CFCA creates a security all-in-one solution, Kunpeng comprehensively promotes financial innovation

2021.09.25

Safety and efficiency are not only the distinctive features of the digital age, but also an important foundation for digital construction. With the continuous deepening of digital transformation, improving efficiency on the basis of ensuring information security and data security has become the only way for financial enterprises to digitally transform.

 

Currently, the financial industry is in a critical period of business digital transformation, and the underlying IT architecture needs revolutionary changes to effectively support the transformation.

 

On the one hand, the demand for high-speed, large-capacity, high concurrency, and real-time risk control urges the digitalization of the financial industry to require a very stable base; on the other hand, the digital transformation of the financial industry has a sustainable, stable, and secure technology for the underlying IT architecture. Innovation requirements are getting higher and higher. Under the rigid needs of financial digital transformation, whoever can better meet the needs on this track will lead the way and achieve success.

 

Therefore, digital transformation requires not only "fast" but also "efficiency". In today's booming digital economy, the financial industry is rapidly changing from business to channels, from customers to products, from internal risks to external competitions. In the face of possible diversified scenarios, the traditional security centered on the x86 platform The all-in-one is obviously unsustainable.

 

Then, how to use a better platform as the base to help financial institutions speed up and increase efficiency, and quickly migrate existing applications while maintaining stability, has become a key issue.

 

CFCA joins hands with Kunpeng to create a new security all-in-one solution

China Financial Certification Center (CFCA) is a high-tech enterprise with comprehensive network security services as its core. It has participated in major scientific research projects such as the "National Gold Card Project" and "National 863 Program", and has led more than 30 national standards, financial industry standards, and cryptography. The establishment of industry standards and important organization standards, with more than 100 invention patents and software copyrights, has won the "Banking Technology Development Award" issued by the People's Bank of China and important awards issued by the government and associations for many times. At the same time, CFCA is the first institution in China to implement all the root certificates into the four major root certificate libraries in the world, and realize the independent control of server certificates.

 

In order to further solve the security and effectiveness of "electronic signature" in the financial field application process, CFCA launched a new security all-in-one solution based on Huawei Kunpeng server. The solution was jointly designed and developed by Huawei's Financial Industry Solutions Department and CFCA, and through the technological empowerment of the Central Plains Kunpeng Ecological Innovation Center, it has greatly improved the security level and transaction performance of the connection between financial institutions. The overall solution is based on Kunpeng server, Kylin operating system issued by openEuler and PCIE cryptographic card independently developed by CFCA and other software and hardware. In accordance with the banking system specifications, it realizes functions such as national secret algorithm signature verification, digital envelope encryption and decryption. On the premise of fully satisfying the customer's business needs, it has also realized all localization from the bottom foundation to the top building, and firmly holds the financial lifeline in its own hands.

 

Now this solution has begun to be piloted in a bank's core production system, realizing the secure docking between the access institution and the bank's core system.


 Speed, efficiency, and rapid migration, Kunpeng's software and hardware synergy advantages are fully demonstrated

 

In actual operation, the new security all-in-one solution has shown obvious advantages, and the information integrity, non-repudiation and post-event traceability of the transaction process in key business applications in the bank have been effectively improved. The empowerment of Kunpeng's software and hardware products is far more than just security and stability.

 

It is understood that the new security all-in-one solution adopts the Kirin operating system and the full-stack optimization of the platform based on the Kunpeng BoostKit application enablement kit, enabling the Kunpeng server hardware to give full play to its own multi-core computing power advantages, while optimizing users The state lock mechanism makes the CPU consumption rate of cipher card operation less than 30%.

 

Based on the Kunpeng BoostKit application enablement kit, and relying on the Kunpeng hard encryption instruction set, the new solution realizes the coordinated acceleration of software and hardware, and the application performance is doubled. From the actual test data, after using the KAE acceleration engine in Kunpeng BootsKit to call the SM3 and SM4 algorithms, the performance of the SM3 algorithm has increased by about 100,000 TPS, and the performance of the SM4 algorithm has increased by about 15 times.

 

In addition, Wang Bo, product director of the CFCA Technology Department, said that in the process of creating a new security all-in-one solution, CFCA has also worked with Huawei to recompile the BIOS software to realize the disk RAID settings that Kunpeng hardware can directly recognize and shape In order to better meet the needs of core-level systems in the financial industry, a new form of password card reader has been introduced.

 

Program migration is a time-consuming and laborious process, and the iteration of the underlying architecture from the old to the new faces many difficulties. To migrate from the x86 platform to the Kunpeng platform, most of the dynamic libraries and static library files in the encryption card, optical port driver and other program software need to be recompiled. However, with the support of the Kunpeng development kit DevKit, these problems are easily solved. .

 

"Using the Kunpeng development kit DevKit, we quickly completed the platform migration of the software program within a week." The person in charge of the product said.

 

Landing in a variety of scenarios, Kunpeng ecology accelerates innovation and transformation in all aspects

The CFCA security all-in-one solution is the first in the industry. Through Kunpeng technology, it effectively improves the computing performance of crypto cards, reduces CPU energy consumption, and accelerates customers' landing in the financial industry.

 

In the localization transformation of a domestic bank's core system, the original business was an X86 base, and the business performance was only less than 6000TPS. After the completion of technology empowerment, CFCA provides independent research and development of high-performance domestic cryptographic cards based on Kunpeng processor, Kirin operating system , Forming a fully autonomous and controllable security all-in-one solution, which is a perfect replacement for RISC minicomputers and x86 platforms. The business performance has been improved from less than 6000TPS to 15500TPS on Kunpeng platform, and the performance has increased by 150%.

 

It is a new attempt to apply Kunpeng's hardware and software base to the security all-in-one machine. Today, the security all-in-one solution based on Kunpeng’s software and hardware collaboration has been operating stably in the pilot bank’s business system for half a year. In the future, CFCA will continue to deepen the program. Many financial application scenarios such as credit investigation, network access, intra-city clearing, digital renminbi, etc. are promoted, and application scenarios in other fields are simultaneously explored.

 

From the perspective of Kunpeng's computing industry ecology, this is just a case of helping customers increase speed and efficiency through bottom-level construction. Regarding the structural characteristics and business characteristics of the financial industry and financial business systems, Kunpeng has already established mature technology and ecological conditions, allowing more customers to enjoy Kunpeng’s empowerment in specific scenarios:

 

Multi-core and high concurrent computing power support customers to build a safe and stable distributed financial core system;

Collaborative innovation with cloud platforms and distributed databases to accelerate the online banking business while saving costs;

Jointly promote open source container cloud projects with bank customers, and open up channel transaction scenarios and applications...

 

As the digital base of financial technology, Kunpeng is promoting the digital transformation of finance in the four major financial industry business scenarios of financial core, Internet banking, business analysis, and channel transactions.

 

On September 23-25, Huawei Full Connect 2021 will be held online. The conference will focus on the theme of "deepening digitalization" and will discuss in-depth experience improvement, efficiency improvement and model innovation in all walks of life in the digital age. With the assistance of Huawei, we look forward to seeing more industries embrace the arrival of digitalization as soon as possible.