[go: up one dir, main page]

CN120200846A - A method, device, equipment and storage medium for providing cryptographic computing services - Google Patents

A method, device, equipment and storage medium for providing cryptographic computing services Download PDF

Info

Publication number
CN120200846A
CN120200846A CN202510596324.4A CN202510596324A CN120200846A CN 120200846 A CN120200846 A CN 120200846A CN 202510596324 A CN202510596324 A CN 202510596324A CN 120200846 A CN120200846 A CN 120200846A
Authority
CN
China
Prior art keywords
target
service
request
transaction request
cryptographic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510596324.4A
Other languages
Chinese (zh)
Inventor
廖成军
张建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Network Security Technology Co ltd
Original Assignee
China Electronics Technology Network Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronics Technology Network Security Technology Co ltd filed Critical China Electronics Technology Network Security Technology Co ltd
Priority to CN202510596324.4A priority Critical patent/CN120200846A/en
Publication of CN120200846A publication Critical patent/CN120200846A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method, a device, equipment and a storage medium for providing a password computing service, which relate to the field of information security and are applied to a password service container and comprise the steps of obtaining a target transaction request; the method comprises the steps of determining target request processing service corresponding to a target transaction request, distributing the target transaction request to the target request processing service to process the target transaction request to obtain a target processing result, transmitting the target processing result to a target cipher machine so that the target cipher machine can carry out cipher operation to obtain a target cipher calculation result, obtaining the target cipher calculation result returned by the target cipher machine, and returning the target cipher calculation result to a target application to complete the cipher calculation service, wherein the target request processing service is a first request processing service or a second request processing service, and the first request processing service and the second request processing service are located in the same cipher service container. The application realizes the improvement of the password calculation performance, reduces the resource requirement during the deployment of the micro-service, and meets the expandability of the service function.

Description

Password computing service providing method, device, equipment and storage medium
Technical Field
The present invention relates to the field of information security, and in particular, to a method, an apparatus, a device, and a storage medium for providing a cryptographic computing service.
Background
The traditional cryptographic service is usually developed and realized by adopting a single programming language, however, the C language lacks a general HTTP RESTful interface development framework, a receiving and analyzing module of HTTP (HyperText Transfer Protocol ) requests needs to be realized by itself, the service function interface development time is long, the efficiency is low, the Java language is dependent on JVM (Java Virtual Machine ‌, java virtual machine) environment when running, the memory resources are excessively occupied, the concurrent request processing effect is general, and the performance bottleneck is easy to be caused. In addition, the cryptographic service is deployed by adopting a jar (Java Archive) package or an executable program mode, needs to be configured and compiled for different target server architectures based on source codes, and cannot guarantee the consistency of the running environment. Therefore, how to improve the cryptographic computing performance and reduce the resource requirements during the deployment of the micro-services and meet the expandability of the service functions is a problem to be solved at present.
Disclosure of Invention
Accordingly, the present invention is directed to a method, apparatus, device and storage medium for providing a cryptographic computing service, which can improve the cryptographic computing performance, reduce the resource requirement during deployment of micro services, and satisfy the expandability of service functions. The specific scheme is as follows:
in a first aspect, the present application discloses a cryptographic computing service providing method, applied to a cryptographic service container, comprising:
the method comprises the steps of obtaining a target transaction request forwarded by a gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway;
Determining a uniform resource locator corresponding to the target transaction request, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule;
Processing the target transaction request by utilizing the target request processing service to obtain a corresponding target processing result, and forwarding the target processing result to a target cryptographic machine so that the target cryptographic machine performs cryptographic operation based on the target processing result to obtain a target cryptographic calculation result corresponding to the target transaction request;
Acquiring the target password calculation result returned by the target password machine, and returning the target password calculation result to the target application through the gateway to complete password calculation service;
The target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on a C language, the second request processing service is a request processing service constructed based on a Java language, and the first request processing service and the second request processing service are located in the same password service container.
Optionally, the process of authenticating the target application corresponding to the target transaction request by the gateway includes:
The gateway obtains the target transaction request sent by the target application;
The gateway judges whether the service calling authority corresponding to the target application meets the preset service calling condition corresponding to the target transaction request or not, so that the gateway forwards the target transaction request to the password service container when the service calling authority of the target application meets the preset service calling condition.
Optionally, the cryptographic computing service providing method further includes:
If the service calling authority corresponding to the target application does not meet the preset service calling condition corresponding to the target transaction request, the gateway generates a corresponding identity authentication request based on the target transaction request;
The gateway sends the identity authentication request to an identity authentication service to acquire an identity authentication result corresponding to the identity authentication request;
And the gateway determines the service calling authority corresponding to the target application again based on the identity authentication result, and refuses to forward the target transaction request to the password service container when the service calling authority does not meet the preset service calling condition corresponding to the target transaction request.
Optionally, the determining the uniform resource locator corresponding to the target transaction request, to determine a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distribute the target transaction request to the target request processing service based on a preset routing rule, includes:
identifying a uniform resource locator in the target transaction request using a routing service in the cryptographic service container;
Determining a target request processing service corresponding to the target transaction request based on the uniform resource locator;
And distributing the target transaction request to the target request processing service based on a preset routing rule by using the routing service.
Optionally, the processing the target transaction request by using the target request processing service to obtain a corresponding target processing result includes:
Analyzing the target transaction request by utilizing the target request processing service to obtain a corresponding analysis message;
splicing the analysis message based on a preset adaptation format to obtain a corresponding spliced message;
And encrypting the assembled message based on a preset encryption algorithm by utilizing a pre-acquired target key to obtain a target processing result corresponding to the target transaction request.
Optionally, the target key is a key stored locally in the cryptographic service container or a key obtained by the target request processing service from a key management center by using the target transaction request.
Optionally, the forwarding the target processing result to a target crypto-engine includes:
Communicating with a management platform of a pool of cryptographic machines through a preset communication link to determine free cryptographic machines from all the cryptographic machines in the pool of cryptographic machines based on load balancing;
Determining a target cryptographic engine from all the idle cryptographic engines;
And forwarding the target processing result to the target cipher machine.
In a second aspect, the present application discloses a cryptographic computing service providing apparatus applied to a cryptographic service container, comprising:
the system comprises a transaction request acquisition module, a gateway authentication module and a transaction request processing module, wherein the transaction request acquisition module is used for acquiring a target transaction request forwarded by the gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway;
The transaction request distribution module is used for determining a uniform resource locator corresponding to the target transaction request, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule;
The password calculation result acquisition module is used for processing the target transaction request by utilizing the target request processing service to obtain a corresponding target processing result, and forwarding the target processing result to a target password machine so that the target password machine carries out password operation on the basis of the target processing result to obtain a target password calculation result corresponding to the target transaction request;
the password calculation result returning module is used for acquiring the target password calculation result returned by the target password machine and returning the target password calculation result to the target application through the gateway so as to complete password calculation service;
The target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on a C language, the second request processing service is a request processing service constructed based on a Java language, and the first request processing service and the second request processing service are located in the same password service container.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
And a processor for executing the computer program to implement the aforementioned cryptographic computing service providing method.
In a fourth aspect, the present application discloses a computer readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the foregoing cryptographic calculation service providing method.
The password service container acquires a target transaction request forwarded by a gateway when providing a password calculation service, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway, a uniform resource locator corresponding to the target transaction request is determined, a target request processing service corresponding to the target transaction request is determined based on the uniform resource locator, the target transaction request is distributed to the target request processing service based on a preset routing rule, the target transaction request is processed by the target request processing service to obtain a corresponding target processing result, the target processing result is forwarded to a target password machine, so that the target password machine performs password operation based on the target processing result to obtain a target password calculation result corresponding to the target transaction request, the target password calculation result returned by the target password machine is acquired, the target password calculation result is returned to the target application through the gateway to complete the password calculation service, the target request processing service is a first request processing service or a second request processing service based on a preset routing rule, the first request processing service is a request C, the first request processing service is a request processing service based on a second request processing language, and a Java service is built in the same service processing container based on the second request processing language. In the application, after the password service container receives the interface request, the routing service performs routing rule matching according to the URL of the interface, so that the target transaction request is forwarded to the corresponding target request processing service according to different service demands, the first request processing service constructed based on the C language can fully utilize the characteristic of the C language and provide high concurrency and high throughput password computing capability under the condition of lower memory occupation, and the second request processing service constructed based on the Java language can rapidly realize customized scenerization computing interfaces by utilizing a development framework rich in Java language and ecology or complete the adaptation of the password computing service to password equipment of different manufacturers and provide a computing interface which is more matched with service scenes and is easy to use. Meanwhile, the application integrates the routing service, the first request processing service and the second request processing service, constructs the password service container mirror image based on the unified basic mirror image, so that the password service container mirror image has good cross-platform deployment characteristics, and reduces the variability of a hardware architecture and an operating system in an actual deployment environment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a cryptographic computing service providing method disclosed in the present application;
FIG. 2 is a schematic diagram of a cryptographic service container for cryptographic computing services according to the present disclosure;
FIG. 3 is a signaling diagram illustrating a specific cryptographic computing service providing procedure according to the present disclosure;
FIG. 4 is a schematic diagram of a cryptographic computing service providing apparatus according to the present application;
fig. 5 is a block diagram of an electronic device according to the present disclosure.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The traditional password service is usually developed and realized by adopting a single programming language, however, the C language lacks a general HTTP RESTful interface development framework, a receiving and analyzing module of HTTP requests needs to be realized by itself, the service function interface development time is long, the efficiency is low, the Java language depends on the JVM environment when running, and the processing effect of concurrent requests is general and is easy to become a performance bottleneck. In addition, the cryptographic service is deployed by adopting a jar package or a programmable program mode, needs to be configured and compiled for different target server architectures based on source codes, and cannot guarantee the consistency of the running environment. In order to solve the technical problems, the application discloses a password computing service providing method which can improve the password computing performance, reduce the resource requirement during micro service deployment and meet the expandability of service functions.
Referring to fig. 1, an embodiment of the present invention discloses a cryptographic computing service providing method, which is applied to a cryptographic service container, and includes:
And step S11, acquiring a target transaction request forwarded by a gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway.
In this embodiment, as shown in fig. 2, a specific architecture diagram of a cryptographic service container for a cryptographic computing service is shown, where the container includes a routing service, a high-performance cryptographic computing service (i.e., a first request processing service based on the C language), and a cryptographic function expansion service (i.e., a second request processing service based on the Java language). That is, in this embodiment, based on the multi-language fusion cryptographic service implemented by containerization, the cryptographic computing service divides the computing interfaces according to the service performance requirements, the high-performance cryptographic computing interface is used for providing the first request processing service, the customized extension interface is used for providing the second request processing service, and the two interfaces form a complete cryptographic computing service, so as to implement cooperative processing on interfaces with different performance requirements, and jointly provide cryptographic service capability to the outside. The high-performance password computing service realized by using the C language fully utilizes the characteristics of the C language, and provides high-concurrency and high-throughput password computing capability under the condition of lower memory occupation. The cryptographic function expansion service can rapidly realize customized scenerization computing interfaces based on a development framework and ecology rich in Java language, or complete the adaptation of the cryptographic computing service to cryptographic equipment of different manufacturers, and provide computing interfaces which are more matched with service scenes and are easy to use.
In this embodiment, as shown in fig. 3, before the cryptographic service container obtains the target transaction request forwarded by the gateway, the gateway authenticates the target application that initiates the target transaction request. The different target applications are integrated by the application system using SDKs (Software Development Kit ‌, software development kits), and the target transaction requests issued by the target applications are actually calls to specific services implemented through interfaces. In a specific embodiment, the process of authenticating the target application corresponding to the target transaction request by the gateway may include the gateway obtaining the target transaction request sent by the target application, and the gateway judging whether the service call authority corresponding to the target application meets a preset service call condition corresponding to the target transaction request, so that the gateway forwards the target transaction request to the password service container when the service call authority of the target application meets the preset service call condition. If the service calling authority corresponding to the target application does not meet the preset service calling condition corresponding to the target transaction request, the gateway generates a corresponding identity authentication request based on the target transaction request, the gateway sends the identity authentication request to the identity authentication service to obtain an identity authentication result corresponding to the identity authentication request, the gateway determines the service calling authority corresponding to the target application again based on the identity authentication result, and refuses to forward the target transaction request to the password service container when the service calling authority does not meet the preset service calling condition corresponding to the target transaction request. That is, the gateway will forward the target transaction request to the cryptographic service container only if the service invocation rights of the target application satisfy the rights required to execute the target transaction request.
Step S12, determining a uniform resource locator corresponding to the target transaction request, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule.
In this embodiment, as shown in fig. 3, after receiving an interface request, the cryptographic service container first needs to determine a URL (Uniform Resource Locator ‌, uniform resource locator) corresponding to the target request, determine a uniform resource locator corresponding to the target transaction request, then determine a request processing service corresponding to the target transaction request as a target request processing service based on the uniform resource locator, and distribute the target transaction request to the target request processing service for processing. In one particular embodiment, the process may include identifying a uniform resource locator in a target transaction request using a routing service in a cryptographic service container, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service using the routing service based on a preset routing rule. That is, the routing service performs routing rule matching according to the URL of the interface, accords with the request of the high-performance cryptographic computing interface, forwards to the high-performance cryptographic computing service realized by the C language, and forwards the other interface requests to the cryptographic function expansion service realized by the Java language. It will be appreciated that the target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on the C language, the second request processing service is a request processing service constructed based on the Java language, and the first request processing service and the second request processing service are located in the same cryptographic service container. By integrating the routing service, the high-performance password computing service and the password function expansion service, the password computing service container mirror image is constructed based on the unified basic mirror image, so that the password computing service container mirror image has good cross-platform deployment characteristics, and the variability of a hardware architecture and an operating system in an actual deployment environment is reduced.
And step S13, processing the target transaction request by utilizing the target request processing service to obtain a corresponding target processing result, and forwarding the target processing result to a target cipher machine so that the target cipher machine performs cipher operation based on the target processing result to obtain a target cipher calculation result corresponding to the target transaction request.
In this embodiment, the password service container processes the target transaction request by using the target request processing service to obtain a corresponding target processing result, and specifically includes parsing the target transaction request by using the target request processing service to obtain a corresponding parsed message, assembling the parsed message based on a preset adaptation format to obtain a corresponding assembled message, and encrypting the assembled message based on a preset encryption algorithm by using a pre-acquired target key to obtain a target processing result corresponding to the target transaction request. The target key is a key stored locally by the cryptographic service container or a key obtained by the target request processing service from the key management center by using the target transaction request. When the target processing result is forwarded to the target cipher machine, the cipher service container can communicate with a management platform of the cipher machine pool through a preset communication link to determine an idle cipher machine from all the cipher machines in the cipher machine pool based on load balancing, determine the target cipher machine from all the idle cipher machines, and forward the target processing result to the target cipher machine. After receiving the target processing result, the target cipher machine performs cipher operation to obtain a target cipher calculation result corresponding to the target transaction request. It can be appreciated that the cryptographic engines contained in the cryptographic engine pool are not only physical cryptographic engines and virtual cryptographic engines, but also realize compatibility to devices of different manufacturers according to user requirements.
And step S14, obtaining the target password calculation result returned by the target password machine, and returning the target password calculation result to the target application through the gateway so as to complete password calculation service.
In this embodiment, the target password opportunity returns the target password result to the password service container, and the password service container returns the received target password result to the target application through the gateway, thereby completing the overall password calculation service flow.
In the application, after the password service container receives the interface request, the routing service performs routing rule matching according to the URL of the interface, so that the target transaction request is forwarded to the corresponding target request processing service according to different service demands, the first request processing service constructed based on the C language can fully utilize the characteristic of the C language and provide high concurrency and high throughput password computing capability under the condition of lower memory occupation, and the second request processing service constructed based on the Java language can rapidly realize customized scenerization computing interfaces by utilizing a development framework rich in Java language and ecology or complete the adaptation of the password computing service to password equipment of different manufacturers and provide a computing interface which is more matched with service scenes and is easy to use. Meanwhile, the application integrates the routing service, the first request processing service and the second request processing service, constructs the password service container mirror image based on the unified basic mirror image, so that the password service container mirror image has good cross-platform deployment characteristics, and reduces the variability of a hardware architecture and an operating system in an actual deployment environment.
Referring to fig. 4, the present application discloses a cryptographic computing service providing device, which is applied to a cryptographic service container, comprising:
the transaction request acquisition module 11 is used for acquiring a target transaction request forwarded by a gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway;
A transaction request distribution module 12, configured to determine a uniform resource locator corresponding to the target transaction request, determine a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distribute the target transaction request to the target request processing service based on a preset routing rule;
The password calculation result obtaining module 13 is configured to process the target transaction request by using the target request processing service to obtain a corresponding target processing result, and forward the target processing result to a target password machine, so that the target password machine performs a password operation based on the target processing result to obtain a target password calculation result corresponding to the target transaction request;
A password calculation result returning module 14, configured to obtain the target password calculation result returned by the target password machine, and return the target password calculation result to the target application through the gateway to complete a password calculation service;
The target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on a C language, the second request processing service is a request processing service constructed based on a Java language, and the first request processing service and the second request processing service are located in the same password service container.
In the application, after the password service container receives the interface request, the routing service performs routing rule matching according to the URL of the interface, so that the target transaction request is forwarded to the corresponding target request processing service according to different service demands, the first request processing service constructed based on the C language can fully utilize the characteristic of the C language and provide high concurrency and high throughput password computing capability under the condition of lower memory occupation, and the second request processing service constructed based on the Java language can rapidly realize customized scenerization computing interfaces by utilizing a development framework rich in Java language and ecology or complete the adaptation of the password computing service to password equipment of different manufacturers and provide a computing interface which is more matched with service scenes and is easy to use. Meanwhile, the application integrates the routing service, the first request processing service and the second request processing service, constructs the password service container mirror image based on the unified basic mirror image, so that the password service container mirror image has good cross-platform deployment characteristics, and reduces the variability of a hardware architecture and an operating system in an actual deployment environment.
In a specific embodiment, the gateway may specifically include:
The request receiving module is used for acquiring the target transaction request sent by the target application;
And the request forwarding module is used for judging whether the service calling authority corresponding to the target application meets the preset service calling condition corresponding to the target transaction request or not so as to forward the target transaction request to the password service container when the service calling authority of the target application meets the preset service calling condition.
In a specific embodiment, the gateway may further include:
the authentication request generation module is used for generating a corresponding identity authentication request based on the target transaction request if the service calling authority corresponding to the target application does not meet the preset service calling condition corresponding to the target transaction request;
the authentication result acquisition module is used for sending the identity authentication request to an identity authentication service to acquire an identity authentication result corresponding to the identity authentication request;
And the permission unsatisfied operation module is used for determining the service calling permission corresponding to the target application again based on the identity authentication result, and refusing to forward the target transaction request to the password service container when the service calling permission does not meet the preset service calling condition corresponding to the target transaction request.
In one embodiment, the transaction request distribution module 12 may specifically include:
a locator identification unit for identifying a uniform resource locator in the target transaction request using a routing service in the cryptographic service container;
a service determining unit, configured to determine a target request processing service corresponding to the target transaction request based on the uniform resource locator;
And the request distribution unit is used for distributing the target transaction request to the target request processing service based on a preset routing rule by utilizing the routing service.
In a specific embodiment, the cryptographic calculation result obtaining module 13 may specifically include:
The request analysis unit is used for analyzing the target transaction request by utilizing the target request processing service to obtain a corresponding analysis message;
The message assembling unit is used for assembling the analysis message based on a preset adaptation format to obtain a corresponding assembled message;
And the message encryption unit is used for encrypting the assembled message based on a preset encryption algorithm by utilizing a pre-acquired target key so as to obtain a target processing result corresponding to the target transaction request.
In a specific embodiment, the cryptographic calculation result obtaining module 13 may specifically include:
A free crypto-engine determining unit for communicating with a management platform of a crypto-engine pool via a preset communication link to determine a free crypto-engine from all crypto-engines in the crypto-engine pool based on load balancing;
a target crypto-machine determining unit configured to determine a target crypto-machine from all the idle crypto-machines;
and the processing result forwarding unit is used for forwarding the target processing result to the target cipher machine.
Further, the embodiment of the present application further discloses an electronic device, and fig. 5 is a block diagram of an electronic device 20 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may include, in particular, at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input-output interface 25, and a communication bus 26. Wherein the memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the cryptographic computing service providing method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide working voltages for each hardware device on the electronic device 20, the communication interface 24 is capable of creating a data transmission channel with an external device for the electronic device 20, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein, and the input/output interface 25 is configured to obtain external input data or output data to the external device, and the specific interface type of the input/output interface may be selected according to the specific application needs and is not specifically limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and the computer program 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the cryptographic computing service providing method performed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program, wherein the computer program realizes the method for providing the cryptographic calculation service when being executed by a processor. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
While the foregoing has been provided to illustrate the principles and embodiments of the present application, specific examples have been provided herein to assist in understanding the principles and embodiments of the present application, and are intended to be in no way limiting, for those of ordinary skill in the art will, in light of the above teachings, appreciate that the principles and embodiments of the present application may be varied in any way.

Claims (10)

1. A cryptographic computing service providing method, applied to a cryptographic service container, comprising:
the method comprises the steps of obtaining a target transaction request forwarded by a gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway;
Determining a uniform resource locator corresponding to the target transaction request, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule;
Processing the target transaction request by utilizing the target request processing service to obtain a corresponding target processing result, and forwarding the target processing result to a target cryptographic machine so that the target cryptographic machine performs cryptographic operation based on the target processing result to obtain a target cryptographic calculation result corresponding to the target transaction request;
Acquiring the target password calculation result returned by the target password machine, and returning the target password calculation result to the target application through the gateway to complete password calculation service;
The target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on a C language, the second request processing service is a request processing service constructed based on a Java language, and the first request processing service and the second request processing service are located in the same password service container.
2. The cryptographic computing service providing method according to claim 1, wherein the process of authenticating the target application corresponding to the target transaction request by the gateway includes:
The gateway obtains the target transaction request sent by the target application;
The gateway judges whether the service calling authority corresponding to the target application meets the preset service calling condition corresponding to the target transaction request or not, so that the gateway forwards the target transaction request to the password service container when the service calling authority of the target application meets the preset service calling condition.
3. The cryptographic computing service providing method according to claim 2, further comprising:
If the service calling authority corresponding to the target application does not meet the preset service calling condition corresponding to the target transaction request, the gateway generates a corresponding identity authentication request based on the target transaction request;
The gateway sends the identity authentication request to an identity authentication service to acquire an identity authentication result corresponding to the identity authentication request;
And the gateway determines the service calling authority corresponding to the target application again based on the identity authentication result, and refuses to forward the target transaction request to the password service container when the service calling authority does not meet the preset service calling condition corresponding to the target transaction request.
4. The cryptographic computing service providing method according to claim 1, wherein the determining a uniform resource locator corresponding to the target transaction request to determine a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule, comprises:
identifying a uniform resource locator in the target transaction request using a routing service in the cryptographic service container;
Determining a target request processing service corresponding to the target transaction request based on the uniform resource locator;
And distributing the target transaction request to the target request processing service based on a preset routing rule by using the routing service.
5. The cryptographic computing service providing method according to claim 1, wherein the processing the target transaction request with the target request processing service to obtain a corresponding target processing result includes:
Analyzing the target transaction request by utilizing the target request processing service to obtain a corresponding analysis message;
splicing the analysis message based on a preset adaptation format to obtain a corresponding spliced message;
And encrypting the assembled message based on a preset encryption algorithm by utilizing a pre-acquired target key to obtain a target processing result corresponding to the target transaction request.
6. The cryptographic computing service providing method according to claim 5, wherein the target key is a key stored locally for the cryptographic service container or a key acquired from a key management center by the target request processing service using the target transaction request.
7. The cryptographic computing service providing method according to any one of claims 1 to 6, wherein the forwarding the target processing result to a target cryptographic machine includes:
Communicating with a management platform of a pool of cryptographic machines through a preset communication link to determine free cryptographic machines from all the cryptographic machines in the pool of cryptographic machines based on load balancing;
Determining a target cryptographic engine from all the idle cryptographic engines;
And forwarding the target processing result to the target cipher machine.
8. A cryptographic computing service providing apparatus, which is applied to a cryptographic service container, comprising:
the system comprises a transaction request acquisition module, a gateway authentication module and a transaction request processing module, wherein the transaction request acquisition module is used for acquiring a target transaction request forwarded by the gateway, wherein the target transaction request is a transaction request sent by a target application authenticated by the gateway;
The transaction request distribution module is used for determining a uniform resource locator corresponding to the target transaction request, determining a target request processing service corresponding to the target transaction request based on the uniform resource locator, and distributing the target transaction request to the target request processing service based on a preset routing rule;
The password calculation result acquisition module is used for processing the target transaction request by utilizing the target request processing service to obtain a corresponding target processing result, and forwarding the target processing result to a target password machine so that the target password machine carries out password operation on the basis of the target processing result to obtain a target password calculation result corresponding to the target transaction request;
the password calculation result returning module is used for acquiring the target password calculation result returned by the target password machine and returning the target password calculation result to the target application through the gateway so as to complete password calculation service;
The target request processing service is a first request processing service or a second request processing service, the first request processing service is a request processing service constructed based on a C language, the second request processing service is a request processing service constructed based on a Java language, and the first request processing service and the second request processing service are located in the same password service container.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the cryptographic computing service providing method as claimed in any one of claims 1 to 7.
10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the cryptographic computing service providing method of any one of claims 1 to 7.
CN202510596324.4A 2025-05-09 2025-05-09 A method, device, equipment and storage medium for providing cryptographic computing services Pending CN120200846A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510596324.4A CN120200846A (en) 2025-05-09 2025-05-09 A method, device, equipment and storage medium for providing cryptographic computing services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510596324.4A CN120200846A (en) 2025-05-09 2025-05-09 A method, device, equipment and storage medium for providing cryptographic computing services

Publications (1)

Publication Number Publication Date
CN120200846A true CN120200846A (en) 2025-06-24

Family

ID=96070297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510596324.4A Pending CN120200846A (en) 2025-05-09 2025-05-09 A method, device, equipment and storage medium for providing cryptographic computing services

Country Status (1)

Country Link
CN (1) CN120200846A (en)

Similar Documents

Publication Publication Date Title
EP3301881B1 (en) Method, device and system for using and invoking oauth api
CN112866177B (en) Method, device, storage medium and computer equipment for processing service call request
US7418501B2 (en) Dynamic extension of network-accessible services
CN112612629B (en) Method and system for realizing component type data interface
US8321498B2 (en) Policy interface description framework
US7207041B2 (en) Open platform architecture for shared resource access management
US9189649B2 (en) Security model for workflows aggregating third party secure services
CN110377438B (en) Routing method, device and system of cross-process communication interface
US6775700B2 (en) System and method for common information model object manager proxy interface and management
US20020083322A1 (en) Distribution of deployment information for remote applications
US20050015340A1 (en) Method and apparatus for supporting service enablers via service request handholding
US20060106748A1 (en) System and method for orchestrating composite web services in constrained data flow environments
US7418708B2 (en) JMS integration into an application server
CN115516840A (en) Information processing method, device, system, medium, chip and program
TWI762293B (en) Secure service request processing method and device
CN114281573A (en) Workflow data interaction method and device, electronic device and readable storage medium
CN113672403B (en) Interface calling method and device in information system and management information system
US7363487B2 (en) Method and system for dynamic client authentication in support of JAAS programming model
CN116827945A (en) Network twin function deployment method, device, equipment and storage medium
US20050144290A1 (en) Arbitrary java logic deployed transparently in a network
CN110673970B (en) Cross-process calling system and method based on web application
CN120200846A (en) A method, device, equipment and storage medium for providing cryptographic computing services
CN118283106A (en) Method, system, electronic device and storage medium for calling service across clouds
CN120821517B (en) Method, device, equipment and storage medium for calling server cipher machine
CN117762601B (en) A hydra service calling method, system, terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination