CN117097457B - Data processing system, method, equipment and medium - Google Patents
Data processing system, method, equipment and medium Download PDFInfo
- Publication number
- CN117097457B CN117097457B CN202311347482.3A CN202311347482A CN117097457B CN 117097457 B CN117097457 B CN 117097457B CN 202311347482 A CN202311347482 A CN 202311347482A CN 117097457 B CN117097457 B CN 117097457B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- processing
- data source
- routing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims abstract description 150
- 238000000034 method Methods 0.000 title claims abstract description 40
- 239000000872 buffer Substances 0.000 claims abstract description 113
- 230000005540 biological transmission Effects 0.000 claims abstract description 85
- 238000004364 calculation method Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 21
- 230000008521 reorganization Effects 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 14
- 238000012544 monitoring process Methods 0.000 claims description 10
- 230000003139 buffering effect Effects 0.000 claims description 5
- 239000005043 ethylene-methyl acrylate Substances 0.000 claims 3
- RRAMGCGOFNQTLD-UHFFFAOYSA-N hexamethylene diisocyanate Chemical compound O=C=NCCCCCCN=C=O RRAMGCGOFNQTLD-UHFFFAOYSA-N 0.000 claims 3
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 9
- 238000003672 processing method Methods 0.000 description 8
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 230000001052 transient effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9021—Plurality of buffers per packet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9057—Arrangements for supporting packet reassembly or resequencing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data processing system, a method, equipment and a medium in the technical field of computers. The invention comprises a plurality of data sources and a password processor arranged in the BMC; the cryptographic processor includes: the system comprises a routing end, a plurality of buffers and at least one cryptographic module; each data source is connected with a routing end through a buffer; the routing end is connected with the same cryptographic module through at least two downstream transmission paths; when the data quantity of a plurality of data groups of the multipath data sources read by the routing end is equal, determining the processing sequence of the plurality of data groups according to the residual space of a plurality of buffers, calculating random parameters for each data group on different downstream transmission paths according to the processing sequence, and processing each data group and corresponding random parameters by using the same cipher module in time intervals, so that different data sources can multiplex the same cipher module in time intervals, the problem of resource idling of the cipher module in a scene of multiple data sources is solved, and the safety of cipher processing is improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing system, a method, an apparatus, and a medium.
Background
In general, a plurality of cryptographic modules are set in a multi-data source scenario, so that one cryptographic module is used for one data source. However, since each data source does not continuously send data, some cryptographic modules are idle, and thus the hardware cryptographic modules are idle.
Therefore, how to solve the problem of resource idling of the cryptographic module in the multi-data source scenario is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a data processing system, method, device and medium for solving the problem of resource idling of a cryptographic module in a multi-data source scenario, which comprises the following specific schemes:
in a first aspect, the present invention provides a data processing method, including:
reading a data set from a plurality of buffers enabled by a read operation respectively to obtain a plurality of data sets; each buffer is used for buffering a data group sent by one path of data source;
if the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers;
and calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
Optionally, before reading one data set from each of the plurality of buffers enabled by the read operation, the method further includes:
detecting a channel switch of each path of data source;
if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source;
all read-enabled buffers are recorded.
Optionally, the determining the processing sequence of the plurality of data sets according to the remaining space sizes of the plurality of buffers includes:
determining the order from small to large of the remaining spaces of the plurality of buffers;
and correspondingly determining the processing sequence according to the order from small to large.
Optionally, the calculating the random parameters according to the processing sequence and using the same cryptographic module to process each data set and the corresponding random parameters according to time intervals includes:
selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to the processing sequence in time intervals;
if the transmission time of any downstream transmission path is reached, the corresponding data set is transmitted to a calculation module on the current downstream transmission path through the current downstream transmission path, so that the calculation module calculates corresponding random parameters according to the current data set, and transmits the random parameters and the current data set to the password module connected with different downstream transmission paths.
Optionally, the method further comprises:
if the data amounts of the data sets are not equal, determining the processing sequence of the data sets according to the data amounts of the data sets, and executing the steps of calculating random parameters according to each data set according to the processing sequence and processing each data set and the corresponding random parameters by using the same cryptographic module in time intervals.
Optionally, the determining the processing sequence of the plurality of data sets according to the data size of the plurality of data sets includes:
determining the order of the data volume of the plurality of data groups from large to small;
and determining the order from large to small as the processing order of the plurality of data groups.
Optionally, calculating the random parameter from each data set includes: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or determining the length of the previous data group sent by the data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of the accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
Optionally, the method further comprises:
and responding to the operation of opening or closing the channel switch of any data source, and opening or closing the channel switch of the corresponding data source.
Optionally, the method further comprises:
if no data is transmitted to any data source, the channel switch of the data source is closed.
Optionally, the method further comprises:
and if the password module is detected to be in an idle state, enabling the password module to sleep.
In a second aspect, the present invention provides a data processing apparatus comprising:
the reading module is used for respectively reading one data set from a plurality of buffers enabled by reading operation to obtain a plurality of data sets; each buffer is used for buffering a data group sent by one path of data source;
the arbitration module is used for determining the processing sequence of the plurality of data groups according to the residual space sizes of the plurality of buffers if the data amounts of the plurality of data groups are equal;
and the processing module is used for calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same password module in time intervals.
Optionally, the method further comprises:
the path detection module is used for detecting the channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; all read-enabled buffers are recorded.
Optionally, the arbitration module is specifically configured to:
determining the order from small to large of the remaining spaces of the plurality of buffers;
and correspondingly determining the processing sequence according to the order from small to large.
Optionally, the processing module is specifically configured to:
selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to the processing sequence in time intervals;
if the transmission time of any downstream transmission path is reached, the corresponding data set is transmitted to a calculation module on the current downstream transmission path through the current downstream transmission path, so that the calculation module calculates corresponding random parameters according to the current data set, and transmits the random parameters and the current data set to the password module connected with different downstream transmission paths.
Optionally, the arbitration module is further configured to: if the data amounts of the data sets are not equal, determining the processing sequence of the data sets according to the data amounts of the data sets, and executing the steps of calculating random parameters according to each data set according to the processing sequence and processing each data set and the corresponding random parameters by using the same cryptographic module in time intervals.
Optionally, the arbitration module is specifically configured to: determining the order of the data volume of the plurality of data groups from large to small; and determining the order from large to small as the processing order of the plurality of data groups.
Optionally, the processing module is specifically configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or determining the length of the previous data group sent by the data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of the accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
Optionally, the method further comprises:
and the operation module is used for responding to the operation of opening or closing the channel switch of any data source and opening or closing the channel switch of the corresponding data source.
Optionally, the operation module is further configured to: if no data is transmitted to any data source, the channel switch of the data source is closed.
Optionally, the method further comprises:
and the cipher module controller is used for enabling the cipher module to sleep if the cipher module is detected to be in an idle state.
In a third aspect, the present invention provides a data processing system, including a multi-way data source and a cryptographic processor disposed in a BMC;
the cryptographic processor includes: the system comprises a routing end, a plurality of buffers and at least one cryptographic module; each data source is connected with the routing end through a buffer; wherein each buffer is used for: caching a data group sent by one path of data source; the routing end is connected with the same cryptographic module through at least two downstream transmission paths;
the routing end is used for: respectively reading data from the enabled plurality of buffers to obtain a plurality of data sets; if the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers; and calculating random parameters for each data group on different downstream transmission paths according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
Optionally, a channel switch is arranged between any buffer and the routing end;
Accordingly, the routing end is configured to: detecting a channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; recording all read operation enabled registers;
accordingly, the routing end is configured to: responding to the operation of opening or closing the channel switch of any data source, and opening or closing the channel switch of the corresponding data source;
accordingly, the routing end is configured to: if no data is transmitted to any data source, the channel switch of the data source is closed.
Optionally, the routing end is also connected with any password module through a monitoring module;
accordingly, the monitoring module is used for: detecting whether the connected cryptographic module is in an idle state; if the connected cryptographic module is detected to be in an idle state, the connected cryptographic module is dormant.
Optionally, the routing end has a plurality of routing ends.
Optionally, a calculation module is arranged on each downstream transmission path;
accordingly, the routing end is configured to: selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to the processing sequence in time intervals;
Accordingly, the computing module on each downstream transmission path is configured to: and calculating corresponding random parameters according to the data set transmitted on the current downstream transmission path, and transmitting the random parameters and the current data set to a cryptographic module connected with the current downstream transmission path.
Optionally, the computing module on each downstream transmission path is configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or a calculation module on each downstream transmission path for: determining the length of a previous data group sent by a data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of the accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
Optionally, each data source is configured to: intermittently transmitting the data set; the data set is an image data stream or a file stream.
Optionally, the routing end is further configured to: adding data source information for transmitting the image data stream for a starting image frame according to a frame starting mark in the image data stream; or the routing end is further configured to: and adding data source information for transmitting the first file to the first file transmitted by the current transmission operation according to the start mark of the transmission operation.
Optionally, the cryptographic module includes: at least two parameter buffer layers and at least two register layers corresponding to each downstream transmission path; a bit reorganization layer; a function layer and an output layer;
each parameter cache layer is connected with a register layer, all register layers are connected with the bit reorganization layer, the register layers are connected with the function layer, and the function layer is connected with the output layer;
accordingly, the parameter cache layer is configured to: caching at least one data set and corresponding random parameters;
the register layer is used for: calculating a target number of key parameters according to one input data set and corresponding random parameters; the target number is the number of registers included in the single register layer;
the bit reorganization layer is used for: bit reorganization is carried out on the key parameters of the target number;
the function layer is used for: processing the result of bit reorganization;
the output layer is used for: and outputting the processing result of the current data set.
Optionally, the routing end further includes: an arbitration module;
correspondingly, the arbitration module is used for determining the sequence from small to large of the residual spaces of the plurality of buffers; and correspondingly determining the processing sequence according to the order from small to large.
Optionally, the routing end is configured to: if the data amounts of the data sets are unequal, determining the processing sequence of the data sets according to the data amounts of the data sets, calculating random parameters for each data set on different downstream transmission paths according to the processing sequence, and processing each data set and corresponding random parameters by using the same password module in time intervals.
Optionally, the routing end further includes: an arbitration module;
correspondingly, the arbitration module is used for determining the order of the data quantity of the plurality of data groups from large to small; and determining the order from large to small as the processing order of the plurality of data groups.
Optionally, any path of data source is connected with the corresponding buffer through a PCIe interface, an EMAC network interface, a VGA interface, an HMDI interface and/or a DP interface.
Optionally, the cryptographic module is connected with the server through a PCIe interface, an EMAC network interface, a VGA interface, an HMDI interface and/or a DP interface;
correspondingly, the cryptographic module is used for sending the processing result to the server through a PCIe interface, an EMAC network interface, a VGA interface, an HMDI interface and/or a DP interface.
In a fourth aspect, the present invention provides an electronic device, comprising:
A memory for storing a computer program;
and a processor for executing the computer program to implement the previously disclosed data processing method.
In a fifth aspect, the present invention provides a readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the previously disclosed data processing method.
According to the scheme, the invention provides a data processing system, which comprises multiple data sources and a password processor arranged in a BMC; the cryptographic processor includes: the system comprises a routing end, a plurality of buffers and at least one cryptographic module; each data source is connected with the routing end through a buffer; wherein each buffer is used for: caching a data group sent by one path of data source; the routing end is connected with the same cryptographic module through at least two downstream transmission paths; the routing end is used for: respectively reading data from the enabled plurality of buffers to obtain a plurality of data sets; if the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers; and calculating random parameters for each data group on different downstream transmission paths according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
The beneficial effects of the invention are as follows: enabling the multipath data sources to correspond to corresponding buffers, and enabling each buffer to buffer data sent by the corresponding data source for reading; when the data quantity of a plurality of data groups of the multipath data source read by the routing end is equal, determining the processing sequence of the plurality of data groups according to the residual space of the plurality of buffers, calculating random parameters according to each data group according to the processing sequence, and processing each data group and corresponding random parameters by using the same cryptographic module in time intervals. Therefore, the random parameters used by the cipher module each time can be determined based on the transmitted data, the security of cipher processing is improved, the routing end is connected with the same cipher module through at least two downstream transmission paths, different data sources can be used for multiplexing the same cipher module in a time-sharing mode, the utilization rate of the cipher module is improved, and the problem of resource idling of the cipher module under a multi-data source scene is solved. And each data source is correspondingly provided with a buffer, so that data sent by any data source can be temporarily buffered, feasibility support is provided for time-division multiplexing of the cryptographic module, and even if data is continuously sent by a certain data source, the data can be buffered first, so that data loss or congestion cannot occur.
Correspondingly, the data processing device, the system, the equipment and the medium provided by the invention also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a data processing method disclosed by the invention;
FIG. 2 is a schematic diagram of a data processing apparatus according to the present disclosure;
FIG. 3 is a schematic diagram of a data processing system according to the present disclosure;
FIG. 4 is a schematic diagram of a cryptographic module according to the present disclosure;
FIG. 5 is a schematic diagram of another data processing system of the present disclosure;
FIG. 6 is a schematic diagram of a ZUC cryptographic module disclosed in the present invention;
FIG. 7 is a schematic diagram of an electronic device according to the present disclosure;
FIG. 8 is a diagram of a server according to the present invention;
fig. 9 is a diagram of a terminal structure according to the present invention;
FIG. 10 is a schematic diagram of yet another data processing system of the present disclosure.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
At present, a plurality of cryptographic modules are arranged in a multi-data source scene, so that one cryptographic module is used for one data source. However, since each data source does not continuously send data, some cryptographic modules are idle, and thus the hardware cryptographic modules are idle. Therefore, the invention provides a data processing scheme, which can lead different data sources to multiplex the same cryptographic module in a time-sharing way, improves the utilization rate of the cryptographic module, and solves the problem of resource idling of the cryptographic module in a multi-data source scene; and the security of the password processing is improved, and data sent by any data source can be temporarily cached, so that data loss or congestion is avoided.
Referring to fig. 1, an embodiment of the present invention discloses a data processing method, including:
s101, respectively reading one data set from a plurality of buffers enabled by a read operation to obtain a plurality of data sets; each buffer is used for buffering a data group sent by one path of data source.
In this embodiment, if the data source transmits image data, one data group may be one line of data in one frame of image; if the data source sends a stream of files, one data set may be a single file.
The embodiment can flexibly perform the enabling and disabling of the reading operation on each buffer. In one embodiment, before reading one data set from each of the plurality of buffers enabled by the read operation, the method further comprises: detecting a channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; all read-enabled buffers are recorded.
S102, if the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers.
In one embodiment, determining the order of processing the plurality of data sets according to the remaining space size of the plurality of buffers includes: determining the sequence from small to large of the residual spaces of the plurality of buffers; the processing order is determined according to the order from small to large. For example: the order of the sizes of the remaining spaces of the 3 buffers from small to large is as follows: buffer 1, buffer 3, buffer 2; the processing order of the 3 data sets read out from the 3 buffers is then: a data set 1 read from a buffer 1, a data set 3 read from a buffer 3, a data set 2 read from a buffer 2.
S103, calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
In one embodiment, calculating random parameters from each data set in processing order and processing each data set and corresponding random parameters using the same cryptographic module in time slots includes: selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to a processing sequence in time intervals; if the transmission time of any downstream transmission path is reached, the corresponding data set is transmitted to the calculation module on the current downstream transmission path through the current downstream transmission path, so that the calculation module calculates corresponding random parameters according to the current data set, and transmits the random parameters and the current data set to the password modules connected with different downstream transmission paths. The cryptographic module may encrypt or decrypt data.
In one embodiment, if the data amounts of the plurality of data sets are not equal, determining a processing order of the plurality of data sets according to the data amounts of the plurality of data sets, and executing the steps of calculating random parameters according to each data set according to the processing order, and processing each data set and the corresponding random parameters by using the same cryptographic module in time intervals. Wherein determining the processing order of the plurality of data sets according to the data size of the plurality of data sets comprises: determining the order of the data quantity of the plurality of data groups from large to small; the order from large to small is determined as the processing order of the plurality of data groups. For example: the order of the data volume of the 3 data groups from large to small is as follows: data group 3, data group 2, data group 1; the processing order of the 3 data sets is then: data group 3, data group 2, data group 1.
In one example, calculating the random parameters from each data set includes: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or determining the length of the previous data group sent by the data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number. Therefore, random parameters can be changed in real time, and the data security is improved.
In this embodiment, the cryptographic module may calculate a KEY from the initial KEY and the initial vector IV (i.e., random parameters), and may encrypt or decrypt data using the KEY. For example: the ZUC (ZUC) cipher module takes the initial KEY of 128-bit and the initial vector IV of 128-bit as input, outputs the KEY with 32-bit width, and the KEY can be used to encrypt and decrypt digital information. Wherein the initial vector IV is typically changed in real time in an incremental manner, thereby making the key value different each time. The IV for each change is called nonces and represents a value that is used only once at a time. It can be seen that the random parameters can also be changed in real time in an incremental manner.
In one embodiment, the method further comprises: and responding to the operation of opening or closing the channel switch of any data source, and opening or closing the channel switch of the corresponding data source. If no data is transmitted to any data source, the channel switch of the data source is closed. If the cryptographic module is detected to be in an idle state, the cryptographic module is dormant. Wherein the operation of the channel switch to turn on or off any data source may be externally input by the user.
For a more specific working procedure of each step in this embodiment, reference may be made to fig. 10 and the related description of other embodiments later. Therefore, in this embodiment, the multiple data sources are correspondingly provided with corresponding buffers, and each buffer buffers the data sent by the corresponding data source for reading; when the data quantity of the plurality of data groups of the read multi-path data source is equal, determining the processing sequence of the plurality of data groups according to the residual space of the plurality of buffers, calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same password module according to time intervals. Therefore, the random parameters used by the cipher module each time can be determined based on the transmitted data, the security of cipher processing is improved, different data sources can multiplex the same cipher module in a time-sharing mode, the utilization rate of the cipher module is improved, and the problem of resource idling of the cipher module in a multi-data source scene is solved. And each data source is also correspondingly provided with a buffer memory, so that data sent by any data source can be temporarily buffered, feasibility support is provided for time-division multiplexing of the cryptographic module, and even if data is continuously sent by a certain data source, the data can be buffered first, so that data loss or congestion cannot occur.
A data processing apparatus according to an embodiment of the present invention is described below, and a data processing apparatus described below and other embodiments described herein may be referred to with reference to each other.
Referring to fig. 2, an embodiment of the present invention discloses a data processing apparatus, including:
a reading module 201, configured to read one data set from a plurality of buffers enabled by a read operation, respectively, to obtain a plurality of data sets; each buffer is used for buffering a data group sent by one path of data source;
an arbitration module 202, configured to determine a processing order of the plurality of data sets according to a remaining space size of the plurality of buffers if the data amounts of the plurality of data sets are equal;
the processing module 203 is configured to calculate a random parameter according to each data set according to a processing sequence, and process each data set and the corresponding random parameter by using the same cryptographic module in a time interval.
In one embodiment, the method further comprises: the path detection module is used for detecting the channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; all read-enabled buffers are recorded.
In one embodiment, the arbitration module is specifically configured to: determining the sequence from small to large of the residual spaces of the plurality of buffers; the processing order is determined according to the order from small to large.
In one embodiment, the processing module is specifically configured to: selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to a processing sequence in time intervals; if the transmission time of any downstream transmission path is reached, the corresponding data set is transmitted to the calculation module on the current downstream transmission path through the current downstream transmission path, so that the calculation module calculates corresponding random parameters according to the current data set, and transmits the random parameters and the current data set to the password modules connected with different downstream transmission paths.
In one embodiment, the arbitration module is further to: if the data amounts of the plurality of data groups are not equal, determining the processing sequence of the plurality of data groups according to the data amounts of the plurality of data groups, executing the steps of calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
In one embodiment, the arbitration module is specifically configured to: determining the order of the data quantity of the plurality of data groups from large to small; the order from large to small is determined as the processing order of the plurality of data groups.
In one embodiment, the processing module is specifically configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or determining the length of the previous data group sent by the data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
In one embodiment, the method further comprises: and the operation module is used for responding to the operation of opening or closing the channel switch of any data source and opening or closing the channel switch of the corresponding data source.
In one embodiment, the operation module is further configured to: if no data is transmitted to any data source, the channel switch of the data source is closed.
In one embodiment, the method further comprises: and the cipher module controller is used for enabling the cipher module to sleep if the cipher module is detected to be in an idle state.
The more specific working process of each module and unit in this embodiment may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
Therefore, the embodiment provides a data processing device, which can enable different data sources to multiplex the same cryptographic module in a time-sharing manner, improve the utilization rate of the cryptographic module, and solve the problem of resource idling of the cryptographic module in a multi-data source scene; and the security of the password processing is improved, and data sent by any data source can be temporarily cached, so that data loss or congestion is avoided.
A data processing system according to embodiments of the present invention is described below, and reference may be made to other embodiments described herein.
Referring to FIG. 3, an embodiment of the present invention discloses a data processing system including multiple data sources and a cryptographic processor disposed in a BMC (Baseboard Management Controller ); the cryptographic processor includes: the system comprises a routing end, a plurality of buffers and at least one cryptographic module; each data source is connected with a routing end through a buffer; wherein each buffer is used for: caching a data group sent by one path of data source; the routing end is connected with the same cryptographic module through at least two downstream transmission paths.
The routing end is used for: respectively reading data from the enabled plurality of buffers to obtain a plurality of data sets; if the data amounts of the data sets are equal, determining the processing sequence of the data sets according to the residual space sizes of the plurality of buffers; and calculating random parameters for each data group on different downstream transmission paths according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
In one embodiment, a channel switch is arranged between any buffer and the routing end; accordingly, the routing end is configured to: detecting a channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; recording all read operation enabled registers; accordingly, the routing end is configured to: responding to the operation of opening or closing the channel switch of any data source, and opening or closing the channel switch of the corresponding data source; accordingly, the routing end is configured to: if no data is transmitted to any data source, the channel switch of the data source is closed.
In one embodiment, the routing end is further connected to at least one cryptographic module through a monitoring module; accordingly, the monitoring module is used for: detecting whether the connected cryptographic module is in an idle state; if the connected cryptographic module is detected to be in an idle state, the connected cryptographic module is dormant.
In one embodiment, there are multiple routing ends. As shown in fig. 5, two identical routing terminals are provided.
In one embodiment, a calculation module is arranged on each downstream transmission path; accordingly, the routing end is configured to: selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to a processing sequence in time intervals; accordingly, the computing module on each downstream transmission path is configured to: and calculating corresponding random parameters according to the data set transmitted on the current downstream transmission path, and transmitting the random parameters and the current data set to a cryptographic module connected with the current downstream transmission path.
In one embodiment, the computing module on each downstream transmission path is configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; determining the length as a random parameter of the current data set; or a calculation module on each downstream transmission path for: determining the length of a previous data group sent by a data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
In one embodiment, each data source is configured to: intermittently transmitting the data set; the data set is an image data stream or a file stream. Correspondingly, the routing end is further configured to: adding data source information for transmitting the image data stream for a starting image frame according to a frame starting mark in the image data stream; or the routing end is further used for: and adding data source information for transmitting the first file to the first file transmitted by the current transmission operation according to the start mark of the transmission operation.
Referring to fig. 4, the cryptographic module includes: at least two parameter buffer layers and at least two register layers corresponding to each downstream transmission path; a bit reorganization layer; a function layer and an output layer; each parameter cache layer is connected with one register layer, all register layers are connected with a bit reorganization layer, the register layers are connected with a function layer, and the function layer is connected with an output layer; accordingly, the parameter cache layer is configured to: caching at least one data set and corresponding random parameters; the register layer is used for: calculating a target number of key parameters according to one input data set and corresponding random parameters; the target number is the number of registers included in the register layer; the bit reorganization layer is used for: bit reorganization is carried out on the key parameters of the target number; the function layer is used for: processing the result of bit reorganization; the output layer is used for: and outputting the processing result of the current data set. The cryptographic module may in particular be a ZUC cryptographic module.
In one embodiment, the routing end further includes: an arbitration module; correspondingly, the arbitration module is used for determining the sequence from small to large of the residual spaces of the plurality of buffers; the processing order is determined according to the order from small to large.
In one embodiment, the routing end is configured to: if the data amounts of the data sets are unequal, determining the processing sequence of the data sets according to the data amounts of the data sets, calculating random parameters for each data set on different downstream transmission paths according to the processing sequence, and processing each data set and corresponding random parameters by using the same cryptographic module in time intervals.
In one embodiment, the routing end further includes: an arbitration module; accordingly, the arbitration module is used for determining the order of the data quantity of the plurality of data groups from large to small; the order from large to small is determined as the processing order of the plurality of data groups.
In one embodiment, any of the data sources is connected to the corresponding buffers via PCIe (Peripheral Component Interconnect express, a high speed serial computer expansion bus standard) interface, EMAC (Ethernet Media Access Controller ) network interface, VGA (Video Graphics Array, a computer Display standard using analog signals) interface, HMDI (High Definition Multimedia Interface ) interface, and/or DP (Display Port, a digital video interface standard) interface.
In one embodiment, the cryptographic module is connected to the server via a PCIe interface, EMAC network interface, VGA interface, HMDI interface, and/or DP interface; correspondingly, the cryptographic module is used for sending the processing result to the server through the PCIe interface, the EMAC network interface, the VGA interface, the HMDI interface and/or the DP interface.
Therefore, the cryptographic processor provided in this embodiment is disposed in the BMC, so that the server and/or the external device may be used as a data source. In one example, the cryptographic processor may receive encoded video information on the server host side over a PCIe interface; and/or receiving the encoded video information at the server host side via the EMAC network interface; and/or uncoded video information collected via a local interface (e.g., VGA interface, HMDI interface, DP interface, etc.). Correspondingly, after the cryptographic module obtains a processing result, the processed coded video information and the keyboard and mouse information are sent to a server together through a PCIe interface; and/or delivering the processed encoded video information to other devices via an EMAC network interface, such as: transmitting to a PC end for decoding and displaying; and/or outputting the processed uncoded video information to a server for display through a local interface. As can be seen, the processing results include: encoded video information, processed encoded video information, and/or processed unencoded video information.
The more specific working process of each module and unit in this embodiment may refer to the corresponding content disclosed in the foregoing embodiment, and will not be described herein.
Therefore, the embodiment provides a data processing system, which can enable different data sources to multiplex the same cryptographic module in a time-sharing manner, improve the utilization rate of the cryptographic module, and solve the problem of resource idling of the cryptographic module in a multi-data source scene; and the security of the password processing is improved, and data sent by any data source can be temporarily cached, so that data loss or congestion is avoided.
Referring to FIG. 5, another data processing system includes: each data source is connected with one buffer, and the 4 buffers are connected with a routing device in the password processor; the routing device comprises two identical routing terminals, and a single routing terminal can perform arbitration judgment and routing on 2 routes in 4 routes of data sources, for example: the routing terminal 1 is configured to perform arbitration judgment and routing on the data source 1 and the data source 2; the router 2 is configured to arbitrate and route the data source 3 and the data source 4. A routing end is used for judging and routing which data source can be flexibly configured in an arbitration module in the routing end. Such as: the mark of the relevant data source is recorded in an arbitration module in the routing end to complete the configuration.
The single routing end comprises: the system comprises an arbitration module, a routing module and a monitoring module; the arbitration module is connected with the data input interface and can select input data; the monitoring module is connected with the ZUC cipher module, the routing module is also connected with the ZUC cipher module through two downstream transmission paths, and each downstream transmission path is provided with a calculation module. The routing module may be connected to the same ZUC cryptographic module through more or fewer downstream transmission paths provided with calculation modules. Of course, there may be more or fewer routing terminals in the routing device, the composition structure of each routing terminal may be different, and the cryptographic modules used may also be different.
In fig. 5, data source 1 and data source 3 are used to input the encoded image data stream; the data sources 2 and 4 are used to input an uncoded stream of bare code image data. Wherein the bandwidth T_E of the encoded image data stream is smaller, the bandwidth T_R of the unencoded image data stream is larger, and T_E is smaller than T_R. The cryptographic module shown in fig. 5 is a ZUC cryptographic module, the total bandwidth of the processed data is denoted as t_ ZUC, and when the hardware structure of the ZUC module is determined, t_ ZUC is a fixed value.
As the ZUC encryption algorithm can carry out pipeline output in real time, the input and output bandwidths are the same. The data transmission mode of the encoded image data stream or the unencoded image data stream is burst transmission, that is, transmission is stopped temporarily after a piece of data is continuously transmitted, and then a piece of data is continuously transmitted and stopped. This is determined by the standard format and coding scheme of the video information. Typically, an uncoded image data stream is paused after transmitting one line of data for one image frame, after which the next line of data for that image frame is transmitted, and so on. The encoded image data stream is paused after transmitting a segment of encoded characters, and then the next encoded character is transmitted, and so on. If each data source transmits data in burst mode, the subsequent cipher modules will have idle time from time to time, so that each data source can multiplex the same cipher module in time sharing, thereby improving the utilization rate of the cipher module and solving the problem of resource idling of the cipher module in the multi-data source scene. For this reason, in this embodiment, a buffer is provided after each data source, so as to buffer the data sent by the data source in sequence according to the fifo queue.
In the actual use process, according to the relationship between the ZUC encryption bandwidth and the image bandwidth, there are generally the following 2 cases: t_ ZUC >2×t_r, i.e., the encryption processing capability of ZUC can process more than 2 paths of bare code data streams; the encryption processing capability of 2×t_r > t_ ZUC > t_r+t_e, i.e., ZUC, can process 1-way bare code data stream and 1-way encoded data stream.
In the arbitration module shown in fig. 5, the access switches of the data sources of different paths can be turned on and off according to real-time use requirements, so that the access switches can be configured. It should be noted that the system shown in fig. 5 may be implemented in a Soc chip.
When the ZUC encryption bandwidth and the image bandwidth are the case of "2×t_r > t_ ZUC > t_r+t_e", if the 4 data streams are all in the on state, the first two data are transmitted to the router 1, and the second two data are transmitted to the router 2. If all 2 paths of bare data streams are in an on state and all 2 paths of coded data streams are off or only one path of coded data streams is on, the bare data stream RAW-0 sent by the data source 2 is transmitted to the routing end 1, the bare data stream RAW-1 sent by the data source 4 is transmitted to the routing end 2, and the opened coded data stream can be transmitted to the routing end 1 or the routing end 2. If only 1 bare data stream is on and 1 coded data stream is on, then the two data streams are passed to either router 1 or router 2. If there is 1 path of bare data flow open state and 2 paths of coded data flow open, then the open bare data flow is transferred to the router 1, and the two paths of coded data are transferred to the router 2. If the bare data stream is totally closed, only one or 2 encoded data streams are transmitted to the routing end 1 or the routing end 2.
When the ZUC encryption bandwidth and the image bandwidth are "t_ ZUC >2×t_r", the processing manner is basically the same as that described above, and only when the 2-way bare data stream is opened and the 2-way encoded data stream is closed, the 2-way bare data stream is transferred to the router 1.
The arbitration module arbitrates when 2 paths of data are transmitted to the rear-stage encryption module at the same time, so that the 2 paths of data can be transmitted to the rear-stage encryption module. In the arbitration here, a method of fixed priority and front-level buffer storage space judgment is used. Specifically, when data is cached in the 2-way buffer, firstly judging according to the data source type, if one way of the 2-way data is the bare code and the other way is the coded data, at the moment, preferentially transmitting the bare code to the later stage so as to prevent the bare code with large data quantity from occupying the buffer; if the two paths of data sources are the same in type, judging the residual buffer space of the front-stage buffer, preferentially transmitting the data paths with less residual buffer space to the rear-stage buffer, and emptying the buffer in time. When only 1-way buffer is buffered with data, the data is transferred to the subsequent stage.
The data arrives at the routing module, where the unit adds data source information and frame header tag information sof at the frame start position of the original image data to indicate from which data source the data comes, and determines the start image frame.
The monitoring module is capable of monitoring the ZUC encryption module. If no data is transmitted in the routing module for a long time (generally 1 s), no data source is considered to be input to the current routing end at the moment, and a clock gating switch GATE_en of the ZUC encryption module is opened at the moment to close the clock of the ZUC encryption module, so that the ZUC encryption module enters a low-power consumption state, and therefore the ZUC encryption module runs with low power consumption when not used.
In this embodiment, each routing end processes 2 original data sources at most, so two downstream transmission paths are set, and each downstream transmission path designs 1 calculation module to perform frame length calculation. After the routing module has added the frame header sof mark and the data source information to the image data, the calculating module can calculate the length of the data frame according to the frame header sof mark and the data source information, when the sof is detected, the value calculated by the calculating module is given to the nonces, the nonces are the length of the image data of the last frame of the same data source, and after the value is given, the frame length count cnt_frame is cleared so as to calculate the data length of the frame. The calculation module may accumulate the number of frames sent by a single data source or the accumulated number of frames of all data sources.
The ZUC encryption module in fig. 5 can implement alternate encryption of 2 paths of data, thereby improving overall computing efficiency. As shown in fig. 6, the ZUC encryption module may specifically include: 2S parameter buffers, 2 LFSR (Linear Feedback Shift Register) linear feedback shift register layers, BR bit recombination layers, F nonlinear function layers and the like, can only encrypt one continuous path of data at a time, but can alternatively calculate two paths of data. The specific calculation process comprises the following steps: in the initialization operation stage, a key loading process is started first, and in the process, the values subjected to key expansion are used to complete the loading work of assignment of 16 register units S0-S15 in the LFSR layer. Where si=ki|||di||ivi, the term "connection" means a concatenation or concatenation of characters, where ki is a portion of the initial key, IVi is a part of the nonces, di is a constant corresponding to the register unit i, i=0, 1, …,15. The initial key is divided into 16 shares, and the nonces are also divided into 16 shares, each register unit corresponding to a constant and the constant values of the different register units being different. For one input, the F nonlinear function layer needs to perform 32 iterative operations to output the final ciphertext, and each iteration uses the result output from the previous iteration as the input.
After the ZUC encryption module is reset or is just powered on, 2 groups of LFSRs sequentially perform initialization phase operation, and the initial steps use a specific value or directly use a value of 0, and because the subsequent steps are the data length of the previous frame, only the first frame is a fixed value, and the safety is not influenced for continuous data streams. After all 2 sets of LFSRs are initialized, the data source to be encrypted starts to be received at this time. When one path of data is input, the calculation LFSR, BR, F is started in sequence and the key stream is output, the LFSR of the data of the other path is kept still, and the S parameter is stored in the S parameter buffer. When the input source is switched, for example, when the input source 1 is switched to the input source 2, the current S parameter of the input source 1 is first stored in the S parameter buffer, the current S parameter of the source 2 is read out from the corresponding S parameter buffer and written in the LFSR-1, then the data of the source 2 is read in, the sequential computation LFSR, BR, F is started and the key stream is output, and the LFSR corresponding to the input source 0 is kept still in the process. When the image frame of one input source is completely encrypted, and a new frame of data is started, updating the nonces, initializing to update a new set of S parameters, and performing 32 rounds of iterative operation. In the process, the data of the other path of source can not be subjected to encryption operation, and the current nonces can not be updated so as to perform initialization operation until the LFSR corresponding to the current input source completes the initialization operation. After the initialization operation is completed, the encryption calculation may be started. Therefore, the same encryption module can be reused, the number of the encryption modules in the chip is reduced, the area and the power consumption of the chip are further reduced, and the safety of the ZUC encryption algorithm is improved.
Therefore, the multi-path data encryption processing architecture provided by the embodiment can arbitrate and route multi-path data, improves the transmission processing efficiency of data streams, reduces the number of encryption modules, and improves the processing efficiency of each encryption module. And simultaneously, when the bandwidth of the data to be encrypted is low, the clocks of part of the encryption modules can be closed, so that the low-power-consumption operation of the encryption modules is realized. By optimizing the ZUC algorithm, the method realizes the nonces of the attached data, can alternately encrypt the two-way data, improves the safety and improves the encryption processing capacity.
An electronic device provided in the embodiments of the present invention is described below, and an electronic device described below may refer to other embodiments described herein.
Referring to fig. 7, an embodiment of the present invention discloses an electronic device, including:
a memory 701 for storing a computer program;
a processor 702 for executing the computer program to implement the method disclosed in any of the embodiments above.
Further, the embodiment of the invention also provides electronic equipment. The electronic device may be a server as shown in fig. 8 or a terminal as shown in fig. 9. Fig. 8 and 9 are each a block diagram of an electronic device according to an exemplary embodiment, and the contents of the drawings should not be construed as any limitation on the scope of use of the present invention.
Fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention. The server specifically may include: at least one processor, at least one memory, a power supply, a communication interface, an input-output interface, and a communication bus. Wherein the memory is configured to store a computer program that is loaded and executed by the processor to implement the relevant steps in the data processing disclosed in any of the foregoing embodiments.
In this embodiment, the power supply is configured to provide a working voltage for each hardware device on the server; the communication interface can create a data transmission channel between the server and external equipment, and the communication protocol to be followed by the communication interface is any communication protocol applicable to the technical scheme of the invention, and the communication protocol is not particularly limited; the input/output interface is used for acquiring external input data or outputting data to the external, and the specific interface type can be selected according to the specific application requirement, and is not limited in detail herein.
In addition, the memory may be a read-only memory, a random access memory, a magnetic disk, an optical disk, or the like as a carrier for storing resources, where the resources stored include an operating system, a computer program, data, and the like, and the storage mode may be transient storage or permanent storage.
The operating system is used for managing and controlling each hardware device and computer program on the Server to realize the operation and processing of the processor on the data in the memory, and the operation and processing can be Windows Server, netware, unix, linux and the like. The computer program may further comprise a computer program capable of being used to perform other specific tasks in addition to the computer program capable of being used to perform the data processing method disclosed in any of the embodiments described above. The data may include data such as information on a developer of the application program in addition to data such as update information of the application program.
Fig. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention, where the terminal may specifically include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like.
Generally, the terminal in this embodiment includes: a processor and a memory.
The processor may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array ). The processor may also include a main processor, which is a processor for processing data in an awake state, also called a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor may incorporate a GPU (Graphics Processing Unit, image processor) for rendering and rendering of content required to be displayed by the display screen. In some embodiments, the processor may also include an AI (Artificial Intelligence ) processor for processing computing operations related to machine learning.
The memory may include one or more computer-readable storage media, which may be non-transitory. The memory may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory is at least used to store a computer program, where the computer program, after being loaded and executed by the processor, can implement relevant steps in the data processing method performed by the terminal side disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory can also comprise an operating system, data and the like, and the storage mode can be short-term storage or permanent storage. The operating system may include Windows, unix, linux, among others. The data may include, but is not limited to, update information for the application.
In some embodiments, the terminal may further include a display screen, an input-output interface, a communication interface, a sensor, a power supply, and a communication bus.
Those skilled in the art will appreciate that the structure shown in fig. 9 is not limiting of the terminal and may include more or fewer components than shown.
A readable storage medium provided by embodiments of the present invention is described below, and the readable storage medium described below may be referred to with respect to other embodiments described herein.
A readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the data processing method disclosed in the foregoing embodiments. The readable storage medium is a computer readable storage medium, and can be used as a carrier for storing resources, such as read-only memory, random access memory, magnetic disk or optical disk, wherein the resources stored on the readable storage medium comprise an operating system, a computer program, data and the like, and the storage mode can be transient storage or permanent storage.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (21)
1. A data processing system comprising a plurality of data sources and a cryptographic processor disposed in a baseboard management controller;
the cryptographic processor includes: the system comprises a routing end, a plurality of buffers and at least one cryptographic module; each data source is connected with the routing end through a buffer; wherein each buffer is used for: caching a data group sent by one path of data source; the routing end is connected with the same cryptographic module through at least two downstream transmission paths;
the routing end is used for: respectively reading data from the enabled plurality of buffers to obtain a plurality of data sets; if the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers; and calculating random parameters for each data group on different downstream transmission paths according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
2. The system of claim 1, wherein a channel switch is provided between any buffer and the routing end;
accordingly, the routing end is configured to: detecting a channel switch of each path of data source; if the channel switch of any path of data source is opened, enabling the read operation of the buffer of the path of data source; otherwise, disabling the read operation of the buffer of the way data source; all read-enabled buffers are recorded.
3. The system of claim 2, wherein the routing side is configured to: and responding to the operation of opening or closing the channel switch of any data source, and opening or closing the channel switch of the corresponding data source.
4. The system of claim 2, wherein the routing side is configured to: if no data is transmitted to any data source, the channel switch of the data source is closed.
5. The system of claim 1, wherein the routing end is further connected to any cryptographic module through a monitoring module;
accordingly, the monitoring module is used for: detecting whether the connected cryptographic module is in an idle state; if the connected cryptographic module is detected to be in an idle state, the connected cryptographic module is dormant.
6. The system of claim 1, wherein there are a plurality of said routing endpoints.
7. The system of claim 1, wherein a calculation module is provided on each downstream transmission path;
accordingly, the routing end is configured to: selecting a corresponding downstream transmission path for each data group, and enabling different downstream transmission paths to transmit different data groups according to the processing sequence in time intervals;
accordingly, the computing module on each downstream transmission path is configured to: and calculating corresponding random parameters according to the data set transmitted on the current downstream transmission path, and transmitting the random parameters and the current data set to a cryptographic module connected with the current downstream transmission path.
8. The system of claim 7, wherein the computing module on each downstream transmission path is configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; the length is determined as a random parameter of the current data set.
9. The system of claim 7, wherein the computing module on each downstream transmission path is configured to: determining the length of a previous data group sent by a data source to which the current data group belongs; generating random parameters of the current data group according to the length and the number of the accumulated data groups; the number of the accumulated data sets is as follows: accumulating the number of the data sets transmitted by the data sources to which the current data set belongs; or accumulating the number of the data groups transmitted by all the data sources; or the calculation module for calculating random parameters for the current data set accumulates the calculated data set number.
10. The system of claim 1, wherein each data source is configured to: intermittently transmitting the data set; the data set is an image data stream or a file stream.
11. The system of claim 10, wherein the routing peer is further configured to: and adding data source information for transmitting the image data stream for the initial image frame according to the frame initial mark in the image data stream.
12. The system of claim 10, wherein the routing peer is further configured to: and adding data source information for transmitting the first file to the first file transmitted by the current transmission operation according to the start mark of the transmission operation.
13. The system of any of claims 1 to 12, wherein any cryptographic module comprises: at least two parameter buffer layers and at least two register layers corresponding to each downstream transmission path; a bit reorganization layer; a function layer and an output layer;
each parameter cache layer is connected with a register layer, all register layers are connected with the bit reorganization layer, the register layers are connected with the function layer, and the function layer is connected with the output layer;
accordingly, the parameter cache layer is configured to: caching at least one data set and corresponding random parameters;
The register layer is used for: calculating a target number of key parameters according to one input data set and corresponding random parameters; the target number is the number of registers included in a single register layer;
the bit reorganization layer is used for: bit reorganization is carried out on the key parameters of the target number;
the function layer is used for: processing the result of bit reorganization;
the output layer is used for: and outputting the processing result of the current data set.
14. The system according to any one of claims 1 to 12, wherein the routing end further comprises: an arbitration module;
accordingly, the arbitration module is configured to: determining the order from small to large of the remaining spaces of the plurality of buffers; and correspondingly determining the processing sequence according to the order from small to large.
15. The system of claim 1, wherein the routing side is configured to: if the data amounts of the data sets are unequal, determining the processing sequence of the data sets according to the data amounts of the data sets, calculating random parameters for each data set on different downstream transmission paths according to the processing sequence, and processing each data set and corresponding random parameters by using the same cryptographic module in time intervals.
16. The system of claim 15, wherein the routing peer further comprises: an arbitration module;
accordingly, the arbitration module is configured to: determining the order of the data volume of the plurality of data groups from large to small; and determining the order from large to small as the processing order of the plurality of data groups.
17. The system according to any of claims 1 to 12, wherein any of the data sources is connected to the respective buffer via a PCIe interface, EMAC network interface, VGA interface, HMDI interface and/or DP interface.
18. The system according to any of claims 1 to 12, wherein any cryptographic module is connected to the server via a PCIe interface, EMAC network interface, VGA interface, HMDI interface and/or DP interface;
accordingly, any cryptographic module is to: and sending the processing result to the server through a PCIe interface, an EMAC network interface, a VGA interface, an HMDI interface and/or a DP interface.
19. A method of data processing, comprising:
reading a data set from a plurality of buffers enabled by a read operation respectively to obtain a plurality of data sets; each buffer is used for buffering a data group sent by one path of data source;
If the data amounts of the plurality of data sets are equal, determining the processing sequence of the plurality of data sets according to the residual space sizes of the plurality of buffers;
and calculating random parameters according to each data group according to the processing sequence, and processing each data group and the corresponding random parameters by using the same cryptographic module in time intervals.
20. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the method of claim 19.
21. A readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the method of claim 19.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311347482.3A CN117097457B (en) | 2023-10-18 | 2023-10-18 | Data processing system, method, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311347482.3A CN117097457B (en) | 2023-10-18 | 2023-10-18 | Data processing system, method, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117097457A CN117097457A (en) | 2023-11-21 |
| CN117097457B true CN117097457B (en) | 2024-02-09 |
Family
ID=88783630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311347482.3A Active CN117097457B (en) | 2023-10-18 | 2023-10-18 | Data processing system, method, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117097457B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224286A (en) * | 2015-09-15 | 2016-01-06 | 清华大学无锡应用技术研究院 | For the buffer storage of restructural cipher processor |
| CN108197502A (en) * | 2018-01-11 | 2018-06-22 | 苏州国芯科技有限公司 | A kind of SPI transmission methods, device, controller, encryption chip and communication equipment |
-
2023
- 2023-10-18 CN CN202311347482.3A patent/CN117097457B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224286A (en) * | 2015-09-15 | 2016-01-06 | 清华大学无锡应用技术研究院 | For the buffer storage of restructural cipher processor |
| CN108197502A (en) * | 2018-01-11 | 2018-06-22 | 苏州国芯科技有限公司 | A kind of SPI transmission methods, device, controller, encryption chip and communication equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117097457A (en) | 2023-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6389489B1 (en) | Data processing system having a fifo buffer with variable threshold value based on input and output data rates and data block size | |
| US8918646B2 (en) | Data processing apparatus | |
| JP2630813B2 (en) | Packet flow control method and apparatus | |
| CN102375797A (en) | Bus system and bridge circuit connecting bus system and connection apparatus | |
| CN102037453A (en) | Central DMA with arbitrary processing functions | |
| US20130251006A1 (en) | Data packet flow control across an asynchronous clock domain boundary | |
| CN103413094A (en) | Telemetering encryption system applicable to spacecraft CPU (central processing unit) | |
| CN116541320B (en) | Intelligent IO module bus communication method, IO module, terminal and medium | |
| CN115543882B (en) | Data forwarding device and data transmission method between buses with different bit widths | |
| CN112217630A (en) | Overhead reduction for link protection | |
| CN112698909A (en) | System, apparatus and method for communicating telemetry information via virtual bus encoding | |
| CN110248045A (en) | A kind of Cat maps image encryption method, decryption method and relevant apparatus | |
| CN117097457B (en) | Data processing system, method, equipment and medium | |
| CN117113442B (en) | Acceleration system of homomorphic encryption algorithm Paillier-oriented data path | |
| CN102331922B (en) | Data comparison apparatus, cache apparatus comprising it, and control method thereof | |
| US9594928B1 (en) | Multi-channel, multi-lane encryption circuitry and methods | |
| CN111181874A (en) | Message processing method, device and storage medium | |
| CN117033275A (en) | DMA method and device between acceleration cards, acceleration card, acceleration platform and medium | |
| CN109800872B (en) | Neuromorphic processor based on segmented multiplexing and parameter quantification sharing | |
| CN116204911A (en) | Encryption and decryption system, encryption and decryption control method, computer device and storage medium | |
| JP2003050788A (en) | Apparatus and method for distribution of signal from high level data link controller to multiple digital signal processor core | |
| CN113378194B (en) | Encryption and decryption operation acceleration method, system and storage medium | |
| US8645597B2 (en) | Memory block reclaiming judging apparatus and memory block managing system | |
| CN102364455B (en) | Balanced share control method and device for virtual central processing units (VCPUs) among cascaded multi-core central processing units (CPUs) | |
| US11386029B2 (en) | Direct memory access controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |