CN117472588A - Hybrid software architecture for network password equipment and password equipment - Google Patents
Hybrid software architecture for network password equipment and password equipment Download PDFInfo
- Publication number
- CN117472588A CN117472588A CN202311809953.8A CN202311809953A CN117472588A CN 117472588 A CN117472588 A CN 117472588A CN 202311809953 A CN202311809953 A CN 202311809953A CN 117472588 A CN117472588 A CN 117472588A
- Authority
- CN
- China
- Prior art keywords
- cpu core
- operating system
- password
- network
- slave
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 239000002184 metal Substances 0.000 claims abstract description 10
- 238000007726 management method Methods 0.000 claims description 27
- 230000004044 response Effects 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 13
- 230000007246 mechanism Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 7
- 238000013468 resource allocation Methods 0.000 claims description 4
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 230000009471 action Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000593 degrading effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000002054 transplantation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/165—Combined use of TCP and UDP protocols; selection criteria therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/544—Remote
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Multi Processors (AREA)
Abstract
A mixed software architecture for network cipher equipment and cipher equipment, belongs to the technical field of protecting computer, its component, program or data safety device for preventing unauthorized action, including: the hardware layer comprises: the system comprises a main CPU core, slave CPU cores, a password card or a password engine and a network port, wherein the main CPU core is communicated with each slave CPU core; the system layer includes: a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core; the application layer comprises: running on the general-purpose operating system is a device management program; running a cryptographic service on the lightweight operating system or bare metal system; the invention runs the program on the slave CPU core, and can greatly shorten the code execution time, improve the CPU utilization rate and greatly consider the convenience of developing and transplanting the traditional application software by reserving the main CPU core due to the adoption of a lightweight software architecture.
Description
Technical Field
The invention discloses a hybrid software architecture for network password equipment and the password equipment, belonging to the technical field of security devices for protecting computers, parts, programs or data of the computers and the parts, programs or data of the computers from unauthorized actions.
Background
The conventional network cryptographic devices include a server cryptographic machine, a signature verification server, a timestamp server, and the like, which are mostly based on general-purpose CPUs, such as Intel Xeon, to run general-purpose operating systems, such as Linux, windows, and hardware, such as a password card, is externally expanded to have a cryptographic operation capability, and is led out of a network port to have a capability of providing network cryptographic services, and is mostly equipped with a 1U or 2U server chassis shell.
The basic workflow of the network password device is: once a remote password service 'request' is received through the network, hardware such as a password card and the like is called locally to carry out password operation immediately, and then the operation result is returned to a caller through the network in a 'response' mode. The one-time 'request-response' process forms a complete remote call, the party initiating the request is called a client, the party responding is called a server, the network password equipment hardware and the software program running therein belong to the server, and the remote call interface and the application software calling the interface provided by the network password equipment hardware belong to the client. The network model architecture of the client and the server of the conventional network password equipment is shown in figure 1. The software of the server is generally based on a general operating system such as Linux, and the general operating system such as Linux is generally huge and complex, so that in a specific application, CPU resources can not be fully allocated to the specific application due to consideration of other resources, and the effective utilization rate of the CPU is low: for the network password equipment server, the received request and the sent response flow through the TCP/IP protocol stack of Linux, and a plurality of network functions related in the whole path are useless in the network password service, such as Traffic control, IP forward and the like; in addition, overhead of system-level hardware interrupt, overhead of system call, etc. may further reduce the effective utilization of the CPU.
For users, the purchasing cost of the conventional network password equipment is tens of thousands or hundreds of thousands, the running power consumption is hundreds of watts, the cost and the power consumption are always problems, and in the past, because the market demand is not vigorous, the equipment deployment amount is not too large, so that the cost and the power consumption of the equipment are not paid much attention to by the users. But with the rapid increase of the information security market demand in recent years, the deployment number of network password devices is about to be exploded, and the problems of cost and power consumption are about to become very prominent. In addition to the increasing number of devices, the increase in device performance can further exacerbate the cost and power consumption problems: the reason is that, with the complexity of the application scenario and the improvement of the overall network space security computing efficiency, the overall performance of the cryptographic device needs to be improved accordingly, however, under the software architecture of the traditional device, the CPU with stronger performance needs to be equipped for improving the overall performance, and the upgrade of the CPU inevitably leads to further increase of cost and power consumption. Therefore, it is an object of the present invention to solve the above-described problems.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses a hybrid software architecture for network password equipment.
The invention also discloses a working method of the hybrid software architecture.
The invention also discloses a password device loaded with the software architecture.
Summary of The Invention
The main reason for the above technical problems of the conventional network password device is that the software architecture of the server is based on a general-purpose operating system such as Linux, so even if a multi-core CPU is adopted, the symmetric multi-processing (SMP) software architecture determines that the CPU still cannot bypass massive Linux, and cannot exert enough performance for the specific function of "password service". In order to solve the technical problems, the invention splits the software of the server into the equipment management program and the password service program according to the function type and the performance requirements, wherein the management program has higher complexity but lower performance requirements, and the password service program has lower complexity but higher performance requirements. The management program with low performance requirement adopts a general operating system such as Linux and the like at the bottom layer of software and runs on the main CPU core; for the password service program with high performance requirement, the software bottom layer adopts a lightweight system such as RTOS and LwIP and a software component to run on the slave CPU core, thus forming the hybrid software architecture of the invention. The program running on the slave CPU core adopts a lightweight software architecture and focuses on business processing, so that the code execution time can be greatly shortened, and the CPU utilization rate is improved. The introduction of the secondary CPU core can reduce the cost and the power consumption of the equipment, and the reservation of the primary CPU core can greatly consider the convenience of development and transplanting of the traditional application software.
The detailed technical scheme of the invention is as follows:
a hybrid software architecture for a network cryptographic device, comprising:
a hardware layer, a system layer and an application layer at a server side;
the hardware layer comprises: the system comprises a main CPU core, slave CPU cores, a password card or a password engine and a network port, wherein the main CPU core is communicated with each slave CPU core;
the system layer includes: a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
the application layer comprises: running on the general-purpose operating system is a device management program; running a cryptographic service on the lightweight operating system or bare metal system; the general operating system comprises a main stream general operating system such as Linux, windows; the light operating system comprises light operating systems such as FreeRTOS, RT-Thread and the like, and the bare computer system refers to a software component of the bare computer system; some management type software with low performance requirements but relatively complex logic is mainly run on the main CPU core, and some cipher service type software with relatively high performance requirements but relatively simple logic is mainly run on the secondary CPU core. After splitting service end software of network cipher equipment, the software is divided into equipment management software and cipher service software according to different functional categories, and the equipment management software and the cipher service software are respectively deployed to different CPU cores to form a hybrid architecture according to the invention through multi-core cooperation: for cipher service software with high performance requirement and relatively single function, such as encrypting a certain segment of data, signing a certain segment of message, acquiring a time stamp, etc., a lightweight operating system or a bare computer system is used for replacing a Linux general operating system at the bottom layer, so that the code execution path is shortened and deployed in a slave CPU core; for software responsible for other functions, such as device management software of the network password device, the bottom layer uses a general operating system such as Linux adopted by the traditional network password device, and deploys the general operating system in the main CPU core.
According to the present invention, preferably, the hybrid software architecture for a network cryptographic device is a single-chip architecture as shown in fig. 6:
the single chip comprises at least 2 operation processing units, namely a main CPU core and a slave CPU core;
the master CPU core communicates with each slave CPU core:
if the main CPU core and the slave CPU core belong to the same cluster, adopting an L2 or L3 Cache synchronous communication mechanism for communication, as shown in a path 1 of FIG. 6;
if the master CPU core and the slave CPU core do not belong to the same cluster, the clusters communicate by adopting an on-chip bus communication mechanism, as shown in a path 2 in fig. 6.
According to the present invention, preferably, the hybrid software architecture for the network password device is a multi-chip architecture as shown in fig. 7;
the multi-chip comprises at least 2 chips, wherein 1 chip comprises a main CPU core and a secondary CPU core, and the other chips only comprise secondary CPU cores; the master CPU core communicates with each slave CPU core: an IO interface is employed, including but not limited to PCIe, SPI, I C and the like.
The working method of the hybrid software architecture is characterized by comprising the following steps:
the operation of the slave CPU core includes:
s11: receiving a TCP or UDP message from the CPU core through the network port;
s12: analyzing the message layer by using a lightweight protocol stack to obtain a password service request, and calling the password card or the password engine to execute corresponding password operation to obtain an operation result;
s13: encapsulating the operation result into a contracted response data format, and calling a lightweight protocol stack to encapsulate into a response message;
s14: finally, sending the response message back to the client through the network port;
the working process of the slave CPU core does not need the participation of other CPU cores, and because the lightweight bottom software component is adopted, the code path is greatly shortened, and under the environment of the same CPU core, the overall IO performance is improved by more than 10 times compared with the general operating system software architecture; the whole request and response process of the slave CPU core is not needed to be intervened by the master CPU core, and all the slave CPU cores are responsible for: running a basic lightweight TCP/IP protocol stack such as LwIP and the like, directly responding to a password service request sent by a client and giving a response; fig. 3 illustrates a typical operating scenario from a CPU core, with 2 curves illustrating how cryptographic service requests from 2 clients are handled: the slave CPU core 1 and the slave CPU core n respectively and independently process the password service requests from the network port 1 and the network port m and return the response to the original path, wherein how the network port resources are allocated to each slave CPU core is determined by the master CPU core;
the operation of the main CPU core comprises:
s21: conventional management of conventional network cryptographic devices and special management of slave CPU cores; the conventional management functions include: key management, rights management, log management, etc.; the special management includes: hardware resource allocation, event synchronization and service resource synchronization; the conventional management function can be directly transplanted based on the existing management software, and the present invention will not be described, but only the management function specific to the slave CPU core will be described by taking the key synchronization as an example.
A cryptographic device loaded with the software architecture, comprising:
the server comprises a main CPU core, a slave CPU core, a password card or a password engine and a network port; the main CPU core communicates with each auxiliary CPU core;
a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
running on the general-purpose operating system is a device management program; the cryptographic service is run on a lightweight operating system or a bare computer system.
The beneficial effects of the invention include:
1. the invention builds a hybrid software architecture by cutting and deploying the software functions of the network password equipment to different CPU cores, and the two cores are in work division cooperation and each has emphasis. The password service is responsible for software of the slave CPU core, the adopted software architecture is extremely lightweight, the software calling cost is far lower than that of the traditional Linux-based software architecture, and the requirement on the performance of the CPU core per se under the performance of the whole machine is lower; the slave CPU cores support multi-core parallel collaboration, so that the requirement on the performance of a single CPU core can be further reduced. The device management is responsible for the software of the main CPU core, the requirement of the self management function on the performance is not high, the traditional Linux architecture can be adopted, and the high-performance CPU is not required to be equipped.
2. The secondary CPU core of the invention adopts a lightweight bottom software component, so that the code path is greatly shortened, and the overall IO performance of the password service is improved by more than 10 times compared with that of a general operating system software architecture under the environment of the same CPU computing power. That is, a substantial increase in device performance is achieved at the same cost and power consumption.
3. The secondary CPU core of the invention adopts a lightweight bottom software component, so that the code path is greatly shortened, and the required CPU computing capacity is reduced to 1/10 of the original CPU computing capacity under the condition of maintaining the original password service performance. That is, substantial reductions in device cost and power consumption are achieved without degrading performance.
4. The invention does not require that each CPU core follow the same instruction set architecture, and the CPU cores of different instruction set architectures and different chip manufacturers can be used for constructing a hardware system, and the construction mode is flexible.
Drawings
Fig. 1 is a schematic diagram of a network model architecture of a client and a server in a network cryptographic device in the prior art.
FIG. 2 is a diagram of the hardware resources required for the hybrid software architecture of the present invention.
FIG. 3 is a diagram of a password request and response in embodiment 4 of the present invention.
Fig. 4 is a schematic diagram of a host CPU core performing device management and request response in embodiment 4 of the present invention.
FIG. 5 is a diagram illustrating the functional splitting and hierarchical partitioning of a hybrid architecture according to the present invention.
Fig. 6 is a schematic diagram of a hybrid architecture for a network cryptographic device according to the present invention in a single-chip architecture.
Fig. 7 is a schematic diagram of a hybrid software architecture for a network cryptographic device according to the present invention in a multi-chip architecture.
Detailed Description
The present invention will be described in detail with reference to examples and drawings, but is not limited thereto.
Example 1,
As shown in fig. 2 and 5, a hybrid software architecture for a network cryptographic device includes:
a hardware layer, a system layer and an application layer at a server side;
the hardware layer comprises: the system comprises a main CPU core, slave CPU cores, a password card or a password engine and a network port, wherein the main CPU core is communicated with each slave CPU core;
the system layer includes: a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
the application layer comprises: running on the general-purpose operating system is a device management program; the cryptographic service is run on a lightweight operating system or a bare computer system.
The invention splits the software of the server into a device management program and a password service program according to the function type and the performance requirement, as shown in a left part and a right part cut by vertical lines in fig. 5, further divides the software into an application layer, a system layer and a hardware layer according to the belonging layers, as shown in an upper layer, a middle layer and a lower layer cut by horizontal lines in fig. 5, namely, the following mixed architecture is formed: a general operating system such as Linux is adopted for the device management program with low performance requirement and is operated on a main CPU core; the password service program with high performance requirement adopts a lightweight operating system such as RTOS or a bare metal system and runs on a slave CPU core, the framework can greatly improve the CPU utilization rate, greatly reduce the cost and the power consumption of equipment, and simultaneously can greatly consider the convenience of development and transplantation of traditional application software.
EXAMPLE 2,
A hybrid software architecture for a network cryptographic device according to embodiment 1, which is a single-chip structure, as shown in fig. 6:
the single chip comprises at least 2 operation processing units, namely a main CPU core and a slave CPU core;
the master CPU core communicates with each slave CPU core:
if the main CPU core and the slave CPU core belong to the same cluster, adopting an L2 or L3 Cache synchronous communication mechanism for communication, as shown in a path 1 of FIG. 6;
if the master CPU core and the slave CPU core do not belong to the same cluster, the clusters communicate by adopting an on-chip bus communication mechanism, as shown in a path 2 in fig. 6.
EXAMPLE 3,
A hybrid software architecture for a network cryptographic device according to embodiments 1 and 2, wherein the hybrid software architecture for a network cryptographic device has a multi-chip structure as shown in fig. 7;
the multi-chip comprises at least 2 chips, wherein 1 chip comprises a main CPU core and a secondary CPU core, and the other chips only comprise secondary CPU cores; the master CPU core communicates with each slave CPU core: an IO interface is employed, including but not limited to PCIe, SPI, I C and the like. As shown in fig. 7, the system is composed of n chips, wherein 2 CPU cores are arranged in the chip 1, 1 CPU core is arranged in the chip n, and the main CPU core is arranged in the chip 1, the path 1 indicates that the inter-chip communication path in the chip is still effective, and the path 2 indicates that the inter-chip communication between the chips is realized through the IO port.
EXAMPLE 4,
A method of operation of a hybrid software architecture for a network cryptographic device as in embodiments 1-3, comprising:
the operation of the slave CPU core includes:
s11: receiving a TCP or UDP message from the CPU core through the network port;
s12: analyzing the message layer by using a lightweight protocol stack to obtain a password service request, and calling the password card or the password engine to execute corresponding password operation to obtain an operation result;
s13: encapsulating the operation result into a contracted response data format, and calling a lightweight protocol stack to encapsulate into a response message;
s14: finally, sending the response message back to the client through the network port;
the working process of the slave CPU core does not need the participation of other CPU cores, and because the lightweight bottom software component is adopted, the code path is greatly shortened, and under the environment of the same CPU core, the overall IO performance is improved by more than 10 times compared with the general operating system software architecture; the whole request and response process of the slave CPU core is not needed to be intervened by the master CPU core, and all the slave CPU cores are responsible for: running a basic lightweight TCP/IP protocol stack such as LwIP and the like, directly responding to a password service request sent by a client and giving a response; fig. 3 illustrates a typical operating scenario from a CPU core, with 2 curves illustrating how cryptographic service requests from 2 clients are handled: the slave CPU core 1 and the slave CPU core n respectively and independently process the password service requests from the network port 1 and the network port m and return the response to the original path, wherein how the network port resources are allocated to each slave CPU core is determined by the master CPU core;
the operation of the main CPU core comprises:
s21: conventional management of conventional network cryptographic devices and special management of slave CPU cores; the conventional management functions include: key management, rights management, log management, etc.; the special management includes: hardware resource allocation, event synchronization and service resource synchronization; the conventional management function can be directly transplanted based on the existing management software, and the present invention will not be described, but only the management function specific to the slave CPU core will be described by taking the key synchronization as an example.
The hardware resource allocation refers to determining how to allocate hardware resources such as a password engine, a password card, a network port and the like to each slave CPU core by the master CPU core when the device is powered on and initialized, so that each slave CPU core can be exclusively allocated to own resources as much as possible, and the efficiency is optimal. For example, the master CPU allocates the portal 1 to the slave CPU core 1 through inter-core communication, after which all the cryptographic service requests from the portal 1 are taken over by the slave CPU core 1. Event synchronization means that the slave CPU core is used as the CPU core directly responsible for cryptographic services, and some special events may occur during the operation process, and the special events need to be reported to the master CPU core through inter-core communication. Special events can be customized, typical events such as receipt of illegal cryptographic service requests. Service resource synchronization refers to synchronization of information, such as a key, which is strongly related to services, among CPU cores, and one of typical scenarios is key synchronization during power-on initialization of network password devices, namely key distribution. When the device is powered on, software on the master CPU core needs to read some keys, such as the KEK, the key that encrypts the session key, from the nonvolatile storage device, and then synchronize the keys to the slave CPU cores through the aforementioned inter-CPU core communication mechanism. After the key synchronization is finished, each slave CPU core has the same key, and then the password service request can be processed in parallel, so that the overall performance can be further improved by parallel processing. As illustrated in fig. 4, the dashed arrow indicates the key synchronization action initiated by the main CPU core, and the solid arrow indicates that after the key synchronization is completed, the slave CPU core 1 and the slave CPU core n use the same key to process the same kind of requests of the client in parallel. In addition to device power-up initialization, there may also be key synchronization requirements during device operation, such as deleting keys, updating keys, etc., which follow similar processing mechanisms.
EXAMPLE 5,
A cryptographic device loaded with the software architecture of embodiments 1-3, comprising:
the server comprises a main CPU core, a slave CPU core, a password card or a password engine and a network port; the main CPU core communicates with each auxiliary CPU core;
a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
running on the general-purpose operating system is a device management program; the cryptographic service is run on a lightweight operating system or a bare computer system.
According to the embodiment of the invention, the network password equipment software function is segmented and deployed to different CPU cores, and the two are in work division cooperation and each has a emphasis, so that a hybrid software architecture is constructed. The password service is responsible for software of the slave CPU core, the adopted software architecture is extremely lightweight, the software calling cost is far lower than that of the traditional Linux-based software architecture, and the requirement on the performance of the CPU core per se under the performance of the whole machine is lower; the slave CPU cores support multi-core parallel collaboration, and the requirement on the performance of a single CPU core can be further reduced. The device management function is responsible for the software of the main CPU core, the requirement of the self management function on the performance is not high, the traditional Linux architecture can be used, and a high-performance CPU is not required to be equipped. Table 1 summarizes the main differences in software functions deployed on the master and slave CPU cores of the present invention.
TABLE 1
Claims (5)
1. A hybrid software architecture for a network cryptographic device, comprising:
a hardware layer, a system layer and an application layer at a server side;
the hardware layer comprises: the system comprises a main CPU core, slave CPU cores, a password card or a password engine and a network port, wherein the main CPU core is communicated with each slave CPU core;
the system layer includes: a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
the application layer comprises: running on the general-purpose operating system is a device management program; the cryptographic service is run on a lightweight operating system or a bare computer system.
2. The hybrid software architecture for a network cryptographic device of claim 1, wherein the hybrid software architecture for a network cryptographic device is a single chip architecture:
the single chip comprises at least 2 operation processing units, namely a main CPU core and a slave CPU core;
the master CPU core communicates with each slave CPU core:
if the main CPU core and the slave CPU core belong to the same cluster, adopting an L2 or L3 Cache synchronous communication mechanism for communication;
if the main CPU core and the slave CPU core do not belong to the same cluster, the clusters are communicated by adopting an on-chip bus communication mechanism.
3. The hybrid software architecture for a network cryptographic device of claim 1, wherein the hybrid software architecture for a network cryptographic device is a multi-chip architecture:
the multi-chip comprises at least 2 chips, wherein 1 chip comprises a main CPU core and a secondary CPU core, and the other chips only comprise secondary CPU cores; the master CPU core communicates with each slave CPU core: an IO interface is used.
4. A method of operating a hybrid software architecture for a network cryptographic device according to claim 1, 2 or 3, comprising:
the operation of the slave CPU core includes:
s11: receiving a TCP or UDP message from the CPU core through the network port;
s12: analyzing the message layer by using a lightweight protocol stack to obtain a password service request, and calling the password card or the password engine to execute corresponding password operation to obtain an operation result;
s13: encapsulating the operation result into a contracted response data format, and calling a lightweight protocol stack to encapsulate into a response message;
s14: finally, sending the response message back to the client through the network port;
the operation of the main CPU core comprises:
s21: conventional management of conventional network cryptographic devices and special management of slave CPU cores; the special management includes: hardware resource allocation, event synchronization, and traffic resource synchronization.
5. A cryptographic device loaded with a software architecture as in any one of claims 1-3, comprising:
the server comprises a main CPU core, a slave CPU core, a password card or a password engine and a network port; the main CPU core communicates with each auxiliary CPU core;
a general-purpose operating system running on the master CPU core and a lightweight operating system or bare metal system running on the slave CPU core;
running on the general-purpose operating system is a device management program; the cryptographic service is run on a lightweight operating system or a bare computer system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311809953.8A CN117472588B (en) | 2023-12-27 | 2023-12-27 | Hybrid software architecture for network password equipment and password equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311809953.8A CN117472588B (en) | 2023-12-27 | 2023-12-27 | Hybrid software architecture for network password equipment and password equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117472588A true CN117472588A (en) | 2024-01-30 |
| CN117472588B CN117472588B (en) | 2024-04-09 |
Family
ID=89639956
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311809953.8A Active CN117472588B (en) | 2023-12-27 | 2023-12-27 | Hybrid software architecture for network password equipment and password equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117472588B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162751A (en) * | 2015-06-18 | 2015-12-16 | 南京国电南自电网自动化有限公司 | Multi-network port and multi-connection communication system based on lwIP protocol stack |
| CN113661485A (en) * | 2019-04-10 | 2021-11-16 | 赛灵思公司 | Domain assisted processor peering for coherency acceleration |
| CN116414534A (en) * | 2022-01-05 | 2023-07-11 | 华为技术有限公司 | Task scheduling method, device, integrated circuit, network equipment and storage medium |
| CN116776394A (en) * | 2023-06-12 | 2023-09-19 | 山东云海国创云计算装备产业创新中心有限公司 | Equipment safety protection method, system, equipment and medium |
| DE102023202297A1 (en) * | 2022-03-18 | 2023-09-21 | Mellanox Technologies, Ltd. | MAINTAINING THE CONFIDENTIALITY OF CLIENTS IN A CLOUD ENVIRONMENT WHEN USING SECURITY SERVICES |
| CN116830082A (en) * | 2023-04-28 | 2023-09-29 | 苏州浪潮智能科技有限公司 | Startup control method and device of embedded system, storage medium and electronic equipment |
| CN116868167A (en) * | 2023-04-28 | 2023-10-10 | 苏州浪潮智能科技有限公司 | Operation control method and device of operating system, embedded system and chip |
-
2023
- 2023-12-27 CN CN202311809953.8A patent/CN117472588B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162751A (en) * | 2015-06-18 | 2015-12-16 | 南京国电南自电网自动化有限公司 | Multi-network port and multi-connection communication system based on lwIP protocol stack |
| CN113661485A (en) * | 2019-04-10 | 2021-11-16 | 赛灵思公司 | Domain assisted processor peering for coherency acceleration |
| CN116414534A (en) * | 2022-01-05 | 2023-07-11 | 华为技术有限公司 | Task scheduling method, device, integrated circuit, network equipment and storage medium |
| DE102023202297A1 (en) * | 2022-03-18 | 2023-09-21 | Mellanox Technologies, Ltd. | MAINTAINING THE CONFIDENTIALITY OF CLIENTS IN A CLOUD ENVIRONMENT WHEN USING SECURITY SERVICES |
| CN116830082A (en) * | 2023-04-28 | 2023-09-29 | 苏州浪潮智能科技有限公司 | Startup control method and device of embedded system, storage medium and electronic equipment |
| CN116868167A (en) * | 2023-04-28 | 2023-10-10 | 苏州浪潮智能科技有限公司 | Operation control method and device of operating system, embedded system and chip |
| CN116776394A (en) * | 2023-06-12 | 2023-09-19 | 山东云海国创云计算装备产业创新中心有限公司 | Equipment safety protection method, system, equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 杨松;漆昭铃;贺亚龙;柴俊;: "基于多核DSP的软件主从架构设计", 电子技术与软件工程, no. 11, 3 June 2019 (2019-06-03), pages 41 - 42 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117472588B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107493310B (en) | Cloud resource processing method and cloud management platform | |
| CN102404385A (en) | Virtual cluster deployment system and deployment method for high performance computing | |
| WO2021155667A1 (en) | Model training method and apparatus, and clustering system | |
| US20130125251A1 (en) | Mobile Device Peripherals Management System and Multi-Data Stream Technology (MdS) | |
| CN111966446B (en) | RDMA virtualization method in container environment | |
| WO2020186807A1 (en) | System and method for power data linking based on blockchain technology | |
| WO2020192649A1 (en) | Data center management system | |
| CN104579792A (en) | Architecture and method for achieving centralized management of various types of virtual resources based on multiple adaptive modes | |
| CN113377344B (en) | Complex information system comprehensive integration method | |
| CN110727950A (en) | Distributed cooperative computing system and cooperative processing method | |
| CN103207965A (en) | Method and device for License authentication in virtual environment | |
| WO2017181829A1 (en) | Virtualization platform operation method and virtualization platform | |
| CN103618762A (en) | System and method for enterprise service bus state pretreatment based on AOP | |
| CN111897666A (en) | Method, device and system for communication among multiple processes | |
| CN111985906A (en) | Remote office system, method, device and storage medium | |
| CN113037858A (en) | System and method for realizing sharing computing power between mobile phone and terminal | |
| TW202301118A (en) | Dynamic microservices allocation mechanism | |
| CN117472588B (en) | Hybrid software architecture for network password equipment and password equipment | |
| CN109947595A (en) | A kind of OpenStack cloud Host Protection method | |
| CN211403427U (en) | Distributed collaborative computing system | |
| CN110851885B (en) | Safety protection architecture system of embedded system | |
| CN111181929A (en) | Heterogeneous hybrid cloud architecture based on shared virtual machine files and management method | |
| CN113905094B (en) | Industrial Internet integration method, device and system | |
| US20190227987A1 (en) | Data-Oriented Architecture (DOA) System | |
| JP3969308B2 (en) | Parallel processing system by OS for single processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |