CN109543452A - Data transmission method, device, electronic equipment and computer readable storage medium - Google Patents

Data transmission method, device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN109543452A
CN109543452A CN201811447985.7A CN201811447985A CN109543452A CN 109543452 A CN109543452 A CN 109543452A CN 201811447985 A CN201811447985 A CN 201811447985A CN 109543452 A CN109543452 A CN 109543452A
Authority
CN
China
Prior art keywords
data
protocol stack
communication protocol
domain
enciphering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811447985.7A
Other languages
Chinese (zh)
Inventor
姜哲
赵春雷
邹仕洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yuanxin Science and Technology Co Ltd
Original Assignee
Beijing Yuanxin Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yuanxin Science and Technology Co Ltd filed Critical Beijing Yuanxin Science and Technology Co Ltd
Priority to CN201811447985.7A priority Critical patent/CN109543452A/en
Publication of CN109543452A publication Critical patent/CN109543452A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

This application involves technical field of data processing, disclose a kind of data transmission method, device, electronic equipment and computer readable storage medium, wherein, data transmission method is applied to include in the application environment at least three mutually isolated execution domains, operating system, communication protocol stack and enciphering and deciphering algorithm are separately operable at least three mutually isolated execution domains, comprising: detection data transmission request;Then when detecting data transfer request, the data carried in data transfer request are transmitted based on three execution domains.The method of the embodiment of the present application, so that loose coupling between operating system, communication protocol stack and enciphering and deciphering algorithm, not only facilitate and data are checked, and ensure that encryption flow can not be bypassed, communication protocol stack is effectively prevented to be replaced or generation the case where enciphering and deciphering algorithm is not called upon, meanwhile, it is capable to individually be upgraded to communication protocol stack or enciphering and deciphering algorithm, safeguarded, the convenience in use process is greatly improved.

Description

Data transmission method, device, electronic equipment and computer readable storage medium
Technical field
This application involves technical field of data processing, specifically, this application involves a kind of data transmission method, device, Electronic equipment and computer readable storage medium.
Background technique
With the continuous progress of science and technology, the communication technology has great development, has largely changed people's Life, social continuous development, which allows the data confidentiality of people to realize, also constantly to be enhanced, mobile communication, shopping at network, electronics postal The various data for being related to personal information such as part require to carry out data confidentiality, and data confidentiality has confidentiality, integrality, can be used Property, controllability and non-repudiation, in real life, data information, which is illegally intercepted and is stolen, to be brought to people's lives Very big loss seriously affects normal civil order, especially as the mobile phone terminal of necessary communication tool, data transmission With very high confidentiality requirement.
Currently, the encryption in data transmission procedure comes mainly based on software cryptography by using calling formula encryption library It realizes, but with the development of communication technology, communication environment is increasingly sophisticated, in certain application backgrounds, is added by software Close scheme can not meet demand, for example be easy to be bypassed, be easy to be cracked.
Summary of the invention
The purpose of the application is intended at least can solve above-mentioned one of technological deficiency, and spy proposes following technical scheme:
In a first aspect, a kind of data transmission method is provided, applied to including at least three mutually isolated execution domains In application environment, it is separately operable operating system, communication protocol stack and enciphering and deciphering algorithm at least three mutually isolated execution domains, Include:
Detection data transmission request;
When detecting data transfer request, based on three execution domains to the data carried in the data transfer request into Row transmission.
Second aspect provides a kind of data transmission device, applied to including at least three mutually isolated execution domains In application environment, it is separately operable operating system, communication protocol stack and enciphering and deciphering algorithm at least three mutually isolated execution domains, Include:
Detection module, for detection data transmission request;
Transmission module, for when detecting data transfer request, based on three execution domains to being taken in data transfer request The data of band are transmitted.
The third aspect, provides a kind of electronic equipment, including memory, processor and storage on a memory and can located The computer program run on reason device, processor realize above-mentioned data transmission method when executing described program.
Fourth aspect provides a kind of computer readable storage medium, calculating is stored on computer readable storage medium Machine program, the program realize above-mentioned data transmission method when being executed by processor.
The application implements the data transmission method provided, and detection data transmission request is based on three execution domains pair to be subsequent The data carried in data transfer request carry out transmission and provide premise guarantee;When detecting data transfer request, it is based on three It executes domain to transmit the data carried in data transfer request, thus by being separately operable operating system, communication protocol stack And three mutually isolated execution domains of enciphering and deciphering algorithm, to be transmitted to data so that operating system, communication protocol stack and Loose coupling between enciphering and deciphering algorithm not only facilitates and checks data, but also ensures that encryption flow can not be bypassed, effectively Communication protocol stack is avoided to be replaced or generation the case where enciphering and deciphering algorithm is not called upon, meanwhile, communication protocol stack with plus solution Close algorithm is belonging respectively to mutually indepedent, mutually isolated different execution domains, so as to individually to communication protocol stack or encryption and decryption Algorithm is upgraded, is safeguarded, the convenience in use process is greatly improved.
The additional aspect of the application and advantage will be set forth in part in the description, these will become from the following description It obtains obviously, or recognized by the practice of the application.
Detailed description of the invention
The application is above-mentioned and/or additional aspect and advantage will become from the following description of the accompanying drawings of embodiments Obviously and it is readily appreciated that, in which:
Fig. 1 is the flow diagram of the data transmission method of the embodiment of the present application;
Fig. 2 is the structural schematic diagram in three execution domains of the micro-kernel of the embodiment of the present application;
Fig. 3 is the EL executive level schematic diagram of the ARM framework of the embodiment of the present application;
Fig. 4 is the basic structure schematic diagram of the data transmission device of the embodiment of the present application;
Fig. 5 is the detailed construction schematic diagram of the data transmission device of the embodiment of the present application;
Fig. 6 is the structural schematic diagram of the electronic equipment of the embodiment of the present application.
Specific embodiment
Embodiments herein is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached The embodiment of figure description is exemplary, and is only used for explaining the application, and cannot be construed to the limitation to the application.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in the description of the present application Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange Diction "and/or" includes one or more associated wholes for listing item or any cell and all combinations.
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application embodiment party Formula is described in further detail.
Currently, the encryption in data transmission procedure comes mainly based on software cryptography by using calling formula encryption library It realizes, but with the development of communication technology, communication environment is increasingly sophisticated, in certain application backgrounds, is added by software Close scheme can not meet demand, for example be easy to be bypassed, be easy to be cracked.
Data transmission method, device, electronic equipment and computer readable storage medium provided by the present application, it is intended to solve existing There is the technical problem as above of technology.
How the technical solution of the application and the technical solution of the application are solved with specifically embodiment below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, embodiments herein is described.
Embodiment one
The embodiment of the present application provides a kind of data transmission method, applied to including at least three mutually isolated execution domains Application environment in, operating system is separately operable at least three mutually isolated execution domains, communication protocol stack and encryption and decryption are calculated Method, as shown in Figure 1, comprising:
Step S110, detection data transmission request.
Specifically, mobile terminal can detecte with the presence or absence of data transfer request, wherein can detecte installed answer It whether there is data transfer request with whether there is in data transfer request, such as detection chat class application program in program, again Such as it whether there is data transfer request in detection bank's class application program.In addition, mobile terminal can also detect whether exist The data transfer requests such as call, short message.
Step S120 executes domains to carrying in data transfer request based on three when detecting data transfer request Data are transmitted.
Specifically, mobile terminal detects data transfer request, i.e., when mobile terminal detects the presence of data transfer request, Such as detect that there are data transfer requests in chat class application program, in another example detecting that there are numbers in bank's class application program It is requested according to transmission, then the data transfer request such as detecting the presence of call, short message.
Further, if detecting data transfer request, domains are executed to carrying in data transfer request based on three Data are transmitted, i.e., hold based on three for being separately operable operating system, communication protocol stack and enciphering and deciphering algorithm are mutually isolated Row domain, to be transmitted to the data carried in data transfer request, so that operating system, communication protocol stack and enciphering and deciphering algorithm Between loose coupling, not only facilitate and data checked, but also ensure that encryption flow can not be bypassed, effectively prevent communicating The generation for the case where protocol stack is replaced or enciphering and deciphering algorithm is not called upon.
Data transmission method provided by the embodiments of the present application, compared with prior art, detection data transmission request, is subsequent Transmission is carried out to the data carried in data transfer request based on three execution domains, premise guarantee is provided;When detect data transmit When request, the data carried in data transfer request are transmitted based on three execution domains, thus by being separately operable operation Three mutually isolated execution domains of system, communication protocol stack and enciphering and deciphering algorithm, to be transmitted to data, so that operation system Loose coupling between system, communication protocol stack and enciphering and deciphering algorithm not only facilitates and checks data, but also ensures encryption flow It can not be bypassed, effectively prevent communication protocol stack and be replaced or generation the case where enciphering and deciphering algorithm is not called upon, meanwhile, lead to Believe that protocol stack is belonging respectively to mutually indepedent, mutually isolated different execution domains from enciphering and deciphering algorithm, so as to individually to communication Protocol stack or enciphering and deciphering algorithm are upgraded, are safeguarded, the convenience in use process is greatly improved.
Embodiment two
The embodiment of the present application provides alternatively possible implementation, further includes implementing on the basis of example 1 Method shown in example two, wherein
Further include step S100 (being not marked in figure) before step S110: based on micro-kernel establish at least three mutually every From execution domain, and be separately operable operating system, communication protocol stack and encryption and decryption at least three mutually isolated execution domains Algorithm.
Specifically, micro-kernel is exactly the kernel " simplified " the most, and it is most basic, most basic only to retain constructor system kernel Part, generally comprise clock and interrupt, basic memory address management, thread abstraction, scheduling and IPC (Inter-Process Communication, interactive process communication) etc..For other parts, such as file management, network support etc., all it is moved into To user's space, exist in the form of services, provides function to system other parts by IPC mechanism.
Further, Mach has a characteristic that
Size of code is far smaller than macro kernel operating system;
Internal logic structure is simple;
File system, driver, communication protocol stack etc. all as User space service operation oneself address it is empty Between in;
Each module provides service by IPC;
Modern micro-kernel often has the ability for IPC message being authenticated and being carried out access control.
Further, it usually needs in advance to set mobile terminal before the transmission request of mobile terminal detection data Meter is developed and is produced, and only mobile terminal is after volume production, sales volume, and user could buy and using mobile terminal, thus using In the process, mobile terminal detection data transmission request.
Further, it during being designed, developing to mobile terminal, i.e., is asked in the transmission of mobile terminal detection data Before asking, can the operating system framework to mobile terminal planned, designed, make the operating system of mobile terminal using being based on The operating system of micro-kernel, while at least three mutually isolated execution domains are established based on micro-kernel, and at least three phase Operating system, communication protocol stack and enciphering and deciphering algorithm, i.e. operating system, communication protocol stack are separately operable in the execution domain being mutually isolated And enciphering and deciphering algorithm is separately operable in three mutually indepedent, mutually isolated execution domains.
For the embodiment of the present application, the reliability of data transmission ensure that from framework based on the operating system of micro-kernel, And at least three mutually isolated execution domains are established based on micro-kernel, and in at least three mutually isolated execution domain respectively Operating system, communication protocol stack and enciphering and deciphering algorithm are run, is avoided due to operating system, communication protocol stack and enciphering and deciphering algorithm Run on the same space, and there is a situation where communication protocol stack is replaced or enciphering and deciphering algorithm is not called upon.
Embodiment three
The embodiment of the present application provides alternatively possible implementation, further includes implementing on the basis of example 2 Method shown in example three, wherein
When data transfer request is to send request of data, step S120 includes step S1201 (being not marked in figure) and step Rapid S1202 (being not marked in figure), wherein
Step S1201: by being run in micro-kernel between the first domain of operating system and the second domain of operation communication protocol stack The first communication channel, data to be sent are sent to the second domain, so that communication protocol stack is packaged data to be sent.
Step S1202: by running the second domain of communication protocol stack and the third domain of operation enciphering and deciphering algorithm in micro-kernel Between the second communication channel, the data after communication protocol stack is encapsulated are sent to third domain, so that enciphering and deciphering algorithm is to communication Data after protocol stack encapsulation are encrypted.
Specifically, when data transfer request is to send request of data, i.e., when mobile terminal carries out the transmission of data, such as The chat class application program of mobile terminal needs to carry out the transmission of data, in another example bank's class application program of mobile terminal needs The transmission of data is carried out, then needs to carry out the transmission of data such as the phone of mobile terminal, short message, is proceeded as follows: first Data to be sent (i.e. initial data) are transferred to communication protocol stack through the communication channel of micro-kernel, by communication protocol stack according to logical Letter agreement is packaged data to be sent, that is, maps the data into the payload of some tunneling, be subsequently filled corresponding association The packet header of view, forms the data packet of tunneling, and completes rate adaptation;Then, again through communication protocol stack treated data Communication channel through micro-kernel is transmitted to enciphering and deciphering algorithm domain and is encrypted;So far, it must be close for being sent to the data packet of network Literary data packet.
Further, above-mentioned that data to be sent (i.e. initial data) are transferred to communication protocol through the communication channel of micro-kernel Stack, first can be between the first domain and the second domain of operation communication protocol stack by running operating system in micro-kernel communicate Data to be sent are sent to the second domain by channel, so that communication protocol stack is packaged data to be sent.
It is further, above-mentioned that through communication protocol stack treated data, the communication channel through micro-kernel is transmitted to encryption and decryption again Algorithm domain is encrypted, and can be the second domain by running communication protocol stack in micro-kernel and the third of operation enciphering and deciphering algorithm The second communication channel between domain, the data after communication protocol stack is encapsulated are sent to third domain, so that enciphering and deciphering algorithm is to logical Data after letter protocol stack encapsulation are encrypted.
Further, Fig. 2 shows be separately operable operating system, communication protocol stack and enciphering and deciphering algorithm based on micro-kernel Three correspondences executed between domain run the first domain of operating system and the second domain of operation communication protocol stack in Fig. 2 Between communication channel be the first above-mentioned communication channel, run communication protocol stack the second domain and operation enciphering and deciphering algorithm third Communication channel between domain is the second above-mentioned communication channel.
For the embodiment of the present application, micro-kernel ensure that from framework data ciphertext transmission, and by operating system, Communication protocol stack and enciphering and deciphering algorithm three independently execute interactively communicating between domain, it is ensured that encryption flow can not be bypassed.
Example IV
The embodiment of the present application provides alternatively possible implementation, further includes implementing on the basis of example 2 Method shown in example four, wherein
When data transfer request is to send request of data, step S120 includes step S1203 (being not marked in figure), step S1204 (being not marked in figure) and step S1205 (being not marked in figure), wherein
Step S1203: the data received are decapsulated by communication protocol stack.
Step S1204: by the second communication channel in micro-kernel, the data after communication protocol stack is decapsulated are sent to Third domain, so that the data after enciphering and deciphering algorithm decapsulates communication protocol stack are decrypted.
Step S1205: by being run in micro-kernel between the third domain of enciphering and deciphering algorithm and the first domain of operation operating system Third communication channel, the data after decryption are sent to operating system.
Specifically, when data transfer request is to receive request of data, i.e., when mobile terminal carries out the reception of data, such as The chat class application program of mobile terminal needs to carry out the reception of data, in another example bank's class application program of mobile terminal needs The reception of data is carried out, then needs to carry out the reception of data such as the phone of mobile terminal, short message, is proceeded as follows: first The data packet received is carried out decapsulation processing (inverse process i.e. in encapsulation process) by communication protocol stack, such as dismantling number According to packet, the information in packet header is handled, takes out the data in payload;Then, through communication protocol stack treated data again through micro- interior The communication channel of core is transmitted to enciphering and deciphering algorithm and is decrypted, the data after being decrypted;Then, the data after decryption are again through micro- The communication channel of kernel is transmitted to operating system;So far, mobile terminal completes the reception of data.
Further, the data after above-mentioned decapsulation are transferred to enciphering and deciphering algorithm through the communication channel of micro-kernel, can be By the second communication channel in micro-kernel, the data after communication protocol stack is decapsulated are sent to third domain, so that plus solution Data after close algorithm decapsulates communication protocol stack are decrypted.
Further, the communication channel through micro-kernel is transmitted to operating system to the data after above-mentioned decryption again, can be logical The third communication channel between the third domain for running enciphering and deciphering algorithm and the first domain of operation operating system is crossed in micro-kernel, will be decrypted Data afterwards are sent to operating system.
Further, Fig. 2 shows be separately operable operating system, communication protocol stack and enciphering and deciphering algorithm based on micro-kernel Three correspondences executed between domain run the first domain of operating system and the third domain of operation enciphering and deciphering algorithm in Fig. 2 Between communication channel be above-mentioned third communication channel.
For the embodiment of the present application, micro-kernel ensure that from framework data ciphertext transmission, and by operating system, Communication protocol stack and enciphering and deciphering algorithm three independently execute interactively communicating between domain, it is ensured that decryption process can not be bypassed.
Embodiment five
The embodiment of the present application provides alternatively possible implementation, any implementation into example IV in embodiment one It further include method shown in embodiment five on the basis of example, wherein
Operating system, communication protocol stack and enciphering and deciphering algorithm are located at the EL1 executive level in ARM framework, and micro-kernel is located at EL2 executive level in ARM framework.
Specifically, the central processor CPU based on ARMv8-a framework, such as Fig. 3 of inside structure under operation institute Show, including 4 abnormal ranks, is EL0 (application program corresponding to user mode) respectively, EL1 (corresponds to guest operation system System) and EL2 (corresponding to virtual machine manager) and EL3 (corresponding to security monitor), i.e., common user program is in EL0, Rank is minimum, and kernel is in EL1, and HyperVisor (operates in the middleware software between basic physics server and operating system Layer, allows multiple operating systems and Application share hardware) belong to privilege level in EL2, EL1-3.
Further, the mobile terminal based on micro-kernel uses for reference the abnormal rank in existing ARMv8-a framework, will operate System, communication protocol stack and enciphering and deciphering algorithm three mutually isolated execution configuration of territories are EL1 executive level, and micro-kernel is configured For EL2 executive level, to have higher level of privilege, therefore under fire face is small more than kernel, and attacking from User space It hits and needs continuous penetrating system layer, inner nuclear layer that could form attack, it is very high to break through difficulty.
For the embodiment of the present application, by configuring operating system, communication protocol stack and enciphering and deciphering algorithm in ARM framework EL1 executive level, configure the EL2 executive level in ARM framework for micro-kernel, extraneous attack difficulty be significantly greatly increased, Effectively prevent the case where enciphering and deciphering algorithm is by Brute Force.
Embodiment six
Fig. 4 is a kind of structural schematic diagram of data transmission device provided by the embodiments of the present application, as shown in figure 4, the device 40 may include detection module 41 and transmission module 42, wherein
Device 40 is applied to, this at least three mutually every From execution domain in be separately operable operating system, communication protocol stack and enciphering and deciphering algorithm;
Detection module 41 is for detection data transmission request;
Transmission module 42 is used for when detecting data transfer request, based on three execution domains to taking in data transfer request The data of band are transmitted.
Specifically, which further includes establishing module 43, as shown in Figure 5, wherein
Module 43 is established for establishing at least three mutually isolated execution domains based on micro-kernel, and mutually at least three Operating system, communication protocol stack and enciphering and deciphering algorithm are separately operable in the execution domain of isolation.
Further, when data transfer request is to send request of data, transmission module 42 includes the first sending submodule 421 and second sending submodule 422, as shown in Figure 5, wherein
First sending submodule 421 is used for the first domain and operation communication protocol stack by running operating system in micro-kernel The second domain between the first communication channel, data to be sent are sent to the second domain, so that communication protocol stack is to number to be sent According to being packaged;
Second sending submodule 422 is used to the second domain by running communication protocol stack in micro-kernel and runs encryption and decryption calculate The second communication channel between the third domain of method, the data after communication protocol stack is encapsulated are sent to third domain, so that encryption and decryption Data after algorithm encapsulates communication protocol stack encrypt.
Further, when data transfer request is to receive request of data, transmission module 42 includes decapsulation submodule 423, third sending submodule 424 and the 4th sending submodule 425, as shown in Figure 5, wherein
Decapsulation submodule 423 is used to decapsulate the data received by communication protocol stack;
Third sending submodule 424 is used for by the second communication channel in micro-kernel, after communication protocol stack is decapsulated Data be sent to third domain so that enciphering and deciphering algorithm to communication protocol stack decapsulate after data be decrypted;
4th sending submodule 425 is used for third domain and operation operating system by running enciphering and deciphering algorithm in micro-kernel The first domain between third communication channel, the data after decryption are sent to operating system.
Further, operating system, communication protocol stack and enciphering and deciphering algorithm are located at the EL1 executive level in ARM framework, micro- Kernel is located at the EL2 executive level in ARM framework.
Device provided by the embodiments of the present application, compared with prior art, detection data transmission request is based on three to be subsequent It executes domain and transmission offer premise guarantee is carried out to the data carried in data transfer request;When detecting data transfer request, The data carried in data transfer request are transmitted based on three execution domains, thus by being separately operable operating system, leading to Three mutually isolated execution domains for believing protocol stack and enciphering and deciphering algorithm, to be transmitted to data, so that operating system, communication Loose coupling between protocol stack and enciphering and deciphering algorithm not only facilitates and checks data, but also ensures that encryption flow can not be by It bypasses, effectively prevents communication protocol stack and be replaced or generation the case where enciphering and deciphering algorithm is not called upon, meanwhile, communication protocol Stack is belonging respectively to mutually indepedent, mutually isolated different execution domains from enciphering and deciphering algorithm, so as to individually to communication protocol stack Or enciphering and deciphering algorithm is upgraded, is safeguarded, the convenience in use process is greatly improved.
Embodiment seven
The embodiment of the present application provides a kind of electronic equipment, as shown in fig. 6, electronic equipment shown in fig. 6 600 includes: place Manage device 601 and memory 603.Wherein, processor 601 is connected with memory 603, is such as connected by bus 602.Further, Electronic equipment 600 can also include transceiver 604.It should be noted that transceiver 604 is not limited to one in practical application, it should The structure of electronic equipment 600 does not constitute the restriction to the embodiment of the present application.
Wherein, processor 601 is applied in the embodiment of the present application, for realizing Fig. 4 or detection module shown in fig. 5 and number According to the function of transmission module.
Processor 601 can be CPU, general processor, DSP, ASIC, FPGA or other programmable logic device, crystalline substance Body pipe logical device, hardware component or any combination thereof.It, which may be implemented or executes, combines described by present disclosure Various illustrative logic blocks, module and circuit.Processor 601 is also possible to realize the combination of computing function, such as wraps It is combined containing one or more microprocessors, DSP and the combination of microprocessor etc..
Bus 602 may include an access, and information is transmitted between said modules.Bus 602 can be pci bus or EISA Bus etc..Bus 602 can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 6 only with one slightly Line indicates, it is not intended that an only bus or a type of bus.
Memory 603 can be ROM or can store the other kinds of static storage device of static information and instruction, RAM Or the other kinds of dynamic memory of information and instruction can be stored, it is also possible to EEPROM, CD-ROM or other CDs Storage, optical disc storage (including compression optical disc, laser disc, optical disc, Digital Versatile Disc, Blu-ray Disc etc.), magnetic disk storage medium Or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form desired program generation Code and can by any other medium of computer access, but not limited to this.
Memory 603 is used to store the application code for executing application scheme, and is held by processor 601 to control Row.Processor 601 is for executing the application code stored in memory 603, to realize that Fig. 4 or embodiment illustrated in fig. 5 are mentioned The movement of the data transmission device of confession.
Electronic equipment provided by the embodiments of the present application, including memory, processor and storage on a memory and can located The computer program that runs on reason device, when processor executes program, compared with prior art, it can be achieved that: detection data transmission is asked Ask, for it is subsequent based on three execution domains to the data carried in data transfer request carry out transmission premise guarantee is provided;Work as detection When to data transfer request, the data carried in data transfer request are transmitted based on three execution domains, thus by point Not Yun Hang operating system, communication protocol stack and enciphering and deciphering algorithm three mutually isolated execution domains, to be transmitted to data, So that loose coupling between operating system, communication protocol stack and enciphering and deciphering algorithm, not only facilitates and checks data, but also ensure Encryption flow can not be bypassed, and effectively prevented communication protocol stack and be replaced or hair the case where enciphering and deciphering algorithm is not called upon It is raw, meanwhile, communication protocol stack is belonging respectively to mutually indepedent, mutually isolated different execution domains from enciphering and deciphering algorithm, so as to Individually communication protocol stack or enciphering and deciphering algorithm are upgraded, safeguarded, the convenience in use process is greatly improved.
The embodiment of the present application provides a kind of computer readable storage medium, is stored on the computer readable storage medium Computer program realizes method shown in embodiment one when the program is executed by processor.Compared with prior art, detection data Transmission request, for it is subsequent based on three execution domains to the data carried in data transfer request carry out transmit premise guarantee is provided; When detecting data transfer request, the data carried in data transfer request are transmitted based on three execution domains, thus By three that are separately operable operating system, communication protocol stack and enciphering and deciphering algorithm mutually isolated execution domains, to data into Row transmission, so that loose coupling between operating system, communication protocol stack and enciphering and deciphering algorithm, not only facilitates and checks data, And ensure that encryption flow can not be bypassed, effectively prevent that communication protocol stack is replaced or enciphering and deciphering algorithm is not called upon The occurrence of, meanwhile, communication protocol stack is belonging respectively to mutually indepedent, mutually isolated different execution domains from enciphering and deciphering algorithm, So as to individually be upgraded to communication protocol stack or enciphering and deciphering algorithm, safeguarded, greatly improve in use process just Benefit.
Computer readable storage medium provided by the embodiments of the present application is suitable for any embodiment of the above method.Herein not It repeats again.
It should be understood that although each step in the flow chart of attached drawing is successively shown according to the instruction of arrow, These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps Execution there is no stringent sequences to limit, can execute in the other order.Moreover, at least one in the flow chart of attached drawing Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps Completion is executed, but can be executed at different times, execution sequence, which is also not necessarily, successively to be carried out, but can be with other At least part of the sub-step or stage of step or other steps executes in turn or alternately.
The above is only some embodiments of the application, it is noted that for the ordinary skill people of the art For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered It is considered as the protection scope of the application.

Claims (10)

1. a kind of data transmission method, which is characterized in that the method is applied to include at least three mutually isolated execution domains Application environment in, be separately operable in described at least three mutually isolated execution domains operating system, communication protocol stack and add solution Close algorithm, which comprises
Detection data transmission request;
When detecting data transfer request, based on described three execution domains to the data carried in the data transfer request into Row transmission.
2. the method according to claim 1, wherein before detection data transmission request, further includes:
Described at least three mutually isolated execution domains are established based on micro-kernel, and in described at least three mutually isolated execution Operating system, communication protocol stack and enciphering and deciphering algorithm are separately operable in domain.
3. according to the method described in claim 2, it is characterized in that, when the data transfer request be send request of data when, The data carried in the data transfer request are transmitted based on described three execution domains, comprising:
By running the first communication channel between the first domain of operating system and the second domain of operation communication protocol stack in micro-kernel, Data to be sent are sent to second domain, so that communication protocol stack is packaged data to be sent;
It is communicated by running the second domain of communication protocol stack in micro-kernel with second between the third domain of operation enciphering and deciphering algorithm Road, the data after communication protocol stack is encapsulated are sent to third domain, so that after enciphering and deciphering algorithm encapsulates communication protocol stack Data are encrypted.
4. according to the method described in claim 2, it is characterized in that, when the data transfer request be receive request of data when, The data carried in the data transfer request are transmitted based on described three execution domains, comprising:
The data received are decapsulated by communication protocol stack;
By the second communication channel in micro-kernel, the data after communication protocol stack is decapsulated are sent to third domain, so that Data after enciphering and deciphering algorithm decapsulates communication protocol stack are decrypted;
By running the third communication channel between the third domain of enciphering and deciphering algorithm and the first domain of operation operating system in micro-kernel, Data after decryption are sent to operating system.
5. method according to claim 1-4, which is characterized in that operating system, communication protocol stack and encryption and decryption Algorithm is located at the EL1 executive level in ARM framework, and micro-kernel is located at the EL2 executive level in ARM framework.
6. a kind of data transmission device, which is characterized in that described device is applied to include at least three mutually isolated execution domains Application environment in, be separately operable in described at least three mutually isolated execution domains operating system, communication protocol stack and add solution Close algorithm, described device include:
Detection module, for detection data transmission request;
Transmission module, for when detecting data transfer request, being based on three execution domain to the data transfer request The data of middle carrying are transmitted.
7. device according to claim 6, which is characterized in that further include establishing module;
It is described to establish module, for establishing at least three mutually isolated execution domains based on micro-kernel, and mutually at least three Operating system, communication protocol stack and enciphering and deciphering algorithm are separately operable in the execution domain of isolation.
8. device according to claim 7, which is characterized in that when the data transfer request is to send request of data, The transmission module includes the first sending submodule and the second sending submodule;
First sending submodule, for passing through the first domain of operation operating system in micro-kernel and operation communication protocol stack Data to be sent are sent to second domain, so that communication protocol stack is to be sent by the first communication channel between the second domain Data are packaged;
Second sending submodule, for passing through the second domain of operation communication protocol stack in micro-kernel and operation enciphering and deciphering algorithm Third domain between the second communication channel, the data after communication protocol stack is encapsulated are sent to third domain, so that encryption and decryption is calculated Data after method encapsulates communication protocol stack encrypt.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor realizes claim 1-5 described in any item data transmission when executing described program Method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program realizes claim 1-5 described in any item data transmission methods when the program is executed by processor.
CN201811447985.7A 2018-11-29 2018-11-29 Data transmission method, device, electronic equipment and computer readable storage medium Pending CN109543452A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811447985.7A CN109543452A (en) 2018-11-29 2018-11-29 Data transmission method, device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811447985.7A CN109543452A (en) 2018-11-29 2018-11-29 Data transmission method, device, electronic equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN109543452A true CN109543452A (en) 2019-03-29

Family

ID=65851532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811447985.7A Pending CN109543452A (en) 2018-11-29 2018-11-29 Data transmission method, device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109543452A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730304A (en) * 2019-10-25 2020-01-24 北京凯视佳光电设备有限公司 Intelligent camera for accelerating image acquisition and display
CN111246466A (en) * 2019-12-31 2020-06-05 北京元心科技有限公司 Encryption communication method and system for Arm architecture application processor
CN114900566A (en) * 2022-05-06 2022-08-12 北斗星通智联科技有限责任公司 Data communication method, device, electronic equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129239A1 (en) * 2000-05-09 2002-09-12 Clark Paul C. System for secure communication between domains
CN1640127A (en) * 2002-02-25 2005-07-13 汤姆森许可贸易公司 Method for processing encoded data for a first domain received in a network pertaining to a second domain
CN103139221A (en) * 2013-03-07 2013-06-05 中国科学院软件研究所 Dependable virtual platform and construction method thereof, data migration method among platforms
CN103514414A (en) * 2012-06-26 2014-01-15 上海盛轩网络科技有限公司 Encryption method and encryption system based on ARM TrustZone

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129239A1 (en) * 2000-05-09 2002-09-12 Clark Paul C. System for secure communication between domains
CN1640127A (en) * 2002-02-25 2005-07-13 汤姆森许可贸易公司 Method for processing encoded data for a first domain received in a network pertaining to a second domain
CN103514414A (en) * 2012-06-26 2014-01-15 上海盛轩网络科技有限公司 Encryption method and encryption system based on ARM TrustZone
CN103139221A (en) * 2013-03-07 2013-06-05 中国科学院软件研究所 Dependable virtual platform and construction method thereof, data migration method among platforms

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
熊华钢等: "《先进航空电子综合技术》", 31 January 2009, 国防工业出版社 *
陈卓然等: "《大学计算机基础教程》", 30 June 2013 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730304A (en) * 2019-10-25 2020-01-24 北京凯视佳光电设备有限公司 Intelligent camera for accelerating image acquisition and display
CN111246466A (en) * 2019-12-31 2020-06-05 北京元心科技有限公司 Encryption communication method and system for Arm architecture application processor
CN111246466B (en) * 2019-12-31 2021-06-15 北京元心科技有限公司 Encryption communication method and system for Arm architecture application processor
CN114900566A (en) * 2022-05-06 2022-08-12 北斗星通智联科技有限责任公司 Data communication method, device, electronic equipment and medium

Similar Documents

Publication Publication Date Title
CN110492990B (en) Private key management method, device and system under block chain scene
EP3387813B1 (en) Mobile device having trusted execution environment
US10382450B2 (en) Network data obfuscation
CN111047450A (en) Method and device for calculating down-link privacy of on-link data
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
CN106603487B (en) Method for improving security of TLS protocol processing based on CPU space-time isolation mechanism
CN107276756A (en) A kind of method and server for obtaining root key
CN104239783A (en) System and method for safely inputting customizing messages
CN109543452A (en) Data transmission method, device, electronic equipment and computer readable storage medium
CN110378097A (en) Ensure sensing data safety
CN108600222A (en) The communication means of client application and trusted application, system and terminal
CN103107994A (en) Vitualization environment data security partition method and system
CN109905350A (en) A kind of data transmission method and system
WO2021082647A1 (en) Federated learning system, training result aggregation method, and device
CN111431718A (en) TEE expansion-based computer universal security encryption conversion layer method and system
US7281132B2 (en) Using token-based signing to install unsigned binaries
US20210328779A1 (en) Method and apparatus for fast symmetric authentication and session key establishment
CN109547450A (en) Method, apparatus, electronic equipment and the computer media in operational safety execution domain
CN110138556A (en) Data processing equipment and data processing method
CN112069535B (en) Dual-system safety intelligent terminal architecture based on access partition physical isolation
Pop et al. Secure migration of WebAssembly-based mobile agents between secure enclaves
CN112995322B (en) Information transmission channel establishment method, device, storage medium and terminal
CN112580056B (en) Terminal device, data encryption method, decryption method and electronic device
CN111555870B (en) Key operation method and device
CN114221784A (en) Data transmission method and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190329

RJ01 Rejection of invention patent application after publication