of job packet scheduling and obtaining the input data of the algorithm module;
the association control module is used for maintaining an association ID table and controlling the scheduling sequence of the association job packet;
the coarse-granularity-realized cryptographic algorithm operation module is used for realizing the operation of a cryptographic algorithm;
a load balancing based random job flow scheduling module, the load balancing based random job flow scheduling module comprising:
the request module is used for providing a load balancing request;
the job dividing and rotating module is used for carrying out first-stage scheduling of the jobs and sending the job packets to corresponding cluster task queues;
the load balancing control module is used for carrying out second-level scheduling of the operation and sending the operation packet to a corresponding processing node task queue according to a load balancing strategy;
the intermediate state storage module is used for temporarily storing intermediate results of the dependent operation preamble operation package and providing intermediate data for the subsequent operation package;
the queue management module is used for carrying out self-adaptive active queue management on the financial transaction password data stream with the adjusted completion:
and the accuracy judging module is used for judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard or not.
Compared with the prior art, the application method and the device for the financial data transaction cryptographic algorithm provided by the application have the advantages that the hierarchical scheduling method based on the service identification or the random job flow scheduling method based on the load balancing is selected in the application process of the financial data transaction cryptographic algorithm, so that the sequence consistency requirement of the related service in the random cross service flow cryptographic operation processing is realized, the design of a software layer is simplified, the synchronization among tasks is not required to be considered when the software layer performs task parallelization processing, the synchronization cost is reduced, the flow direction control of the job packet entering the processing unit is realized by recording the service index BIN of the data entering the processing unit and the data exiting the processing unit, the work singleness and continuity of the processing unit are ensured, the migration of the data on a chip is reduced, and the processing speed of the cryptographic service is accelerated.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a schematic diagram of an overall flow structure according to a first embodiment of the present application;
fig. 2 is a schematic flow chart of a hierarchical scheduling method based on service identifier according to a first embodiment of the present application;
fig. 3 is a schematic flow chart of a random job flow scheduling method based on load balancing according to an embodiment of the present application;
fig. 4 is a schematic flow chart of a financial data transaction cryptographic algorithm application device according to a second embodiment of the application.
Detailed Description
In order to make the technical scheme of the present application better understood by those skilled in the art, the present application will be further described in detail with reference to the accompanying drawings.
Embodiment one:
referring to fig. 1-3, a method for applying a cryptographic algorithm for financial data transaction includes the following steps:
s1, receiving a financial transaction password data stream;
s2, judging whether a hierarchical scheduling method based on service identification is adopted in a scheduling method of the financial transaction password data stream;
s3, if the judgment result in the step S2 is yes, selecting a hierarchical scheduling method based on service identification to schedule the financial transaction password data stream, generating a data packet, and if the judgment result in the step S2 is no, selecting a random job stream scheduling method based on load balancing to schedule the financial transaction password data stream, and generating the data packet;
s4, performing self-adaptive active queue management on the data packet;
s5, judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard;
and S6, if the judgment result in the step S5 is yes, returning to the step S1, continuously receiving the financial transaction password data stream, and if the judgment result in the step S5 is no, returning to the step S4, and carrying out queue management again.
The application method of the financial data transaction password algorithm is that a financial transaction password data stream is received, whether a hierarchical scheduling method based on service identification is adopted in the scheduling method of the financial transaction password data stream is judged, if yes, the hierarchical scheduling method based on the service identification is selected to schedule the financial transaction password data stream, a data packet is generated, if not, a random job stream scheduling method based on load balancing is selected to schedule the financial transaction password data stream, a data packet is generated, self-adaptive active queue management is conducted on the data packet, whether the accuracy of the financial transaction password data stream after transmission reaches the standard is judged, if yes, the financial transaction password data stream is received again to conduct subsequent application of the financial data transaction password algorithm, and if no, self-adaptive active queue management is conducted on the financial transaction password data stream again.
The hierarchical scheduling method based on service identification is arranged, the operation state of the job packet is tracked in real time, the mapping between the service flow and the IP core of the cryptographic algorithm is completed by adopting two-stage scheduling, and the correct and orderly processing of the associated job packet in the random cross service flow is ensured.
The hierarchical scheduling method based on the service identification comprises the following steps:
a1, receiving different business data which flow in a random cross way by an entrance queue, and sharing by all IP cores;
a2, carrying out first-stage scheduling on the data flow of the inlet queue and then sending the data flow into the pretreatment queue;
a3, carrying out second-stage scheduling on the data stream subjected to the first-stage scheduling;
a4, carrying out data feedback on the data stream of which the second-stage scheduling is completed;
a5, the data of the outlet queue is distributed to different CPU processes.
The specific method of the first-stage scheduling is as follows:
b1, if the input queue is not empty, reading the header data of the job packet from the input queue;
b2, analyzing the packet header data to obtain the cluster identification of the processing node cluster and the length data of the operation packet;
b3, searching a pretreatment queue index table according to the cluster identification, and sending the packet head data to a corresponding pretreatment queue; otherwise, the cluster mark is an illegal algorithm cluster number, and the data is sent to an ERROR_FIFO;
b4, if the value in the length counter is different from the value in the length register, the data in the input queue is sent to be queued in advance; otherwise, enter step B6;
b5, adding w/8 to the length counter, and returning to the step B4;
b6, returning to the step B1.
The specific method of the second-stage scheduling is as follows:
c1, if the pre-queuing is not empty, the associated control module reads the data of the job packet header from the pre-queuing;
c2, the association control module analyzes the packet header data to obtain the ip_id number, the operation packet length and the algorithm working mode, and if the mode is i If the operation is not related to ECB, the selection switch s1 is controlled to send data to data_reg, if the operation is mode i For CBC|OFB|CFB, this bundle will BIN for the associated bundle i Comparing with the associated ID table, if the same index number BIN exists i The selection switch s1 is controlled to send the data to the associated queue, otherwise, the job packet is the first job packet of the associated task, the data is sent to the data_reg, and the BIN of the job packet is sent at the same time i Adding the data to an association ID table;
if the related control module does not receive the req request, the selector switch s2 sends the data in the data_reg to the preprocessing module for preparation before operation according to the ip_id of the request; otherwise, the switch s2 selects BIN with the same from the associated queue according to the ip_id of the request i The job package of (2) is sent to a preprocessing module;
and C4, preparing algorithm operation by the preprocessing module, acquiring data required by the IP core operation, including keys and IV, and sending the data to a cryptographic algorithm entrance queue.
The method for managing the intermediate state comprises the following steps:
d1, adding a secret key and an intermediate state register KSM in a system, wherein the secret key and the intermediate state register KSM are used for storing secret keys of each job package and intermediate state data generated in the operation process of different job packages;
d2, using service unique identification number BIN i Is a pointerStoring and acquiring the secret key and the intermediate state;
d3, the algorithm processing module IP outputs the operation result and uses BIN together with the key thereof i Storing the storage address into the KSM, namely, each business process has a unique KSM address, thereby ensuring the correctness of the extraction of the intermediate state data;
d4, before the job packet enters the algorithm processing queue IP_queue, the algorithm preprocessing module firstly carries out the processing according to the BIN in the job packet head i Acquiring key and intermediate state required by the job package, and according to operation mode i The correct algorithm module entry data is obtained.
By setting a hierarchical scheduling method based on service identification, the operation state of the job packet is tracked in real time, the mapping between the service flow and the IP core of the cryptographic algorithm is completed by adopting two-stage scheduling, and the correct and orderly processing of the associated job packet in the random cross service flow is realized.
The random job flow scheduling method based on load balancing comprises the following steps:
e1, according to the operation mode i Judging the dependency:
if mode i For cbc|ofb|cfb, or the algorithm is a Hash algorithm, then this job belongs to the dependent job. Firstly, inquiring a selection relation table, if the BIN of the operation package exists in the selection relation table i E7, placing the job packet in a task queue of a processing node ip_id corresponding to the table entry, and entering a step E7; if the BIN of the job packet does not exist in the selection relation table i Table entry, then the BIN i Add to the selection relationship table and go to Step2. If the operation is independent operation, entering a step E2;
e2, acquiring the residual capacity cap of the processing node of the cluster according to the processing node state table r =cap-n*l;
E3, acquiring the speed weight of the non-empty processing node with the residual capacity according to the processing node state table and the processing algorithm type;
e4, calculating the weight of the remaining capacity non-empty processing nodes, and selecting the processing node with the largest weight;
e5, if the job packet belongs to the dependent job, adding the processing node ip_id into the BIN i A corresponding entry; otherwise, enter step E6;
e6, putting the job packet into a task queue of the processing node ip_id;
e7, if the job package is the associated job package, judging whether the job package is the last slice of the job when the job package processing is completed, if so, setting the job package BIN from the selection relation table i Deleting the corresponding table entry, and directly returning the operation result to the service request end; otherwise, the operation result of the operation package is stored as an intermediate state to an intermediate state storage module. If the job package does not belong to the dependent job, the operation result is directly returned to the service request end.
The dynamic distribution of the data flow preprocessing module job package on the processing node is realized through the two-stage load balancing dynamic scheduling algorithm, the transmission bandwidth is improved, the working efficiency of the processing node is ensured, and the high-speed password processing throughput rate is realized under the condition that the preprocessing module does not additionally increase the system hardware cost.
The self-adaptive active queue management method comprises the following steps:
f1, firstly, after a data packet enters a switch, outputting the target flow of target data flow information at the moment and the change trend of congestion state through the function of a fine-granularity queue analysis module to provide network state information for a subsequent active queue management mechanism;
and F2, aiming at the trend of congestion in the network, the switch acquires a queue depth field corresponding to the output port and compares the queue depth field with a preset queue threshold value. If the packet loss probability is larger than the set threshold value, judging that the packet loss processing is required to be carried out in advance, then acquiring the packet loss probability of the previous moment, and calculating the packet loss probability of the current moment;
f3, after the packet loss probability of the data packet is judged to be true, setting a packet loss identification field of the data packet to be 1, wherein the packet loss identification field represents that the data packet needs to be subjected to packet loss pretreatment, otherwise, the data packet is forwarded normally;
f4, comparing the source IP address of the data packet needing packet loss pretreatment with the source IP address of the target flow;
and F5, judging whether the data stream is the target data stream. And if the packet is the target data flow, performing packet loss operation, otherwise, performing normal forwarding on the data packet.
The self-adaptive active queue management is carried out on the data packets, so that the analyzed network congestion change state and the target data flow with larger influence on network congestion provide great help for timely and purposefully managing the transmission queues by using the network intermediate nodes, and the generation of congestion is avoided by purposefully discarding part of the data packets in advance, so that the generation of controllable queue delay is ensured, and the requirement of rapid congestion control of a multi-data-source financial data transaction cryptographic algorithm is met.
Embodiment two:
referring to fig. 4, a device for applying a cryptographic algorithm for financial data transaction includes:
the financial transaction password data stream receiving module is used for receiving the financial transaction password data stream;
the scheduling method judging module is used for judging whether the scheduling method of the financial transaction password data stream adopts a hierarchical scheduling method based on service identification;
the hierarchical scheduling module based on the service identification comprises:
the first-stage scheduling module is used for extracting data in an input queue, acquiring an algorithm type through analyzing a job packet, distributing the data to a preprocessing queue of a corresponding algorithm to realize data distribution, and ensuring the correctness of mapping between the job packet and the algorithm;
the second-stage scheduling module is used for judging the working state of the job packet, determining the time sequence of job packet scheduling and obtaining the input data of the algorithm module;
the association control module is used for maintaining an association ID table and controlling the scheduling sequence of the association job packet;
and the coarse-granularity implemented cryptographic algorithm operation module is used for implementing the operation of the cryptographic algorithm.
The random job flow scheduling module based on load balancing comprises:
the request module is used for providing a load balancing request;
the job dividing and transferring module is used for carrying out first-stage dispatching of the jobs and sending the job packets to corresponding cluster task queues;
the load balancing control module is used for carrying out second-level scheduling of the operation and sending the operation packet to a corresponding processing node task queue according to a load balancing strategy;
the intermediate state storage module is used for temporarily storing intermediate results of the dependent operation preamble operation package and providing intermediate data for the subsequent operation package;
the queue management module is used for carrying out self-adaptive active queue management on the financial transaction password data stream with the adjusted completion:
and the accuracy judging module is used for judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard.
The specific working method for setting the financial data transaction cryptographic algorithm application device comprises the following steps:
and receiving the financial transaction password data stream, judging whether a hierarchical scheduling method based on service identification is adopted in the financial transaction password data stream scheduling method, if so, selecting a hierarchical scheduling module based on service identification to schedule the financial transaction password data stream, if not, performing adaptive active queue management on the financial transaction password data stream after the completion of the scheduling by selecting a random job stream scheduling module based on load balancing, and judging whether the accuracy of the financial transaction password data stream after the completion of the transmission reaches the standard by an accuracy judging module, if so, returning to a financial transaction password data stream receiving module, re-receiving the financial transaction password data stream, performing subsequent application of a financial data transaction password algorithm, and if not, returning to the queue management module to perform adaptive active queue management on the financial transaction password data stream, and re-performing queue management.
Working principle: when the method is used, firstly, a financial transaction password data stream is received, whether a hierarchical scheduling method based on service identification is adopted in the financial transaction password data stream scheduling method is judged, if yes, a hierarchical scheduling module based on service identification is selected to schedule the financial transaction password data stream, if not, a random job stream scheduling module based on load balancing is selected to schedule the financial transaction password data stream, self-adaptive active queue management is carried out on the financial transaction password data stream after the scheduling is completed through a queue management module, whether the accuracy of the financial transaction password data stream after the transmission is up to the standard is judged through an accuracy judging module, if yes, the financial transaction password data stream receiving module is returned, the application of a follow-up financial data transaction password algorithm is carried out again, if no, the self-adaptive active queue management is carried out on the financial transaction password data stream through the queue management module is returned, and the queue management is carried out again.
While certain exemplary embodiments of the present application have been described above by way of illustration only, it will be apparent to those of ordinary skill in the art that modifications may be made to the described embodiments in various different ways without departing from the spirit and scope of the application. Accordingly, the drawings and description are to be regarded as illustrative in nature and not as restrictive of the scope of the application, which is defined by the appended claims.
Claims (8)
1. The application method of the financial data transaction cryptographic algorithm is characterized by comprising the following steps of:
s1, receiving a financial transaction password data stream;
s2, judging whether a hierarchical scheduling method based on service identification is adopted in a scheduling method of the financial transaction password data stream;
s3, if the judgment result in the step S2 is yes, selecting a hierarchical scheduling method based on service identification to schedule the financial transaction password data stream, generating a data packet, and if the judgment result in the step S2 is no, selecting a random job stream scheduling method based on load balancing to schedule the financial transaction password data stream, and generating the data packet;
s4, performing self-adaptive active queue management on the data packet;
s5, judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard;
and S6, if the judgment result in the step S5 is yes, returning to the step S1, continuously receiving the financial transaction password data stream, and if the judgment result in the step S5 is no, returning to the step S4, and carrying out queue management again.
2. The method for applying the cryptographic algorithm to the financial data transaction according to claim 1, wherein the hierarchical scheduling method based on the service identifier is as follows:
a1, receiving different business data which flow in a random cross way by an entrance queue, and sharing by all IP cores;
a2, carrying out first-stage scheduling on the data flow of the inlet queue and then sending the data flow into the pretreatment queue;
a3, carrying out second-stage scheduling on the data stream subjected to the first-stage scheduling;
a4, carrying out data feedback on the data stream of which the second-stage scheduling is completed;
a5, the data of the outlet queue is distributed to different CPU processes.
3. The method for applying the cryptographic algorithm to financial data transaction according to claim 2, wherein the specific method for first-level scheduling is as follows:
b1, if the input queue is not empty, reading the header data of the job packet from the input queue;
b2, analyzing the packet header data to obtain the cluster identification of the processing node cluster and the length data of the operation packet;
b3, searching a pretreatment queue index table according to the cluster identification, and sending the packet head data to a corresponding pretreatment queue; otherwise, the cluster mark is an illegal algorithm cluster number, and the data is sent to an ERROR_FIFO;
b4, if the value in the length counter is different from the value in the length register, the data in the input queue is sent to be queued in advance; otherwise, entering a step B6;
b5, adding w/8 to the length counter, and returning to the step B4;
b6, returning to the step B1.
4. A method for applying a cryptographic algorithm to financial data transactions according to claim 3, wherein said second level of scheduling is specifically:
c1, if the pre-queuing is not empty, the associated control module reads the data of the job packet header from the pre-queuing;
c2, the association control module analyzes the packet header data to obtain the ip_id number, the operation packet length and the algorithm working mode, and if the mode is i If the operation is not related to ECB, the selection switch s1 is controlled to send data to data_reg, if the operation is mode i For CBC|OFB|CFB, this bundle will BIN for the associated bundle i Comparing with the associated ID table, if the same index number BIN exists i The selection switch s1 is controlled to send the data to the associated queue, otherwise, the job packet is the first job packet of the associated task, the data is sent to the data_reg, and the BIN of the job packet is sent at the same time i Adding the data to an association ID table;
if the related control module does not receive the req request, the selector switch s2 sends the data in the data_reg to the preprocessing module for preparation before operation according to the ip_id of the request; otherwise, the switch s2 selects BIN with the same from the associated queue according to the ip_id of the request i The job package of (2) is sent to a preprocessing module;
and C4, preparing algorithm operation by the preprocessing module, acquiring data required by the IP core operation, including keys and IV, and sending the data to a cryptographic algorithm entrance queue.
5. A method of applying a cryptographic algorithm to financial data transactions according to claim 3 wherein said method of intermediate state management is:
d1, adding a secret key and an intermediate state register KSM in a system, wherein the secret key and the intermediate state register KSM are used for storing secret keys of each job package and intermediate state data generated in the operation process of different job packages;
d2, using service unique identification number BIN i Storing and acquiring a secret key and an intermediate state as pointers;
d3, the algorithm processing module IP outputs the operation result and uses BIN together with the key thereof i Storing the storage address into the KSM, namely, each business process has a unique KSM address, thereby ensuring the correctness of the extraction of the intermediate state data;
d4, before the job packet enters the algorithm processing queue IP_queue, the algorithm preprocessing module firstly carries out the processing according to the BIN in the job packet head i Acquiring key and intermediate state required by the job package, and according to operation mode i The correct algorithm module entry data is obtained.
6. The method for applying the cryptographic algorithm to financial data transaction according to claim 1, wherein the random job flow scheduling method based on load balancing is as follows:
e1, according to the operation mode i Judging the dependency;
e2, acquiring the residual capacity of the processing nodes of the cluster according to the processing node state table;
e3, acquiring the speed weight of the non-empty processing node with the residual capacity according to the processing node state table and the processing algorithm type;
e4, calculating the weight of the remaining capacity non-empty processing nodes, and selecting the processing node with the largest weight;
e5, if the job packet belongs to the dependent job, adding the processing node ip_id into the BIN i A corresponding entry; otherwise, entering a step E6;
e6, putting the job packet into a task queue of the processing node ip_id;
e7, if the job package is the associated job package, judging whether the job package is the last fragment of the job when the job package processing is completed, if so, judging the job package B from the selection relation tableIN i Deleting the corresponding table entry, and directly returning the operation result to the request end; otherwise, the operation result of the operation package is stored as an intermediate state to an intermediate state storage module, and if the operation package does not belong to the dependent operation, the operation result is directly returned to the request end.
7. The method for applying a cryptographic algorithm to financial data transactions according to claim 1, wherein the adaptive active queue management method is:
f1, firstly, after a data packet enters a switch, outputting the target flow of target data flow information at the moment and the change trend of congestion state to provide network state information for a subsequent active queue management mechanism;
f2, aiming at the congestion tendency in the network, the switch acquires a queue depth field corresponding to the output port and compares the queue depth field with a preset queue threshold;
f3, after the packet loss probability of the data packet is judged to be true, setting a packet loss identification field of the data packet to be 1, wherein the packet loss identification field represents that the data packet needs to be subjected to packet loss pretreatment, otherwise, the data packet is forwarded normally;
f4, comparing the source IP address of the data packet needing packet loss pretreatment with the source IP address of the target flow;
f5, judging whether the data stream is a target data stream or not; and if the judging result is the target data flow, executing packet loss operation, otherwise, executing normal forwarding of the data packet.
8. A financial data transaction cryptographic algorithm application apparatus adapted for use in a method of applying a financial data transaction cryptographic algorithm as claimed in any one of claims 1 to 7, comprising:
the financial transaction password data stream receiving module is used for receiving a financial transaction password data stream;
the scheduling method judging module is used for judging whether a hierarchical scheduling method based on service identification is adopted in a scheduling method of the financial transaction password data stream or not;
the hierarchical scheduling module based on the service identification comprises:
the first-stage scheduling module is used for extracting data in an input queue, acquiring an algorithm type through analyzing a job packet, distributing the data to a preprocessing queue of a corresponding algorithm to realize data distribution, and ensuring the correctness of mapping between the job packet and the algorithm;
the second-stage scheduling module is used for judging the working state of the job packet, determining the time sequence of job packet scheduling and obtaining the input data of the algorithm module;
the association control module is used for maintaining an association ID table and controlling the scheduling sequence of the association job packet;
the coarse-granularity-realized cryptographic algorithm operation module is used for realizing the operation of a cryptographic algorithm;
a load balancing based random job flow scheduling module, the load balancing based random job flow scheduling module comprising:
the request module is used for providing a load balancing request;
the job dividing and rotating module is used for carrying out first-stage scheduling of the jobs and sending the job packets to corresponding cluster task queues;
the load balancing control module is used for carrying out second-level scheduling of the operation and sending the operation packet to a corresponding processing node task queue according to a load balancing strategy;
the intermediate state storage module is used for temporarily storing intermediate results of the dependent operation preamble operation package and providing intermediate data for the subsequent operation package;
the queue management module is used for carrying out self-adaptive active queue management on the financial transaction password data stream with the adjusted completion:
and the accuracy judging module is used for judging whether the accuracy of the transmitted financial transaction password data stream reaches the standard or not.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310972238.XA CN116708305B (en) | 2023-08-03 | 2023-08-03 | Financial data transaction cryptographic algorithm application method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310972238.XA CN116708305B (en) | 2023-08-03 | 2023-08-03 | Financial data transaction cryptographic algorithm application method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116708305A true CN116708305A (en) | 2023-09-05 |
| CN116708305B CN116708305B (en) | 2023-10-27 |
Family
ID=87843589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310972238.XA Active CN116708305B (en) | 2023-08-03 | 2023-08-03 | Financial data transaction cryptographic algorithm application method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116708305B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2369296A1 (en) * | 1999-03-31 | 2000-10-05 | The Chase Manhattan Bank | Portfolio investment guideline compliance and financial fund administration system |
| US20040064582A1 (en) * | 2002-09-30 | 2004-04-01 | Arun Raghunath | Apparatus and method for enabling intserv quality of service using diffserv building blocks |
| US20070100717A1 (en) * | 2005-09-02 | 2007-05-03 | Honda Motor Co., Ltd. | Detecting Missing Records in Financial Transactions by Applying Business Rules |
| CN101009646A (en) * | 2006-12-22 | 2007-08-01 | 清华大学 | Dynamic sharing device of physical queue based on the stream queue |
| US20080080382A1 (en) * | 2006-09-28 | 2008-04-03 | Dahshan Mostafa H | Refined Assured Forwarding Framework for Differentiated Services Architecture |
| CN104426795A (en) * | 2013-09-09 | 2015-03-18 | 中国电信股份有限公司 | Method, node scheduling server and system for load balancing |
| CN109992506A (en) * | 2019-03-18 | 2019-07-09 | 平安科技(深圳)有限公司 | Scheduling tests method, apparatus, computer equipment and storage medium |
| CN110020952A (en) * | 2019-04-12 | 2019-07-16 | 李升东 | A kind of finance data processing method and device |
| CN110769038A (en) * | 2019-10-09 | 2020-02-07 | 腾讯科技(深圳)有限公司 | Server scheduling method and device, storage medium and electronic equipment |
| WO2022194150A1 (en) * | 2021-03-17 | 2022-09-22 | 华为技术有限公司 | Transmission control method and apparatus |
-
2023
- 2023-08-03 CN CN202310972238.XA patent/CN116708305B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2369296A1 (en) * | 1999-03-31 | 2000-10-05 | The Chase Manhattan Bank | Portfolio investment guideline compliance and financial fund administration system |
| US20040064582A1 (en) * | 2002-09-30 | 2004-04-01 | Arun Raghunath | Apparatus and method for enabling intserv quality of service using diffserv building blocks |
| US20070100717A1 (en) * | 2005-09-02 | 2007-05-03 | Honda Motor Co., Ltd. | Detecting Missing Records in Financial Transactions by Applying Business Rules |
| US20080080382A1 (en) * | 2006-09-28 | 2008-04-03 | Dahshan Mostafa H | Refined Assured Forwarding Framework for Differentiated Services Architecture |
| CN101009646A (en) * | 2006-12-22 | 2007-08-01 | 清华大学 | Dynamic sharing device of physical queue based on the stream queue |
| CN104426795A (en) * | 2013-09-09 | 2015-03-18 | 中国电信股份有限公司 | Method, node scheduling server and system for load balancing |
| CN109992506A (en) * | 2019-03-18 | 2019-07-09 | 平安科技(深圳)有限公司 | Scheduling tests method, apparatus, computer equipment and storage medium |
| CN110020952A (en) * | 2019-04-12 | 2019-07-16 | 李升东 | A kind of finance data processing method and device |
| CN110769038A (en) * | 2019-10-09 | 2020-02-07 | 腾讯科技(深圳)有限公司 | Server scheduling method and device, storage medium and electronic equipment |
| WO2022194150A1 (en) * | 2021-03-17 | 2022-09-22 | 华为技术有限公司 | Transmission control method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116708305B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Song et al. | Smart collaborative automation for receive buffer control in multipath industrial networks | |
| KR102553831B1 (en) | Back-end architectural method and system for aggregate payment, computer device and storage medium | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| CN104734983B (en) | Scheduling system, the method and device of service data request | |
| WO2013082981A1 (en) | Method for processing service of automatic teller machine and system therefor | |
| CN109448271A (en) | A kind of no card withdrawal method, computer readable storage medium and server | |
| CN106571978B (en) | Data packet capturing method and device | |
| LU102556B1 (en) | Blockchain-enhanced open internet of things access architecture | |
| CN102970142A (en) | Method and system for concurrently encrypting and decrypting virtual private network (VPN) equipment in multi-encryption-card environment | |
| CN102904961A (en) | Method and system for scheduling cloud computing resources | |
| CN109194586A (en) | Peak clipping processing method based on distributed token bucket | |
| WO2016129028A1 (en) | Business coordination system and business coordination method | |
| CN102413054B (en) | Method, device and system for controlling data traffic as well as gateway equipment and switchboard equipment | |
| CN116708305B (en) | Financial data transaction cryptographic algorithm application method and device | |
| CN109286573A (en) | Peak clipping system based on distributed token bucket | |
| CN109985390B (en) | Virtual asset management method and system | |
| CN109120548A (en) | A kind of flow control methods and device | |
| CN111786928B (en) | Hierarchical encryption method and system for operation and maintenance of power world-space integrated quantum network | |
| CN109446200A (en) | A kind of method and device of data processing | |
| CN104540105B (en) | A kind of mobile message is up and descending transmission method and system | |
| CN106506660B (en) | A kind of online request processing method, server and system | |
| CN115865334A (en) | Quantum key distribution method and device and electronic equipment | |
| US11954681B2 (en) | Blockchain-enhanced open internet of things access architecture | |
| CN115150892A (en) | VM-PM (virtual machine-to-PM) repair strategy method in MEC (media independent center) wireless system with bursty service | |
| CN112379862A (en) | Universal blockchain wallet platform system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |