CFCA creates a security all-in-one solution, Kunpeng comprehensively promotes financial innovation
Safety and efficiency are not only the distinctive features
of the digital age, but also an important foundation for digital construction.
With the continuous deepening of digital transformation, improving efficiency
on the basis of ensuring information security and data security has become the
only way for financial enterprises to digitally transform.
Currently, the financial industry is in a critical period of
business digital transformation, and the underlying IT architecture needs
revolutionary changes to effectively support the transformation.
On the one hand, the demand for high-speed, large-capacity,
high concurrency, and real-time risk control urges the digitalization of the
financial industry to require a very stable base; on the other hand, the
digital transformation of the financial industry has a sustainable, stable, and
secure technology for the underlying IT architecture. Innovation requirements
are getting higher and higher. Under the rigid needs of financial digital
transformation, whoever can better meet the needs on this track will lead the
way and achieve success.
Therefore, digital transformation requires not only
"fast" but also "efficiency". In today's booming digital
economy, the financial industry is rapidly changing from business to channels,
from customers to products, from internal risks to external competitions. In
the face of possible diversified scenarios, the traditional security centered
on the x86 platform The all-in-one is obviously unsustainable.
Then, how to use a better platform as the base to help
financial institutions speed up and increase efficiency, and quickly migrate
existing applications while maintaining stability, has become a key issue.
CFCA joins hands with Kunpeng to create a new security
all-in-one solution
China Financial Certification Center (CFCA) is a high-tech
enterprise with comprehensive network security services as its core. It has
participated in major scientific research projects such as the "National
Gold Card Project" and "National 863 Program", and has led more
than 30 national standards, financial industry standards, and cryptography. The
establishment of industry standards and important organization standards, with
more than 100 invention patents and software copyrights, has won the
"Banking Technology Development Award" issued by the People's Bank of
China and important awards issued by the government and associations for many
times. At the same time, CFCA is the first institution in China to implement
all the root certificates into the four major root certificate libraries in the
world, and realize the independent control of server certificates.
In order to further solve the security and effectiveness of
"electronic signature" in the financial field application process,
CFCA launched a new security all-in-one solution based on Huawei Kunpeng
server. The solution was jointly designed and developed by Huawei's Financial
Industry Solutions Department and CFCA, and through the technological
empowerment of the Central Plains Kunpeng Ecological Innovation Center, it has
greatly improved the security level and transaction performance of the
connection between financial institutions. The overall solution is based on
Kunpeng server, Kylin operating system issued by openEuler and PCIE
cryptographic card independently developed by CFCA and other software and
hardware. In accordance with the banking system specifications, it realizes
functions such as national secret algorithm signature verification, digital
envelope encryption and decryption. On the premise of fully satisfying the
customer's business needs, it has also realized all localization from the
bottom foundation to the top building, and firmly holds the financial lifeline
in its own hands.
Now this solution has begun to be piloted in a bank's core
production system, realizing the secure docking between the access institution
and the bank's core system.
In actual operation, the new security all-in-one solution
has shown obvious advantages, and the information integrity, non-repudiation
and post-event traceability of the transaction process in key business
applications in the bank have been effectively improved. The empowerment of
Kunpeng's software and hardware products is far more than just security and
stability.
It is understood that the new security all-in-one solution
adopts the Kirin operating system and the full-stack optimization of the
platform based on the Kunpeng BoostKit application enablement kit, enabling the
Kunpeng server hardware to give full play to its own multi-core computing power
advantages, while optimizing users The state lock mechanism makes the CPU
consumption rate of cipher card operation less than 30%.
Based on the Kunpeng BoostKit application enablement kit,
and relying on the Kunpeng hard encryption instruction set, the new solution realizes
the coordinated acceleration of software and hardware, and the application
performance is doubled. From the actual test data, after using the KAE
acceleration engine in Kunpeng BootsKit to call the SM3 and SM4 algorithms, the
performance of the SM3 algorithm has increased by about 100,000 TPS, and the
performance of the SM4 algorithm has increased by about 15 times.
In addition, Wang Bo, product director of the CFCA
Technology Department, said that in the process of creating a new security
all-in-one solution, CFCA has also worked with Huawei to recompile the BIOS
software to realize the disk RAID settings that Kunpeng hardware can directly
recognize and shape In order to better meet the needs of core-level systems in
the financial industry, a new form of password card reader has been introduced.
Program migration is a time-consuming and laborious process,
and the iteration of the underlying architecture from the old to the new faces
many difficulties. To migrate from the x86 platform to the Kunpeng platform,
most of the dynamic libraries and static library files in the encryption card,
optical port driver and other program software need to be recompiled. However,
with the support of the Kunpeng development kit DevKit, these problems are
easily solved. .
"Using the Kunpeng development kit DevKit, we quickly
completed the platform migration of the software program within a week."
The person in charge of the product said.
Landing in a variety of scenarios, Kunpeng ecology
accelerates innovation and transformation in all aspects
The CFCA security all-in-one solution is the first in the
industry. Through Kunpeng technology, it effectively improves the computing
performance of crypto cards, reduces CPU energy consumption, and accelerates
customers' landing in the financial industry.
In the localization transformation of a domestic bank's core
system, the original business was an X86 base, and the business performance was
only less than 6000TPS. After the completion of technology empowerment, CFCA
provides independent research and development of high-performance domestic
cryptographic cards based on Kunpeng processor, Kirin operating system ,
Forming a fully autonomous and controllable security all-in-one solution, which
is a perfect replacement for RISC minicomputers and x86 platforms. The business
performance has been improved from less than 6000TPS to 15500TPS on Kunpeng
platform, and the performance has increased by 150%.
It is a new attempt to apply Kunpeng's hardware and software
base to the security all-in-one machine. Today, the security all-in-one
solution based on Kunpeng’s software and hardware collaboration has been
operating stably in the pilot bank’s business system for half a year. In the
future, CFCA will continue to deepen the program. Many financial application
scenarios such as credit investigation, network access, intra-city clearing,
digital renminbi, etc. are promoted, and application scenarios in other fields
are simultaneously explored.
From the perspective of Kunpeng's computing industry
ecology, this is just a case of helping customers increase speed and efficiency
through bottom-level construction. Regarding the structural characteristics and
business characteristics of the financial industry and financial business
systems, Kunpeng has already established mature technology and ecological
conditions, allowing more customers to enjoy Kunpeng’s empowerment in specific
scenarios:
•
Multi-core and high concurrent computing power support customers to build a
safe and stable distributed financial core system;
•
Collaborative innovation with cloud platforms and distributed databases to
accelerate the online banking business while saving costs;
•
Jointly promote open source container cloud projects with bank customers, and
open up channel transaction scenarios and applications...
As the digital base of financial technology, Kunpeng is
promoting the digital transformation of finance in the four major financial
industry business scenarios of financial core, Internet banking, business
analysis, and channel transactions.
On September 23-25, Huawei Full Connect 2021 will be held
online. The conference will focus on the theme of "deepening
digitalization" and will discuss in-depth experience improvement,
efficiency improvement and model innovation in all walks of life in the digital
age. With the assistance of Huawei, we look forward to seeing more industries
embrace the arrival of digitalization as soon as possible.