CN104506304B - A kind of adaptation control system and method for strengthening encryption device on-demand service ability - Google Patents
A kind of adaptation control system and method for strengthening encryption device on-demand service ability Download PDFInfo
- Publication number
- CN104506304B CN104506304B CN201410664643.6A CN201410664643A CN104506304B CN 104506304 B CN104506304 B CN 104506304B CN 201410664643 A CN201410664643 A CN 201410664643A CN 104506304 B CN104506304 B CN 104506304B
- Authority
- CN
- China
- Prior art keywords
- encryption device
- cryptosecurity
- service
- adaptation rule
- upper strata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of adaptation control system and method for strengthening encryption device on-demand service ability.Cryptosecurity management system issues the adaptation rule for including encryption device grouping information to cryptosecurity service system;Cryptosecurity service system preserves and parses adaptation rule, and the encryption device grouping information in adaptation rule, connection pool is established with every encryption device;The cryptographic service interface that upper strata cipher application principal access cryptosecurity service system externally provides, and ask cryptosecurity service message information to cryptosecurity service system;Cryptosecurity service system parses the connectivity request message for including the message information, and obtains adaptation rule information for the upper strata cipher application main body;Encryption device resource completes cryptosecurity service business trading processing.Avoid that numerous upper strata cipher application main bodys are crazy to rob encryption device resource, caused by unordered mix.
Description
Technical field
The present invention relates to it is a kind of strengthen encryption device on-demand service ability adaptation control system and method, more particularly to
The adaptation control system and method for a kind of enhancing encryption device on-demand service ability suitable for information security art of cryptography.
Background technology
Cryptographic technique is the basic technology of information security, and key is then the basis of cryptographic technique safety applications and information-based peace
Full core element.It is all-round developing with the high speed of China's informationization industry, as the encryption device of information security basal core,
While the cryptographic technique of safety is provided always for information industry and Developing Track for Modern Service Industry, higher and higher password is also faced
On-demand service Capability Requirement.
With the continuous development of information system business, application of the encryption device in information system business is continuously increased, close
Decoding apparatus type and quantity also constantly increase therewith.People, which come to realise, is managed concentratedly numerous encryption devices, is used
It is optimal selection that cluster mode provides cryptosecurity service for upper strata cipher application main body.
Encryption device cluster mode provides easily cryptosecurity service for upper strata cipher application main body, but with upper strata
Cipher application main body quantity is continuously increased, and in the case where lacking effective adaptation controlling mechanism, there are numerous upper strata passwords
Encryption device resource is robbed using main body is crazy, causes unordered mix, causes the encryption device in encryption device cluster can not be accurate
Really, the effective upper strata cipher application main body to specify provides password on-demand service ability, can not meet that numerous upper strata passwords should
Safe and stable, the reliable password on-demand service ability proposed with main body to encryption device.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of encryption device ensured in encryption device cluster is accurate and effective
Adaptation control system and method that password on-demand service ability is provided for the upper strata cipher application main body specified.
The technical solution adopted by the present invention is as follows:A kind of adaptation control system for strengthening encryption device on-demand service ability,
Including upper strata cipher application main body and encryption device, it is characterised in that including
Cryptosecurity management system, generates encryption device on-demand service adaptation rule;
Cryptosecurity service system, including
Connection pool establishes module, receives the adaptation rule that cryptosecurity management system issues, and according in adaptation rule
Encryption device grouping information establishes connection pool with every encryption device;
Cryptographic service interface;
Adaptation rule scheduler module, the connection of cipher application main body is parsed according to the message information of cryptographic service interface
Request, obtains preposition IP address, and searches encryption device grouping information from adaptation rule according to IP address and time window is fitted
With scope.
Preferably, the cryptosecurity service system further includes encryption device packet maintenance module, using polling dispatching
Algorithm, the smart allocation scheduling for realizing with reference to adaptation rule encryption device resource, complete the transmitting-receiving process of transaction data.
A kind of Adaptive Control Method for strengthening encryption device on-demand service ability, its method and step are:
Step 1: cryptosecurity management system is issued to cryptosecurity service system includes encryption device grouping information
Adaptation rule;
Step 2: cryptosecurity service system preserves and parses adaptation rule, the encryption device in adaptation rule point
Group information, connection pool is established with every encryption device;
Step 3: the cryptographic service interface that upper strata cipher application principal access cryptosecurity service system externally provides, and
Cryptosecurity service message information is asked to cryptosecurity service system;
Step 4: the parsing of cryptosecurity service system includes the connectivity request message of the message information, and it is directed to and is somebody's turn to do
Upper strata cipher application main body obtains adaptation rule information;
Step 5: encryption device resource completes cryptosecurity service business trading processing, and return to trading processing result;
Step 6: upper strata cipher application main body obtains the trading processing as a result, and by close by cryptographic service interface
Final service handling result is returned to upper strata cipher application main body by code service interface.
Preferably, the method further includes, according to the connection pool established between cryptosecurity service system and cipher machine
Quantity, the allocation schedule to encryption device resource is completed using polling dispatching algorithm combination adaptation rule, and then completes number of deals
According to transmitting-receiving process.
Preferably, in the step 4, according to the preposition IP address of upper strata cipher application main body, for the upper strata password
Adaptation rule information is obtained using main body.
Preferably, the connection pool is long connection pool.
Preferably, the connection pool has 20.
Preferably, the adaptation rule information includes encryption device grouping information and time window range of fit information.
Preferably, the adaptation rule includes service adaptation rule, according to pair between business and encryption device packet
It should be related to be formed.
Preferably, the adaptation rule further includes time window rule, increase time window controlling mechanism, for business
Peak processing time scope carries out allotment control.
Compared with prior art, the beneficial effects of the invention are as follows:Avoid that numerous upper strata cipher application main bodys are crazy to rob password
Device resource, caused by unordered mix, what the encryption device in encryption device cluster can be accurate and effective is upper to specify
Layer cipher application main body provides password on-demand service ability, meets what numerous upper strata cipher application main bodys proposed encryption device
Safe and stable, reliable password on-demand service ability.
Brief description of the drawings
Fig. 1 is the principle schematic of a wherein embodiment of the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not
For limiting the present invention.
This specification(Including any accessory claim, summary and attached drawing)Disclosed in any feature, except non-specifically chatting
State, can alternative features equivalent by other or with similar purpose replaced.I.e., unless specifically stated, each feature
A simply example in a series of equivalent or similar characteristics.
As shown in Figure 1, the adaptation control system of enhancing encryption device on-demand service ability, including upper strata cipher application main body
And encryption device, it is characterised in that including
Cryptosecurity management system, generates encryption device on-demand service adaptation rule;
Cryptosecurity service system, including
Connection pool establishes module, receives the adaptation rule that cryptosecurity management system issues, and according in adaptation rule
Encryption device grouping information establishes connection pool with every encryption device;
Cryptographic service interface;
Adaptation rule scheduler module, the connection of cipher application main body is parsed according to the message information of cryptographic service interface
Request, obtains preposition IP address, and searches encryption device grouping information from adaptation rule according to IP address and time window is fitted
With scope.
In this embodiment, the cryptosecurity service system further includes encryption device packet maintenance module, uses
Polling dispatching algorithm, the smart allocation scheduling for realizing with reference to adaptation rule encryption device resource, are completed at the transmitting-receiving of transaction data
Reason.
Its Adaptive Control Method concretely comprises the following steps:
Step 1: cryptosecurity management system is issued to cryptosecurity service system includes encryption device grouping information
Adaptation rule;
Step 2: cryptosecurity service system preserves and parses adaptation rule, the encryption device in adaptation rule point
Group information(Number of units, IP address), connection pool is established with every encryption device(In this embodiment, every encryption device is write from memory
Recognize 20 connection pools, can be configured according to actual conditions);
Step 3: the cryptographic service interface that upper strata cipher application principal access cryptosecurity service system externally provides(API
Interface), and ask cryptosecurity service message information to cryptosecurity service system;
Step 4: the parsing of cryptosecurity service system includes the connectivity request message of the message information, and it is directed to and is somebody's turn to do
Upper strata cipher application main body obtains adaptation rule information;
Step 5: encryption device resource completes cryptosecurity service business trading processing, and return to trading processing result;
Step 6: upper strata cipher application main body obtains the trading processing as a result, and by close by cryptographic service interface
Final service handling result is returned to upper strata cipher application main body by code service interface.
The method further includes, and cryptosecurity service system is according to establishing between cryptosecurity service system and cipher machine
Connection pool quantity, the allocation schedule to encryption device resource is completed using polling dispatching algorithm combination adaptation rule, and then is completed
The transmitting-receiving process of transaction data, so as to safeguard that encryption device is grouped.Using polling algorithm, realize to encryption device resource(Cluster)
Rational management and adaptation control, prevent upper strata cipher application main body and rob encryption device resource so that unordered, chaotic state is crazy, have
Effect improves encryption device resource(Cluster)Scheduling of resource and adaptation control efficiency.
In this embodiment, in step 4, according to the preposition IP address of upper strata cipher application main body, for the upper strata
Cipher application main body obtains adaptation rule information, and encryption device grouping information is searched from adaptation rule according to preposition IP address
(One or more), time window range of fit(Such as:9:00-10:00).
The connection pool is long connection pool, and client carries out network connection communication with server-side by Socket, and connects
Communication is always maintained at, and connection does not turn off.
The adaptation rule information includes encryption device grouping information and time window range of fit information.
System according to configured adaptation rule according to service adaptation mechanism and time window adaptation mechanism, maximizing
Play the on-demand service ability of encryption device resource.In this embodiment, the adaptation rule includes service adaptation rule,
Formed according to the correspondence between business and encryption device packet.Business and encryption device are realized by the service adaptation rule
Adaptation control.Encryption device adaptation control is carried out according to business characteristic;Assessed according to business processing amount feature, for friendship
Big business is easily measured, when encryption device is grouped and divides, can try one's best a certain number of encryption devices of overabsorption;It is small for trading volume
Business, encryption device be grouped divide when, less encryption device can be distributed.Ensure that business fully, can be used reasonably
Node in password cluster.
In this embodiment, the adaptation rule further includes time window rule, on the basis of service adaptation rule
On, increase time window controlling mechanism, allotment control is carried out for peak traffic processing time scope.Such as:A business processings
Rush hour section is 9:00-10:00, rational time window control can be carried out according to rush hour section, by other idle traffics
Corresponding encryption device distributes to A business and carries out peak period processing.After the completion of the A peak traffic periods are handled, then by password
Equipment is reduced to idle traffic.Various adaptation rules can be flexible, changeable definition and configuration, easy to administrative staff according to it is actual should
Configured with situation and extend adaptation rule, requirement is controlled to adapt to different adaptations.According to business processing rush hour section
Difference carries out time window control, when guarantee business can maximize while access the completion peak of multiple nodes in password cluster
Section business processing.
System can realize encryption device resource using adaptation controlling mechanism(Cluster)In the United Dispatching of all nodes and suitable
With control.When a certain node occurs abnormal, it can in real time, effectively, accurately be switched to another node and continue as upper strata password and answer
Crypto-operation service is provided with main body, it is ensured that upper strata cipher application main body can obtain reliable, real-time, continual password on demand
Service.
Efficient practicality.When upper strata cipher application system quantity and encryption device resource interior joint quantity change
When, system can be according to the configuration feature of adaptation rule flexibility and changeability, to upper strata cipher application main body with being saved in encryption device resource
The adaptation rule of point is adjusted, according to the adaptation rule of predefined, as upper strata cipher application main body is corresponding with encryption device
Password set packet relation.When upper strata cipher application principal access cryptosecurity service system, system is by according to the suitable of definition
United Dispatching is carried out to encryption device resource with rule and adaptation controls.Upper strata cipher application main body is not influenced to provide encryption device
The United Dispatching and adaptation in source control, and can lift encryption device resource and externally provide password on-demand service power efficient and practicality
Property.
Claims (8)
1. a kind of adaptation control system for strengthening encryption device on-demand service ability, including upper strata cipher application main body and password are set
It is standby, it is characterised in that including
Cryptosecurity management system, generates encryption device on-demand service adaptation rule;
Cryptosecurity service system, including
Connection pool establishes module, receives the adaptation rule that cryptosecurity management system issues, and the password in adaptation rule
Device packets information establishes connection pool with every encryption device;
Cryptographic service interface;
Adaptation rule scheduler module, the connection of upper strata cipher application main body is parsed according to the message information of cryptographic service interface
Request, obtains the preposition IP address of the upper strata cipher application main body, and search password from adaptation rule according to IP address and set
Back-up group information and time window range of fit;
The cryptosecurity service system further includes encryption device packet maintenance module, using polling dispatching algorithm, with reference to adaptation
Rule realizes the smart allocation scheduling of encryption device resource, completes the transmitting-receiving process of transaction data.
2. a kind of Adaptive Control Method for strengthening encryption device on-demand service ability, its method and step are:
Step 1: cryptosecurity management system issues the adaptation for including encryption device grouping information to cryptosecurity service system
Rule;
Step 2: cryptosecurity service system preserves and parses adaptation rule, the encryption device packet letter in adaptation rule
Breath, connection pool is established with every encryption device;
Step 3: the cryptographic service interface that upper strata cipher application principal access cryptosecurity service system externally provides, and to close
Code safety service system sends the message information of request cryptosecurity service;
Step 4: the parsing of cryptosecurity service system includes the solicited message of the message information, and it is directed to the upper strata password
Adaptation rule information is obtained using main body;
Step 5: encryption device resource completes cryptosecurity service business trading processing, and return to trading processing result;
Step 6: upper strata cipher application main body obtains the trading processing as a result, cryptosecurity service by cryptographic service interface
Final service handling result is returned to upper strata cipher application main body by system by cryptographic service interface;The step 4 and step
The step of between five, further includes, according to the connection pool quantity established between cryptosecurity service system and encryption device, using wheel
Allocation schedule of the dispatching algorithm combination adaptation rule completion to encryption device resource is ask, and then at the transmitting-receiving of completion transaction data
Reason.
3. Adaptive Control Method according to claim 2, in the step 4, according to the preposition of upper strata cipher application main body
IP address, adaptation rule information is obtained for the upper strata cipher application main body.
4. Adaptive Control Method according to claim 2, the connection pool is long connection pool.
5. Adaptive Control Method according to claim 4, the connection pool has 20.
6. Adaptive Control Method according to claim 2, the adaptation rule information include encryption device grouping information and
Time window range of fit information.
7. Adaptive Control Method according to claim 2, the adaptation rule includes service adaptation rule, according to business with
Correspondence between encryption device packet is formed.
8. Adaptive Control Method according to claim 7, the adaptation rule further includes time window rule, increases the time
Window control mechanism, allotment control is carried out for peak traffic processing time scope.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410664643.6A CN104506304B (en) | 2014-11-20 | 2014-11-20 | A kind of adaptation control system and method for strengthening encryption device on-demand service ability |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410664643.6A CN104506304B (en) | 2014-11-20 | 2014-11-20 | A kind of adaptation control system and method for strengthening encryption device on-demand service ability |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104506304A CN104506304A (en) | 2015-04-08 |
| CN104506304B true CN104506304B (en) | 2018-04-24 |
Family
ID=52948020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410664643.6A Active CN104506304B (en) | 2014-11-20 | 2014-11-20 | A kind of adaptation control system and method for strengthening encryption device on-demand service ability |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104506304B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108574599B (en) * | 2017-12-14 | 2021-10-08 | 成都卫士通信息产业股份有限公司 | Password resource pool, password resource pool management method, management platform and management system |
| CN111597547B (en) * | 2020-05-26 | 2023-04-28 | 中国联合网络通信集团有限公司 | Password management method and system |
| CN115118475A (en) * | 2022-06-21 | 2022-09-27 | 成都卫士通信息产业股份有限公司 | Method, device, equipment and medium for dispatching cryptographic equipment cluster |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123620A (en) * | 2007-08-28 | 2008-02-13 | 南京联创科技股份有限公司 | Method for electronic data processing for concurrent request of a large number of services |
| CN102193820A (en) * | 2010-03-03 | 2011-09-21 | 软件股份公司 | Connection handler and method for providing applications with heterogeneous connection objects |
| CN203135901U (en) * | 2012-08-21 | 2013-08-14 | 中国银联股份有限公司 | Encryption equipment management device |
| CN103825698A (en) * | 2014-01-20 | 2014-05-28 | 中国建设银行股份有限公司 | Password security management system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7313812B2 (en) * | 2002-06-05 | 2007-12-25 | Sap Aktiengesellschaft | Application level security |
-
2014
- 2014-11-20 CN CN201410664643.6A patent/CN104506304B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123620A (en) * | 2007-08-28 | 2008-02-13 | 南京联创科技股份有限公司 | Method for electronic data processing for concurrent request of a large number of services |
| CN102193820A (en) * | 2010-03-03 | 2011-09-21 | 软件股份公司 | Connection handler and method for providing applications with heterogeneous connection objects |
| CN203135901U (en) * | 2012-08-21 | 2013-08-14 | 中国银联股份有限公司 | Encryption equipment management device |
| CN103825698A (en) * | 2014-01-20 | 2014-05-28 | 中国建设银行股份有限公司 | Password security management system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104506304A (en) | 2015-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10154457B2 (en) | Secure management of radio transmissions in an endpoint device of a network | |
| CN107528856A (en) | Internet of Things mist end equipment based on block chain platform access authentication method beyond the clouds | |
| CN104506304B (en) | A kind of adaptation control system and method for strengthening encryption device on-demand service ability | |
| CN103150241B (en) | Multiserver state monitoring and management system and method | |
| CN103312682B (en) | The method and system that gateway security accesses | |
| CN103391295A (en) | Data exchange mechanism for performing real-time security communication with public security in-network system | |
| US10454909B2 (en) | Key negotiation method and system, network entity and computer storage medium | |
| KR20170033592A (en) | Method and apparatus for transmitting/receiving data in a communication system | |
| Kim et al. | A DPN (Delegated Proof of Node) Mechanism for Secure Data Transmission in IoT Services. | |
| CN103248431B (en) | The transportable TWDM-PON system of a kind of ONU | |
| CN105592141A (en) | Connection number control method and device | |
| US20210328887A1 (en) | Method for performing task processing on common service entity, common service entity, apparatus and medium for task processing | |
| CN109217986A (en) | A kind of data transmission method and system based on Internet of Things | |
| CN102769911A (en) | Router advertisement information sending method and device | |
| CN103813271B (en) | A kind of method and apparatus for being used to provide system information broadcast SIB12 by eNB | |
| CN102281334B (en) | A kind of management control method of catv terminal and system and access server | |
| CN104009846B (en) | A kind of single-sign-on apparatus and method | |
| Li et al. | A blockchain-based decentralized framework for fair data processing | |
| CN116527412A (en) | Cross-region data interaction method, device, equipment and medium for scheduling data chain | |
| WO2018001038A1 (en) | Flow management, acquisition method, device and core network node | |
| CN112468295B (en) | Internet of things communication encryption method, system and computer equipment based on parking spot lock equipment | |
| EP2942903B1 (en) | Method for controlling a network session | |
| Bahgat | Enhanced IoT-based online access control system for vehicles in truck-loading fuels terminals | |
| Yang et al. | A distributed federated transfer learning framework for edge optical network | |
| EP3562194A1 (en) | Method for identifying at least one network slice configuration of a mobile network, communication system, and automation system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: No. 333, Yunhua Road, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |