WO2016115833A1 - Data processing apparatus and data processing method - Google Patents

Data processing apparatus and data processing method Download PDF

Info

Publication number
WO2016115833A1
WO2016115833A1 PCT/CN2015/082877 CN2015082877W WO2016115833A1 WO 2016115833 A1 WO2016115833 A1 WO 2016115833A1 CN 2015082877 W CN2015082877 W CN 2015082877W WO 2016115833 A1 WO2016115833 A1 WO 2016115833A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
processing unit
operating system
processing
unit
Prior art date
Application number
PCT/CN2015/082877
Other languages
French (fr)
Chinese (zh)
Inventor
蒙畅菲
周晓
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2016115833A1 publication Critical patent/WO2016115833A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/06Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a data processing apparatus and a data processing method.
  • Modem1 and Modem2 can exchange voice and data services with the CPU.
  • the two Modems share a CPU (mobile phone processor), and the CPU processes the data in the mobile phone memory (RAM) and the mobile phone memory (EMMC), thereby interacting with the external device to control the peripheral (external device).
  • RAM mobile phone memory
  • EMMC mobile phone memory
  • the traditional dual standby architecture runs dual systems, using Trustzone technology to physically isolate the CPU layer to provide a secure execution environment for encrypted data.
  • the actual situation shows that: the traditional dual standby architecture two modems share a CPU, all data including voice service data, data service data and other data are processed by the CPU.
  • the amount of data in the smart machine is very Huge, a CPU will cause the data processing speed to be significantly slower, affecting the user experience;
  • the traditional intelligent machine only has one RAM and EMMC to process huge data. When the amount of data increases sharply, it seriously affects the stability of RAM and EMMC. All the data mixed together will also affect the security of personal private data; according to experience, RAM and EMCC Data confusion can easily cause the phone to crash, affecting the security of personal data.
  • the invention is based on the above problems, and proposes a new technical solution, which can ensure the security of private data and improve the user experience while improving the processing speed of data.
  • the present invention provides a data processing apparatus for a terminal, the terminal including a first operating system and a second operating system, wherein the first operating system has a higher security level than the second operating system.
  • the security level the device includes: a first communication unit, connected to the monitoring control unit, receiving first service data from the first identity card, and transmitting the first service data to the monitoring control unit; a communication unit, connected to the monitoring control unit, receiving second service data from the second identity card, and transmitting the second service data to the monitoring control unit; the monitoring control unit is connected to the Between the first communication unit and the first processing unit, the second communication unit, and the second processing unit, receiving first service data and second service data from the first communication unit and the second communication unit And dividing the first service data and the second service data into first operating system data and second operating system data corresponding to the first operating system And sending the first operating system data to the first processing unit, and sending the second operating system data to the second processing unit; the first processing unit, configured to process the first operation System data, and performing data interaction with an external
  • a terminal in order to improve data security, is configured with multiple processors, and different processors are designated to process data in different operating systems.
  • the first operating system is a secure operating system
  • the second operating system is a normal operating system.
  • the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many
  • the data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
  • the external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
  • the method further includes: a first storage unit connected to the first processing unit, configured to store the first operating system data processed by the first processing unit; and the second storage unit And connecting to the second processing unit, configured to store the second operating system data processed by the second processing unit.
  • the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
  • the first processing unit is further configured to: when processing the first operating system data, if the first operating system data involves data service data, the data is The service data is sent to the second processing unit to cause the second processing unit to process the data service.
  • the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking.
  • data service data such as Internet access, MMS, SMS sending and receiving, etc.
  • the first processing unit includes a first control subunit, when the first processing unit needs to interact with an external device of the terminal according to the first operating system data. Transmitting an interrupt signal to the second processing unit, interrupting data interaction between the second processing unit and the external device, and when the first processing unit completes interaction with the external device, Sending a feedback signal to the second processing unit to notify the second processing unit to continue data interaction with the external device.
  • the terminal since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution
  • the relatively important and urgent service data of the user can be ensured. It is processed first, and it does not affect the processing of other business data.
  • the second processing unit includes a second control subunit, and when the second processing unit needs to interact with the external device according to the second operating system data, The first processing unit sends an interrupt signal, interrupts data interaction between the first processing unit and the external device, and when the second processing unit completes data interaction with the external device, The first processing unit sends a feedback signal informing the first processing unit to continue data interaction with the external device.
  • the second processing unit when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
  • a data processing method for a terminal comprising a first operating system and a second operating system, wherein a security level of the first operating system is higher than the first a security level of the operating system
  • the terminal further comprising a first processing unit, a second processing unit, a first communication unit, a second communication unit, a first storage unit, a second storage unit, and a monitoring control unit
  • the method comprising Receiving, by the first communication unit, first service data from the first identity card, and transmitting the first service data to the monitoring control unit; receiving, by the second communication unit, the second identity card Two service data, and transmitting the second service data to the monitoring control unit; receiving, by the monitoring control unit, first service data and a second service from the first communication unit and the second communication unit Data, and dividing the first service data and the second service data into first operating system data and second operation corresponding to the first operating system System data, and transmitting the first operating system data to the first processing unit, transmitting the second operating system data
  • a terminal in order to improve data security, is configured with multiple processors, and different processors are designated to process data in different operating systems.
  • the first operating system is a secure operating system
  • the second operating system is a normal operating system.
  • the terminal is configured with two processors, one for processing security data in a secure operating system, such as a security contact, security.
  • Full information, secure call records, security schedules, security notes and other data another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc. It can make a large number of data be divided into multiple categories for processing, which not only can speed up the response, but also can fundamentally ensure the security of the data and improve the stability of the system.
  • the external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
  • the method further includes: storing, by using the first storage unit, the first operating system data processed by the first processing unit; and processing, by the second storage unit, the second processing unit The second operating system data is stored.
  • the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
  • the method further includes: when the first operating system data is processed by the first processing unit, if the first operating system data involves data service data, sending the data service data Go to the second processing unit to cause the second processing unit to process the data service.
  • the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking.
  • data service data such as Internet access, MMS, SMS sending and receiving, etc.
  • the method further includes: when the first processing unit needs to interact with an external device of the terminal according to the first operating system data, sending an interrupt signal to the second processing unit, Interrupting data interaction between the second processing unit and the external device, and sending a feedback signal to the second processing unit when the first processing unit completes interaction with the external device, notifying The second processing unit continues with data interaction with the external device.
  • the terminal since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Provided in the first place when processing data for the first operating system
  • the second processing unit that controls the data of the second operating system interrupts the business data being processed, and is in a waiting state, when the first processing unit completes the interaction with the external device.
  • the second processing unit is notified to continue the uncompleted data interaction.
  • the method further includes: when the second processing unit needs to interact with the external device according to the second operating system data, sending an interrupt signal to the first processing unit, interrupting the Determining data interaction between the first processing unit and the external device, and sending a feedback signal to the first processing unit when the second processing unit completes data interaction with the external device, notifying the The first processing unit continues with data interaction with the external device.
  • the second processing unit when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
  • a terminal comprising: a plurality of operating systems; and the data processing apparatus according to any one of the above aspects.
  • each modem in the dual-system dual standby mobile phone is equipped with a dedicated CPU, RAM and EMMC, and is physically separated completely, wherein the CPU1 defines only the private data in the security operation, and the CPU2 definition only processes
  • the public information in the ordinary operation screens out the data of the security operating system and the common operating system through the monitoring control unit, and the data is processed by different CPUs to ensure the security of the private data, greatly improving the processing speed of different data and improving User experience.
  • FIG. 1 is a block diagram showing a dual standby terminal in the related art
  • FIG. 2 shows a block diagram of a data processing apparatus in accordance with an embodiment of the present invention
  • FIG. 3 shows a flow chart of a data processing method according to an embodiment of the present invention
  • FIG. 4 shows a flow chart of a method of processing an SED security system in accordance with an embodiment of the present invention
  • FIG. 5 is a flow chart showing a PPD general system processing method according to an embodiment of the present invention.
  • FIG. 6 shows a flow chart of different CPU and external device interactions in accordance with an embodiment of the present invention
  • FIG. 7 shows a detailed flow chart of interworking between different CPUs and external devices in accordance with an embodiment of the present invention.
  • FIG. 2 shows a block diagram of a data processing apparatus in accordance with an embodiment of the present invention.
  • a data processing apparatus 200 is used for a terminal, where the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than the The security level of the second operating system
  • the device 200 includes: a first communication unit 202, connected to the monitoring control unit 206, receiving first service data from the first identity card, and transmitting the first service data to The monitoring control unit;
  • the second communication unit 204 is connected to the monitoring control unit 206, receives second service data from the second identity card, and transmits the second service data to the monitoring control unit;
  • the monitoring control unit 206 is connected between the first communication unit 202 and the first processing unit 208, the second communication unit 204, and the second processing unit 210, and receives the first communication unit 202 and the Decoding the first service data and the second service data of the second communication unit 204, and dividing the first service data and the second service data into the first corresponding to the first operating system Operating system data and second operating system data, and transmitting the
  • the terminal in order to improve data security, is configured with multiple processors, And specify different processors to process data in different operating systems.
  • the first operating system is a secure operating system
  • the second operating system is a normal operating system.
  • the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many
  • the data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
  • the external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
  • the method further includes: a first storage unit 212, connected to the first processing unit, configured to store the first operating system data processed by the first processing unit; and second storage The unit 214 is connected to the second processing unit, and configured to store the second operating system data processed by the second processing unit.
  • the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
  • the first processing unit 208 is further configured to: when processing the first operating system data, if the first operating system data involves data service data, the Data service data is sent to the second processing unit to cause the second processing unit to process the data service.
  • the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking.
  • data service data such as Internet access, MMS, SMS sending and receiving, etc.
  • the first processing unit 208 includes a first control subunit (not shown) for the first processing unit 208 to be based on the first operating system data and
  • sending an interrupt signal to the second processing unit interrupting data interaction between the second processing unit 210 and the external device 216, and in the first processing unit
  • the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Providing that when the first processing unit for processing the first operating system data needs to urgently process the business data that has just occurred, controlling the second processing unit for processing the second operating system data interrupts the business data being processed, and is in Waiting for a state, when the first processing unit completes the interaction with the external device, notifying the second processing unit to continue the uncompleted data interaction.
  • the relatively important and urgent service data of the user can be preferentially processed, and Does not affect the processing of other business data.
  • the second processing unit 210 includes a second control subunit (not shown), and the second processing unit 210 needs to be according to the second operating system data and the When the external device interacts, an interrupt signal is sent to the first processing unit 208, the data interaction between the first processing unit 208 and the external device 216 is interrupted, and the second processing unit 210 completes the When the data is exchanged by the external device 216, a feedback signal is sent to the first processing unit 208 to notify the first processing unit 208 to continue data interaction with the external device 216.
  • the second processing unit when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
  • FIG. 3 shows a flow chart of a data processing method in accordance with an embodiment of the present invention.
  • a data processing method is used for a terminal, where the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than the first a security level of the operating system, the terminal further comprising a first processing unit, a second processing unit, a first communication unit, a second communication unit, a first storage unit, a second storage unit, and a monitoring control unit, the method comprising Step 302: Receive first service data from the first identity card by using the first communication unit, and transmit the first service data to the monitoring control unit; Step 304, receive, by using the second communication unit, Second identifying the second service data of the card and transmitting the second service data to the monitoring control unit; step 306, receiving, by the monitoring control unit, the first communication unit and the second communication unit of Decoding the first service data and the second service data into the first operating system data and the second operating system data corresponding to the first operating system, and dividing the first service data and the second service data
  • the first operating system Receive first service data from the first identity card by using
  • a terminal in order to improve data security, is configured with multiple processors, and different processors are designated to process data in different operating systems.
  • the first operating system is a secure operating system
  • the second operating system is a normal operating system.
  • the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many
  • the data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
  • the external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
  • the method further includes: storing, by using the first storage unit, the first operating system data processed by the first processing unit; and processing, by the second storage unit, the second processing unit The second operating system data is stored.
  • the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
  • the method further includes: when the first operating system data is processed by the first processing unit, if the first operating system data involves data service data, sending the data service data Go to the second processing unit to cause the second processing unit to process the data service.
  • the first processing unit of the first operating system does not process the data service data,
  • the above network, MMS, SMS sending and receiving data in this way, the first operating system does not need to be connected to the network, thereby avoiding problems such as virus intrusion caused by networking, and further ensuring the security of the data in the first operating system.
  • the method further includes: when the first processing unit needs to interact with an external device of the terminal according to the first operating system data, sending an interrupt signal to the second processing unit, Interrupting data interaction between the second processing unit and the external device, and sending a feedback signal to the second processing unit when the first processing unit completes interaction with the external device, notifying The second processing unit continues with data interaction with the external device.
  • the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Providing that when the first processing unit for processing the first operating system data needs to urgently process the business data that has just occurred, controlling the second processing unit for processing the second operating system data interrupts the business data being processed, and is in Waiting for a state, when the first processing unit completes the interaction with the external device, notifying the second processing unit to continue the uncompleted data interaction.
  • the relatively important and urgent service data of the user can be preferentially processed, and Does not affect the processing of other business data.
  • the method further includes: when the second processing unit needs to interact with the external device according to the second operating system data, sending an interrupt signal to the first processing unit, interrupting the Determining data interaction between the first processing unit and the external device, and sending a feedback signal to the first processing unit when the second processing unit completes data interaction with the external device, notifying the The first processing unit continues with data interaction with the external device.
  • the second processing unit when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
  • the first communication unit is Modem1, the second communication unit is Modem2, the first processing unit is CPU1, the second processing unit is CPU2, the first storage unit is memory RAM1 and EMMC1, and the second storage unit is memory RAM2 and EMMC2.
  • the first operating system is a security system, and the second operating system is an ordinary system.
  • FIG. 4 shows a flow chart of a data processing method of a security system in accordance with an embodiment of the present invention.
  • a data processing method of a security system includes:
  • Step 402 The CPU1 processes the security data uploaded by Modem1 and Modem2 filtered by the monitoring control unit, and is separately processed by the security system.
  • Step 404 storing related data in the security system in RAM1 and EMMC1.
  • the CPU 1 is defined to process only private data in the security system, such as security contacts, security information, secure call records, security schedules, and security notes, which are stored in the dedicated storage RAM1 and EMMC1, thereby ensuring storage and processing. Data security for personal private information.
  • FIG. 5 shows a flow chart of a data processing method of a general system according to an embodiment of the present invention.
  • a data processing method of a general system includes:
  • Step 502 The CPU 2 processes the public information data uploaded by the Modem1 and the Modem2 filtered by the monitoring control unit, and is processed by the ordinary system separately.
  • step 504 the related data in the normal system is stored in the RAM 2 and the EMMC 2.
  • the CPU 2 is defined to process only public information data in a normal system, such as photos, general contacts, ordinary short messages, normal call records, general schedules, general notes, etc., which are stored in the dedicated storage RAM 2 and EMMC 2.
  • Figure 6 shows a flow chart of a data processing method in accordance with one embodiment of the present invention.
  • the flow of a data processing method according to an embodiment of the present invention includes:
  • step 602 the monitoring control unit filters the data in Modem1.
  • step 604 it is determined whether the current data is security data. If the determination result is yes, the process proceeds to step 608, and the determination result is no, and the process proceeds to step 606.
  • step 606 it is judged that it is not secure data, and the data is handed over to the CPU 2 of the general system for processing.
  • step 608 it is judged that it is security data, and the data is handed over to the CPU 1 of the security system for processing.
  • step 610 the monitoring control unit filters the data in Modem2.
  • step 612 it is determined whether the current data is security data. If the determination result is yes, the process proceeds to step 616. If the determination result is negative, the process proceeds to step 614.
  • step 614 it is judged that it is not secure data, and the data is handed over to the CPU 2 of the general system for processing.
  • the determination is security data, and the data is handed over to the CPU 1 of the security system for processing.
  • a monitoring control unit is set between Modem1, Modem2, and CPU1 and CPU2, and different data of Modem1 and Modem2 are filtered by the monitoring control unit, and the security data is handed over to
  • the CPU 1 in the security system processes and stores it in RAM1 and EMMC1, and the public data is handed over to the CPU 2 in the normal system for processing, and is stored in RAM2 and EMMC2, and the data is exchanged through different CPUs and external devices.
  • FIG. 7 is a detailed flow diagram of the interworking of different CPUs and external devices in accordance with an embodiment of the present invention.
  • step 702 it is determined whether the CPU 1 receives the interrupt signal sent by the CPU 2. If the determination result is yes, the process proceeds to step 704. If the determination result is negative, the process proceeds to step 706.
  • Step 704 disconnecting from the peripheral device.
  • step 706 it is determined whether the current service needs to use the peripheral device. If the determination result is yes, the process proceeds to step 708.
  • step 708 the CPU 2 sends an interrupt signal to the CPU 1, and returns to step 702.
  • step 710 it is determined whether the CPU 2 receives the interrupt signal sent by the CPU 1. If the determination result is YES, the process proceeds to step 712. If the determination result is negative, the process proceeds to step 714.
  • step 712 the connection to the peripheral is disconnected.
  • step 714 it is determined whether the current service needs to use the peripheral device. If the determination result is yes, the process proceeds to step 716.
  • step 716 the CPU 2 sends an interrupt signal to the CPU 1, and returns to step 710.
  • an interrupt control signal can be added between the two CPUs, and the interrupt control signal is used to implement different CPU control by interrupting the signal, as before.
  • the security contact in the mobile security system SED suddenly calls, and the CPU2 sends an interrupt signal to the CPU1, and the processing right of the data is given to the CPU1 for processing, thereby ensuring the security of the user's private data.
  • each Modem is equipped with a dedicated CPU, RAM and EMMC, and is physically separated.
  • CPU1 defines only the private data in the security system
  • CPU2 defines only the public in the system.
  • the information data is used to filter out the data of the security system and the common system through the monitoring control domain, and the data is processed by different CPUs to ensure the security of the private data, greatly improve the processing time of different data, and improve the user experience.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided is a data processing apparatus and a data processing method. The apparatus comprises: a first communication unit, receiving first service data from a first subscriber identity card and transmitting the data to a monitoring control unit; a second communication unit, receiving second service data from a second subscriber identity card and transmitting the second service data to the monitoring control unit, the monitoring control unit dividing the first service data and the second service data into first operating system data and second operating system data and sending the data to a first processing unit and a second processing unit; the first processing unit processing the first operating system data and performing data interaction with an external device of a terminal based on the first operating system data; and the second processing unit processing the second operating system data and performing data interaction with the external device of the terminal based on the second operating system data. By means of the technical solution, the processing speed of data can be increased, while the security of private data is guaranteed fundamentally.

Description

数据处理装置和数据处理方法Data processing device and data processing method
本申请要求于2015年1月22日提交中国专利局、申请号为201510033718.5,发明名称为“数据处理装置和数据处理方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201510033718.5, filed on Jan. 22, 2015, the entire disclosure of which is incorporated herein by reference. .
技术领域Technical field
本发明涉及通信技术领域,具体而言,涉及一种数据处理装置和一种数据处理方法。The present invention relates to the field of communications technologies, and in particular, to a data processing apparatus and a data processing method.
背景技术Background technique
传统的双待机架构如图1所示,有两个Modem,Modem1和Modem2都能和CPU交互语音业务和数据业务等数据。两个Modem共用一个CPU(手机处理器),通过CPU处理手机内存(RAM)和手机存储器(EMMC)中的数据,从而与外部设备交互数据,达到控制外设(外部设备)的目的。The traditional dual standby architecture is shown in Figure 1. There are two modems. Modem1 and Modem2 can exchange voice and data services with the CPU. The two Modems share a CPU (mobile phone processor), and the CPU processes the data in the mobile phone memory (RAM) and the mobile phone memory (EMMC), thereby interacting with the external device to control the peripheral (external device).
现有方案的缺陷在于:The drawbacks of existing solutions are:
1、传统的双待机架构运行双系统,使用Trustzone技术,在CPU层进行物理隔离,为加密数据提供安全的执行环境。实际情况表明:传统的双待机架构两个Modem共用一个CPU,所有的数据包括语音业务数据、数据业务数据和其它数据都通过CPU处理,随着智能机的飞速发展,智能机中的数据量非常庞大,一个CPU会导致数据处理速度明显偏慢,影响用户体验;1. The traditional dual standby architecture runs dual systems, using Trustzone technology to physically isolate the CPU layer to provide a secure execution environment for encrypted data. The actual situation shows that: the traditional dual standby architecture two modems share a CPU, all data including voice service data, data service data and other data are processed by the CPU. With the rapid development of the smart machine, the amount of data in the smart machine is very Huge, a CPU will cause the data processing speed to be significantly slower, affecting the user experience;
2、虽然在CPU层进行了物理隔离,但是所有数据都通过一个CPU处理,数据极易混乱,电话联系人、短信、安全密码、银行账户等重要数据的安全性和私密性得不到有效保障,并不能做到真正意义上的独立安全;2. Although physical isolation is performed in the CPU layer, all data is processed by one CPU, the data is easily confused, and the security and privacy of important data such as telephone contacts, short messages, security passwords, and bank accounts are not effectively protected. And can not achieve independent security in the true sense;
3、传统智能机只有一个RAM和EMMC处理庞大的数据,数据量急剧增加时严重影响RAM和EMMC的稳定性,所有数据混杂在一起也会影响个人私密数据的安全;根据经验,RAM和EMCC中数据混乱极易引起手机死机,影响个人数据的安全。3. The traditional intelligent machine only has one RAM and EMMC to process huge data. When the amount of data increases sharply, it seriously affects the stability of RAM and EMMC. All the data mixed together will also affect the security of personal private data; according to experience, RAM and EMCC Data confusion can easily cause the phone to crash, affecting the security of personal data.
因此,需要一种新的技术方案,可以在提高数据的处理速度的同时从根本上保证私密数据的安全。 Therefore, a new technical solution is needed to fundamentally ensure the security of private data while improving the processing speed of data.
发明内容Summary of the invention
本发明正是基于上述问题,提出了一种新的技术方案,可以在提高数据的处理速度的同时从根本上保证私密数据的安全,提高用户的使用体验。The invention is based on the above problems, and proposes a new technical solution, which can ensure the security of private data and improve the user experience while improving the processing speed of data.
有鉴于此,本发明提出了一种数据处理装置,用于终端,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述装置包括:第一通信单元,与监控控制单元连接,接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;第二通信单元,与所述监控控制单元连接,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;所述监控控制单元,连接在所述第一通信单元和第一处理单元、所述第二通信单元和第二处理单元之间,接收来自所述第一通信单元和所述第二通信单元的第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元;所述第一处理单元,用于处理所述第一操作系统数据,并基于所述第一操作系统数据与所述终端的外部设备进行数据交互;所述第二处理单元,用于处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。In view of this, the present invention provides a data processing apparatus for a terminal, the terminal including a first operating system and a second operating system, wherein the first operating system has a higher security level than the second operating system. The security level, the device includes: a first communication unit, connected to the monitoring control unit, receiving first service data from the first identity card, and transmitting the first service data to the monitoring control unit; a communication unit, connected to the monitoring control unit, receiving second service data from the second identity card, and transmitting the second service data to the monitoring control unit; the monitoring control unit is connected to the Between the first communication unit and the first processing unit, the second communication unit, and the second processing unit, receiving first service data and second service data from the first communication unit and the second communication unit And dividing the first service data and the second service data into first operating system data and second operating system data corresponding to the first operating system And sending the first operating system data to the first processing unit, and sending the second operating system data to the second processing unit; the first processing unit, configured to process the first operation System data, and performing data interaction with an external device of the terminal based on the first operating system data; the second processing unit is configured to process the second operating system data, and based on the second operating system data Data interaction with an external device of the terminal.
在该技术方案中,为了提高数据安全性,终端被配置了多个处理器,并指定不同的处理器处理不同操作系统中的数据。比如,第一操作系统为安全操作系统,第二操作系统为普通操作系统,这样,终端配置两个处理器,一个处理器用来处理安全操作系统中的安全数据,如安全联系人、安全信息、安全通话记录、安全日程、安全记事等数据,另一个处理器用来处理普通操作系统中的数据,如照片、普通联系人、普通短信、普通通话记录、普通日程、普通记事等,从而能够使众多的数据被分成多类分别进行处理,不仅可以加快响应速度,还可以从根本上保证数据的安全性,提高系统稳定性。 In this technical solution, in order to improve data security, a terminal is configured with multiple processors, and different processors are designated to process data in different operating systems. For example, the first operating system is a secure operating system, and the second operating system is a normal operating system. Thus, the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many The data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
其中,外部设备是指终端除处理器、通信单元之外的其他相关器件,例如屏幕、传感器、蓝牙、WIFI、照相机等。The external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
在上述技术方案中,优选地,还包括:第一存储单元,连接至所述第一处理单元,用于对所述第一处理单元处理后的第一操作系统数据进行存储;第二存储单元,连接至所述第二处理单元,用于对所述第二处理单元处理后的第二操作系统数据进行存储。In the above technical solution, preferably, the method further includes: a first storage unit connected to the first processing unit, configured to store the first operating system data processed by the first processing unit; and the second storage unit And connecting to the second processing unit, configured to store the second operating system data processed by the second processing unit.
在该技术方案中,将不同处理单元处理后的数据储存到不同的储存空间中,这样可以更好的保障用户个人私有信息的数据安全。In the technical solution, the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
在上述技术方案中,优选地,还包括:所述第一处理单元还用于:在处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。In the above technical solution, preferably, the first processing unit is further configured to: when processing the first operating system data, if the first operating system data involves data service data, the data is The service data is sent to the second processing unit to cause the second processing unit to process the data service.
在该技术方案中,第一操作系统的第一处理单元不处理数据业务数据,如上网、彩信、短信收发等数据,这样,第一操作系统就不需要联网,从而避免因为联网导致病毒入侵等问题发生,进一步保证第一操作系统中的数据的安全。In the technical solution, the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking. The problem occurs to further ensure the security of the data in the first operating system.
在上述技术方案中,优选地,所述第一处理单元包括第一控制子单元,用于在所述第一处理单元需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元与所述外部设备之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备进行的交互时,向所述第二处理单元发送反馈信号,通知所述第二处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the first processing unit includes a first control subunit, when the first processing unit needs to interact with an external device of the terminal according to the first operating system data. Transmitting an interrupt signal to the second processing unit, interrupting data interaction between the second processing unit and the external device, and when the first processing unit completes interaction with the external device, Sending a feedback signal to the second processing unit to notify the second processing unit to continue data interaction with the external device.
在该技术方案中,正是由于终端被配置了多个处理器,因此处理器与外部设备的交互变得相对复杂,为了协调多个处理器与外部设备的交互过程和顺序,在该技术方案中提供了当用于处理第一操作系统数据的第一处理单元需紧急处理刚刚发生的业务数据时,控制用于处理第二操作系统数据的第二处理单元中断正在处理的业务数据,并处于等待状态,在第一处理单元完成与外部设备的交互时,通知第二处理单元继续未完成的数据交互,通过这样的处理机制,能够保证用户相对重要、紧急的业务数据被优 先处理,并且也不会影响其他业务数据的处理。In this technical solution, since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Providing that when the first processing unit for processing the first operating system data needs to urgently process the business data that has just occurred, controlling the second processing unit for processing the second operating system data interrupts the business data being processed, and is in The waiting state, when the first processing unit completes the interaction with the external device, notifies the second processing unit to continue the uncompleted data interaction. Through such a processing mechanism, the relatively important and urgent service data of the user can be ensured. It is processed first, and it does not affect the processing of other business data.
在上述技术方案中,优选地,所述第二处理单元包括第二控制子单元,在所述第二处理单元需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元发送中断信号,中断所述第一处理单元与所述外部设备之间进行的数据交互,以及在所述第二处理单元完成与所述外部设备进行的数据交互时,向所述第一处理单元发送反馈信号,通知所述第一处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the second processing unit includes a second control subunit, and when the second processing unit needs to interact with the external device according to the second operating system data, The first processing unit sends an interrupt signal, interrupts data interaction between the first processing unit and the external device, and when the second processing unit completes data interaction with the external device, The first processing unit sends a feedback signal informing the first processing unit to continue data interaction with the external device.
同理,第二处理单元在需与外部设备进行交互时,也需向第一处理单元发送中断信号,保证最紧急、最近的业务数据能够被优先处理。Similarly, when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
根据本发明的另一方面,还提出了一种数据处理方法,用于终端,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述终端还包括第一处理单元、第二处理单元、第一通信单元、第二通信单元、第一存储单元、第二存储单元和监控控制单元,所述方法包括:通过第一通信单元接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;通过第二通信单元,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;通过所述监控控制单元接收来自所述第一通信单元和所述第二通信单元的第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元;通过第一处理单元处理所述第一操作系统数据,并基于所述第一操作系统数据与所述终端的外部设备进行数据交互;通过所述第二处理单元处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。According to another aspect of the present invention, there is also provided a data processing method for a terminal, the terminal comprising a first operating system and a second operating system, wherein a security level of the first operating system is higher than the first a security level of the operating system, the terminal further comprising a first processing unit, a second processing unit, a first communication unit, a second communication unit, a first storage unit, a second storage unit, and a monitoring control unit, the method comprising Receiving, by the first communication unit, first service data from the first identity card, and transmitting the first service data to the monitoring control unit; receiving, by the second communication unit, the second identity card Two service data, and transmitting the second service data to the monitoring control unit; receiving, by the monitoring control unit, first service data and a second service from the first communication unit and the second communication unit Data, and dividing the first service data and the second service data into first operating system data and second operation corresponding to the first operating system System data, and transmitting the first operating system data to the first processing unit, transmitting the second operating system data to the second processing unit; processing the first operating system by using a first processing unit Data, and performing data interaction with an external device of the terminal based on the first operating system data; processing the second operating system data by the second processing unit, and based on the second operating system data and the The external device of the terminal performs data interaction.
在该技术方案中,为了提高数据安全性,终端被配置了多个处理器,并指定不同的处理器处理不同操作系统中的数据。比如,第一操作系统为安全操作系统,第二操作系统为普通操作系统,这样,终端配置两个处理器,一个处理器用来处理安全操作系统中的安全数据,如安全联系人、安 全信息、安全通话记录、安全日程、安全记事等数据,另一个处理器用来处理普通操作系统中的数据,如照片、普通联系人、普通短信、普通通话记录、普通日程、普通记事等,从而能够使众多的数据被分成多类分别进行处理,不仅可以加快响应速度,还可以从根本上保证数据的安全性,提高系统稳定性。In this technical solution, in order to improve data security, a terminal is configured with multiple processors, and different processors are designated to process data in different operating systems. For example, the first operating system is a secure operating system, and the second operating system is a normal operating system. Thus, the terminal is configured with two processors, one for processing security data in a secure operating system, such as a security contact, security. Full information, secure call records, security schedules, security notes and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc. It can make a large number of data be divided into multiple categories for processing, which not only can speed up the response, but also can fundamentally ensure the security of the data and improve the stability of the system.
其中,外部设备是指终端除处理器、通信单元之外的其他相关器件,例如屏幕、传感器、蓝牙、WIFI、照相机等。The external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
在上述技术方案中,优选地,还包括:通过第一存储单元对所述第一处理单元处理后的第一操作系统数据进行存储;通过第二存储单元对所述第二处理单元处理后的第二操作系统数据进行存储。In the above technical solution, preferably, the method further includes: storing, by using the first storage unit, the first operating system data processed by the first processing unit; and processing, by the second storage unit, the second processing unit The second operating system data is stored.
在该技术方案中,将不同处理单元处理后的数据储存到不同的储存空间中,这样可以更好的保障用户个人私有信息的数据安全。In the technical solution, the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
在上述技术方案中,优选地,还包括:在通过所述第一处理单元处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。In the above technical solution, preferably, the method further includes: when the first operating system data is processed by the first processing unit, if the first operating system data involves data service data, sending the data service data Go to the second processing unit to cause the second processing unit to process the data service.
在该技术方案中,第一操作系统的第一处理单元不处理数据业务数据,如上网、彩信、短信收发等数据,这样,第一操作系统就不需要联网,从而避免因为联网导致病毒入侵等问题发生,进一步保证第一操作系统中的数据的安全。In the technical solution, the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking. The problem occurs to further ensure the security of the data in the first operating system.
在上述技术方案中,优选地,还包括:在所述第一处理单元需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元与所述外部设备之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备进行的交互时,向所述第二处理单元发送反馈信号,通知所述第二处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the method further includes: when the first processing unit needs to interact with an external device of the terminal according to the first operating system data, sending an interrupt signal to the second processing unit, Interrupting data interaction between the second processing unit and the external device, and sending a feedback signal to the second processing unit when the first processing unit completes interaction with the external device, notifying The second processing unit continues with data interaction with the external device.
在该技术方案中,正是由于终端被配置了多个处理器,因此处理器与外部设备的交互变得相对复杂,为了协调多个处理器与外部设备的交互过程和顺序,在该技术方案中提供了当用于处理第一操作系统数据的第一处 理单元需紧急处理刚刚发生的业务数据时,控制用于处理第二操作系统数据的第二处理单元中断正在处理的业务数据,并处于等待状态,在第一处理单元完成与外部设备的交互时,通知第二处理单元继续未完成的数据交互,通过这样的处理机制,能够保证用户相对重要、紧急的业务数据被优先处理,并且也不会影响其他业务数据的处理。In this technical solution, since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Provided in the first place when processing data for the first operating system When the management unit needs to urgently process the business data that has just occurred, the second processing unit that controls the data of the second operating system interrupts the business data being processed, and is in a waiting state, when the first processing unit completes the interaction with the external device. The second processing unit is notified to continue the uncompleted data interaction. Through such a processing mechanism, it is possible to ensure that the relatively important and urgent service data of the user is preferentially processed, and the processing of other service data is not affected.
在上述技术方案中,优选地,还包括:在所述第二处理单元需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元发送中断信号,中断所述第一处理单元与所述外部设备之间进行的数据交互,以及在所述第二处理单元完成与所述外部设备进行的数据交互时,向所述第一处理单元发送反馈信号,通知所述第一处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the method further includes: when the second processing unit needs to interact with the external device according to the second operating system data, sending an interrupt signal to the first processing unit, interrupting the Determining data interaction between the first processing unit and the external device, and sending a feedback signal to the first processing unit when the second processing unit completes data interaction with the external device, notifying the The first processing unit continues with data interaction with the external device.
同理,第二处理单元在需与外部设备进行交互时,也需向第一处理单元发送中断信号,保证最紧急、最近的业务数据能够被优先处理。Similarly, when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
根据本发明的又一方面,还提出了一种终端,包括:多个操作系统;以及上述技术方案中任一项所述的数据处理装置。According to still another aspect of the present invention, a terminal is provided, comprising: a plurality of operating systems; and the data processing apparatus according to any one of the above aspects.
通过以上技术方案,在双系统的新型双待机的手机中每个Modem都配备一个专用的CPU、RAM和EMMC,并物理完全分开,其中CPU1定义只处理安全操作中的私有数据,CPU2定义只处理普通操作中的公开信息数据,通过监控控制单元筛选出安全操作系统和普通操作系统的数据,将数据交由不同的CPU处理,保证私密数据的安全,极大的提高不同数据的处理速度,提高用户的体验。Through the above technical solution, each modem in the dual-system dual standby mobile phone is equipped with a dedicated CPU, RAM and EMMC, and is physically separated completely, wherein the CPU1 defines only the private data in the security operation, and the CPU2 definition only processes The public information in the ordinary operation screens out the data of the security operating system and the common operating system through the monitoring control unit, and the data is processed by different CPUs to ensure the security of the private data, greatly improving the processing speed of different data and improving User experience.
附图说明DRAWINGS
图1示出了相关技术中的双待终端的框图;FIG. 1 is a block diagram showing a dual standby terminal in the related art;
图2示出了根据本发明的实施例的数据处理装置的框图;2 shows a block diagram of a data processing apparatus in accordance with an embodiment of the present invention;
图3示出了根据本发明的实施例的数据处理方法的流程图;FIG. 3 shows a flow chart of a data processing method according to an embodiment of the present invention; FIG.
图4示出了根据本发明的实施例的SED安全系统处理方法的流程图;4 shows a flow chart of a method of processing an SED security system in accordance with an embodiment of the present invention;
图5示出了根据本发明的实施例的PPD普通系统处理方法的流程图;FIG. 5 is a flow chart showing a PPD general system processing method according to an embodiment of the present invention; FIG.
图6示出了根据本发明的实施例的不同CPU和外部设备互交流程图; 6 shows a flow chart of different CPU and external device interactions in accordance with an embodiment of the present invention;
图7示出了根据本发明的实施例的不同CPU和外部设备互交的具体流程图。FIG. 7 shows a detailed flow chart of interworking between different CPUs and external devices in accordance with an embodiment of the present invention.
具体实施方式detailed description
为了能够更清楚地理解本发明的上述目的、特征和优点,下面结合附图和具体实施方式对本发明进行进一步的详细描述。需要说明的是,在不冲突的情况下,本申请的实施例及实施例中的特征可以相互组合。The present invention will be further described in detail below with reference to the drawings and specific embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
在下面的描述中阐述了很多具体细节以便于充分理解本发明,但是,本发明还可以采用其他不同于在此描述的其他方式来实施,因此,本发明的保护范围并不受下面公开的具体实施例的限制。In the following description, numerous specific details are set forth in order to provide a full understanding of the invention, but the invention may be practiced otherwise than as described herein. Limitations of the embodiments.
图2示出了根据本发明的实施例的数据处理装置的框图。2 shows a block diagram of a data processing apparatus in accordance with an embodiment of the present invention.
如图2所示,根据本发明的实施例的数据处理装置200,用于终端,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述装置200包括:第一通信单元202,与监控控制单元206连接,接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;第二通信单元204,与所述监控控制单元206连接,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;所述监控控制单元206,连接在所述第一通信单元202和第一处理单元208、所述第二通信单元204和第二处理单元210之间,接收来自所述第一通信单元202和所述第二通信单元204的第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元210;所述第一处理单元208,用于处理所述第一操作系统数据,并基于所述第一操作系统数据与所述终端的外部设备进行数据交互;所述第二处理单元210,用于处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。As shown in FIG. 2, a data processing apparatus 200 according to an embodiment of the present invention is used for a terminal, where the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than the The security level of the second operating system, the device 200 includes: a first communication unit 202, connected to the monitoring control unit 206, receiving first service data from the first identity card, and transmitting the first service data to The monitoring control unit; the second communication unit 204 is connected to the monitoring control unit 206, receives second service data from the second identity card, and transmits the second service data to the monitoring control unit; The monitoring control unit 206 is connected between the first communication unit 202 and the first processing unit 208, the second communication unit 204, and the second processing unit 210, and receives the first communication unit 202 and the Decoding the first service data and the second service data of the second communication unit 204, and dividing the first service data and the second service data into the first corresponding to the first operating system Operating system data and second operating system data, and transmitting the first operating system data to the first processing unit, and transmitting the second operating system data to the second processing unit 210; The processing unit 208 is configured to process the first operating system data, and perform data interaction with an external device of the terminal based on the first operating system data. The second processing unit 210 is configured to process the second Operating system data and performing data interaction with an external device of the terminal based on the second operating system data.
在该技术方案中,为了提高数据安全性,终端被配置了多个处理器, 并指定不同的处理器处理不同操作系统中的数据。比如,第一操作系统为安全操作系统,第二操作系统为普通操作系统,这样,终端配置两个处理器,一个处理器用来处理安全操作系统中的安全数据,如安全联系人、安全信息、安全通话记录、安全日程、安全记事等数据,另一个处理器用来处理普通操作系统中的数据,如照片、普通联系人、普通短信、普通通话记录、普通日程、普通记事等,从而能够使众多的数据被分成多类分别进行处理,不仅可以加快响应速度,还可以从根本上保证数据的安全性,提高系统稳定性。In this technical solution, in order to improve data security, the terminal is configured with multiple processors, And specify different processors to process data in different operating systems. For example, the first operating system is a secure operating system, and the second operating system is a normal operating system. Thus, the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many The data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
其中,外部设备是指终端除处理器、通信单元之外的其他相关器件,例如屏幕、传感器、蓝牙、WIFI、照相机等。The external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
在上述技术方案中,优选地,还包括:第一存储单元212,连接至所述第一处理单元,用于对所述第一处理单元处理后的第一操作系统数据进行存储;第二存储单元214,连接至所述第二处理单元,用于对所述第二处理单元处理后的第二操作系统数据进行存储。In the above technical solution, preferably, the method further includes: a first storage unit 212, connected to the first processing unit, configured to store the first operating system data processed by the first processing unit; and second storage The unit 214 is connected to the second processing unit, and configured to store the second operating system data processed by the second processing unit.
在该技术方案中,将不同处理单元处理后的数据储存到不同的储存空间中,这样可以更好的保障用户个人私有信息的数据安全。In the technical solution, the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
在上述技术方案中,优选地,还包括:所述第一处理单元208还用于:在处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。In the above technical solution, preferably, the first processing unit 208 is further configured to: when processing the first operating system data, if the first operating system data involves data service data, the Data service data is sent to the second processing unit to cause the second processing unit to process the data service.
在该技术方案中,第一操作系统的第一处理单元不处理数据业务数据,如上网、彩信、短信收发等数据,这样,第一操作系统就不需要联网,从而避免因为联网导致病毒入侵等问题发生,进一步保证第一操作系统中的数据的安全。In the technical solution, the first processing unit of the first operating system does not process data service data, such as Internet access, MMS, SMS sending and receiving, etc., so that the first operating system does not need to be connected to the network, thereby avoiding virus intrusion due to networking. The problem occurs to further ensure the security of the data in the first operating system.
在上述技术方案中,优选地,所述第一处理单元208包括第一控制子单元(图中未示出),用于在所述第一处理单元208需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元210与所述外部设备216之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备216进行的交互时, 向所述第二处理单元210发送反馈信号,通知所述第二处理单元210继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the first processing unit 208 includes a first control subunit (not shown) for the first processing unit 208 to be based on the first operating system data and When the external device of the terminal interacts, sending an interrupt signal to the second processing unit, interrupting data interaction between the second processing unit 210 and the external device 216, and in the first processing unit Upon completion of the interaction with the external device 216, Sending a feedback signal to the second processing unit 210 informing the second processing unit 210 to continue data interaction with the external device.
在该技术方案中,正是由于终端被配置了多个处理器,因此处理器与外部设备的交互变得相对复杂,为了协调多个处理器与外部设备的交互过程和顺序,在该技术方案中提供了当用于处理第一操作系统数据的第一处理单元需紧急处理刚刚发生的业务数据时,控制用于处理第二操作系统数据的第二处理单元中断正在处理的业务数据,并处于等待状态,在第一处理单元完成与外部设备的交互时,通知第二处理单元继续未完成的数据交互,通过这样的处理机制,能够保证用户相对重要、紧急的业务数据被优先处理,并且也不会影响其他业务数据的处理。In this technical solution, since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Providing that when the first processing unit for processing the first operating system data needs to urgently process the business data that has just occurred, controlling the second processing unit for processing the second operating system data interrupts the business data being processed, and is in Waiting for a state, when the first processing unit completes the interaction with the external device, notifying the second processing unit to continue the uncompleted data interaction. Through such a processing mechanism, the relatively important and urgent service data of the user can be preferentially processed, and Does not affect the processing of other business data.
在上述技术方案中,优选地,所述第二处理单元210包括第二控制子单元(图中未示出),在所述第二处理单元210需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元208发送中断信号,中断所述第一处理单元208与所述外部设备216之间进行的数据交互,以及在所述第二处理单元210完成与所述外部设备216进行的数据交互时,向所述第一处理单元208发送反馈信号,通知所述第一处理单元208继续进行与所述外部设备216之间的数据交互。In the above technical solution, preferably, the second processing unit 210 includes a second control subunit (not shown), and the second processing unit 210 needs to be according to the second operating system data and the When the external device interacts, an interrupt signal is sent to the first processing unit 208, the data interaction between the first processing unit 208 and the external device 216 is interrupted, and the second processing unit 210 completes the When the data is exchanged by the external device 216, a feedback signal is sent to the first processing unit 208 to notify the first processing unit 208 to continue data interaction with the external device 216.
同理,第二处理单元在需与外部设备进行交互时,也需向第一处理单元发送中断信号,保证最紧急、最近的业务数据能够被优先处理。Similarly, when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
图3示出了根据本发明的实施例的数据处理方法的流程图。FIG. 3 shows a flow chart of a data processing method in accordance with an embodiment of the present invention.
如图3所示,根据本发明的实施例的数据处理方法,用于终端,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述终端还包括第一处理单元、第二处理单元、第一通信单元、第二通信单元、第一存储单元、第二存储单元和监控控制单元,所述方法包括:步骤302,通过第一通信单元接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;步骤304,通过第二通信单元,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;步骤306,通过所述监控控制单元接收来自所述第一通信单元和所述第二通信单元的 第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元;步骤308,通过第一处理单元处理所述第一操作系统数据,并基于所述第一操作系统数据与所述终端的外部设备进行数据交互;步骤310,通过所述第二处理单元处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。As shown in FIG. 3, a data processing method according to an embodiment of the present invention is used for a terminal, where the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than the first a security level of the operating system, the terminal further comprising a first processing unit, a second processing unit, a first communication unit, a second communication unit, a first storage unit, a second storage unit, and a monitoring control unit, the method comprising Step 302: Receive first service data from the first identity card by using the first communication unit, and transmit the first service data to the monitoring control unit; Step 304, receive, by using the second communication unit, Second identifying the second service data of the card and transmitting the second service data to the monitoring control unit; step 306, receiving, by the monitoring control unit, the first communication unit and the second communication unit of Decoding the first service data and the second service data into the first operating system data and the second operating system data corresponding to the first operating system, and dividing the first service data and the second service data The first operating system data is sent to the first processing unit, and the second operating system data is sent to the second processing unit; in step 308, the first operating system data is processed by the first processing unit, and Performing data interaction with an external device of the terminal based on the first operating system data; step 310, processing the second operating system data by the second processing unit, and based on the second operating system data and the The external device of the terminal performs data interaction.
在该技术方案中,为了提高数据安全性,终端被配置了多个处理器,并指定不同的处理器处理不同操作系统中的数据。比如,第一操作系统为安全操作系统,第二操作系统为普通操作系统,这样,终端配置两个处理器,一个处理器用来处理安全操作系统中的安全数据,如安全联系人、安全信息、安全通话记录、安全日程、安全记事等数据,另一个处理器用来处理普通操作系统中的数据,如照片、普通联系人、普通短信、普通通话记录、普通日程、普通记事等,从而能够使众多的数据被分成多类分别进行处理,不仅可以加快响应速度,还可以从根本上保证数据的安全性,提高系统稳定性。In this technical solution, in order to improve data security, a terminal is configured with multiple processors, and different processors are designated to process data in different operating systems. For example, the first operating system is a secure operating system, and the second operating system is a normal operating system. Thus, the terminal is configured with two processors, one processor for processing security data in a secure operating system, such as security contacts, security information, Secure call log, security schedule, security note and other data, another processor is used to process data in the common operating system, such as photos, ordinary contacts, ordinary text messages, ordinary call records, ordinary schedules, ordinary notes, etc., so that many The data is divided into multiple categories for processing, which not only can speed up the response, but also fundamentally ensure the security of the data and improve the stability of the system.
其中,外部设备是指终端除处理器、通信单元之外的其他相关器件,例如屏幕、传感器、蓝牙、WIFI、照相机等。The external device refers to other related devices except the processor and the communication unit, such as a screen, a sensor, a Bluetooth, a WIFI, a camera, and the like.
在上述技术方案中,优选地,还包括:通过第一存储单元对所述第一处理单元处理后的第一操作系统数据进行存储;通过第二存储单元对所述第二处理单元处理后的第二操作系统数据进行存储。In the above technical solution, preferably, the method further includes: storing, by using the first storage unit, the first operating system data processed by the first processing unit; and processing, by the second storage unit, the second processing unit The second operating system data is stored.
在该技术方案中,将不同处理单元处理后的数据储存到不同的储存空间中,这样可以更好的保障用户个人私有信息的数据安全。In the technical solution, the data processed by the different processing units is stored in different storage spaces, so that the data security of the user's personal private information can be better protected.
在上述技术方案中,优选地,还包括:在通过所述第一处理单元处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。In the above technical solution, preferably, the method further includes: when the first operating system data is processed by the first processing unit, if the first operating system data involves data service data, sending the data service data Go to the second processing unit to cause the second processing unit to process the data service.
在该技术方案中,第一操作系统的第一处理单元不处理数据业务数据, 如上网、彩信、短信收发等数据,这样,第一操作系统就不需要联网,从而避免因为联网导致病毒入侵等问题发生,进一步保证第一操作系统中的数据的安全。In this technical solution, the first processing unit of the first operating system does not process the data service data, The above network, MMS, SMS sending and receiving data, in this way, the first operating system does not need to be connected to the network, thereby avoiding problems such as virus intrusion caused by networking, and further ensuring the security of the data in the first operating system.
在上述技术方案中,优选地,还包括:在所述第一处理单元需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元与所述外部设备之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备进行的交互时,向所述第二处理单元发送反馈信号,通知所述第二处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the method further includes: when the first processing unit needs to interact with an external device of the terminal according to the first operating system data, sending an interrupt signal to the second processing unit, Interrupting data interaction between the second processing unit and the external device, and sending a feedback signal to the second processing unit when the first processing unit completes interaction with the external device, notifying The second processing unit continues with data interaction with the external device.
在该技术方案中,正是由于终端被配置了多个处理器,因此处理器与外部设备的交互变得相对复杂,为了协调多个处理器与外部设备的交互过程和顺序,在该技术方案中提供了当用于处理第一操作系统数据的第一处理单元需紧急处理刚刚发生的业务数据时,控制用于处理第二操作系统数据的第二处理单元中断正在处理的业务数据,并处于等待状态,在第一处理单元完成与外部设备的交互时,通知第二处理单元继续未完成的数据交互,通过这样的处理机制,能够保证用户相对重要、紧急的业务数据被优先处理,并且也不会影响其他业务数据的处理。In this technical solution, since the terminal is configured with multiple processors, the interaction between the processor and the external device becomes relatively complicated, in order to coordinate the interaction process and sequence of the multiple processors with the external device, in the technical solution Providing that when the first processing unit for processing the first operating system data needs to urgently process the business data that has just occurred, controlling the second processing unit for processing the second operating system data interrupts the business data being processed, and is in Waiting for a state, when the first processing unit completes the interaction with the external device, notifying the second processing unit to continue the uncompleted data interaction. Through such a processing mechanism, the relatively important and urgent service data of the user can be preferentially processed, and Does not affect the processing of other business data.
在上述技术方案中,优选地,还包括:在所述第二处理单元需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元发送中断信号,中断所述第一处理单元与所述外部设备之间进行的数据交互,以及在所述第二处理单元完成与所述外部设备进行的数据交互时,向所述第一处理单元发送反馈信号,通知所述第一处理单元继续进行与所述外部设备之间的数据交互。In the above technical solution, preferably, the method further includes: when the second processing unit needs to interact with the external device according to the second operating system data, sending an interrupt signal to the first processing unit, interrupting the Determining data interaction between the first processing unit and the external device, and sending a feedback signal to the first processing unit when the second processing unit completes data interaction with the external device, notifying the The first processing unit continues with data interaction with the external device.
同理,第二处理单元在需与外部设备进行交互时,也需向第一处理单元发送中断信号,保证最紧急、最近的业务数据能够被优先处理。Similarly, when the second processing unit needs to interact with the external device, it also needs to send an interrupt signal to the first processing unit to ensure that the most urgent and recent service data can be preferentially processed.
下面以第一通信单元为Modem1,第二通信单元为Modem2,第一处理单元为CPU1,第二处理单元为CPU2,第一存储单元为存储器RAM1和EMMC1,第二存储单元为存储器RAM2和EMMC2,第一操作系统为安全系统,第二操作系统为普通系统为例,详细说明本发明的技术方案。 The first communication unit is Modem1, the second communication unit is Modem2, the first processing unit is CPU1, the second processing unit is CPU2, the first storage unit is memory RAM1 and EMMC1, and the second storage unit is memory RAM2 and EMMC2. The first operating system is a security system, and the second operating system is an ordinary system. The technical solution of the present invention is described in detail.
图4示出了根据本发明的实施例的安全系统的数据处理方法的流程图。4 shows a flow chart of a data processing method of a security system in accordance with an embodiment of the present invention.
如图4所示,根据本发明的实施例的安全系统的数据处理方法,包括:As shown in FIG. 4, a data processing method of a security system according to an embodiment of the present invention includes:
步骤402,CPU1处理由监控控制单元筛选出的Modem1和Modem2上传的安全数据,由安全系统单独处理。Step 402: The CPU1 processes the security data uploaded by Modem1 and Modem2 filtered by the monitoring control unit, and is separately processed by the security system.
步骤404,将安全系统中的相关数据储存在RAM1和EMMC1中。 Step 404, storing related data in the security system in RAM1 and EMMC1.
具体地,定义CPU1只处理安全系统中的私有数据,如安全联系人、安全信息、安全通话记录、安全日程、安全记事,这些数据都储存在专用储存器RAM1和EMMC1中,从而保障储存和处理个人私有信息的数据安全。Specifically, the CPU 1 is defined to process only private data in the security system, such as security contacts, security information, secure call records, security schedules, and security notes, which are stored in the dedicated storage RAM1 and EMMC1, thereby ensuring storage and processing. Data security for personal private information.
图5示出了根据本发明的实施例的普通系统的数据处理方法的流程图。FIG. 5 shows a flow chart of a data processing method of a general system according to an embodiment of the present invention.
如图5所示,根据本发明的实施例的普通系统的数据处理方法,包括:As shown in FIG. 5, a data processing method of a general system according to an embodiment of the present invention includes:
步骤502,CPU2处理由监控控制单元筛选出的Modem1和Modem2上传的公开信息数据,由普通系统单独处理。Step 502: The CPU 2 processes the public information data uploaded by the Modem1 and the Modem2 filtered by the monitoring control unit, and is processed by the ordinary system separately.
步骤504,将普通系统中的相关数据储存在RAM2和EMMC2中。In step 504, the related data in the normal system is stored in the RAM 2 and the EMMC 2.
具体地,定义CPU2只处理普通系统中的公开信息数据,如照片、普通联系人、普通短信、普通通话记录、普通日程、普通记事等,这些都储存在专用储存器RAM2和EMMC2中。Specifically, the CPU 2 is defined to process only public information data in a normal system, such as photos, general contacts, ordinary short messages, normal call records, general schedules, general notes, etc., which are stored in the dedicated storage RAM 2 and EMMC 2.
图6出了根据本发明的一个实施例的数据处理方法的流程图。Figure 6 shows a flow chart of a data processing method in accordance with one embodiment of the present invention.
如图6所示,根据本发明的实施例的数据处理方法的流程,包括:As shown in FIG. 6, the flow of a data processing method according to an embodiment of the present invention includes:
步骤602,监视控制单元筛选Modem1中的数据。In step 602, the monitoring control unit filters the data in Modem1.
步骤604,判断当前数据是否是安全数据,若判断结果为是,进入步骤608,判断结果为否,进入步骤606。In step 604, it is determined whether the current data is security data. If the determination result is yes, the process proceeds to step 608, and the determination result is no, and the process proceeds to step 606.
步骤606,判断不是安全数据,将数据交由普通系统的CPU2处理。In step 606, it is judged that it is not secure data, and the data is handed over to the CPU 2 of the general system for processing.
步骤608,判断是安全数据,将数据交由安全系统的CPU1处理。In step 608, it is judged that it is security data, and the data is handed over to the CPU 1 of the security system for processing.
步骤610,监视控制单元筛选Modem2中数据。In step 610, the monitoring control unit filters the data in Modem2.
步骤612,判断当前数据是否是安全数据,若判断结果为是,进入步骤616,若判断结果为否,进入步骤614。 In step 612, it is determined whether the current data is security data. If the determination result is yes, the process proceeds to step 616. If the determination result is negative, the process proceeds to step 614.
步骤614,判断不是安全数据,将数据交由普通系统的CPU2处理。In step 614, it is judged that it is not secure data, and the data is handed over to the CPU 2 of the general system for processing.
步骤616,判断是安全数据,将数据交由安全系统的CPU1处理。At step 616, the determination is security data, and the data is handed over to the CPU 1 of the security system for processing.
具体地,考虑到Modem1和Modem2都会产生语音业务和数据业务数据,在Modem1、Modem2和CPU1、CPU2之间设置一个监控控制单元,由监控控制单元筛选出Modem1和Modem2的不同数据,安全数据交给安全系统中的CPU1处理,并储存在RAM1和EMMC1中,公开数据交给普通系统中的CPU2处理,并储存RAM2和EMMC2中,这些数据通过不同的CPU和外部设备进行交互。Specifically, considering that both Modem1 and Modem2 generate voice service and data service data, a monitoring control unit is set between Modem1, Modem2, and CPU1 and CPU2, and different data of Modem1 and Modem2 are filtered by the monitoring control unit, and the security data is handed over to The CPU 1 in the security system processes and stores it in RAM1 and EMMC1, and the public data is handed over to the CPU 2 in the normal system for processing, and is stored in RAM2 and EMMC2, and the data is exchanged through different CPUs and external devices.
图7了根据本发明的实施例的不同CPU和外部设备互交的具体流程图。Figure 7 is a detailed flow diagram of the interworking of different CPUs and external devices in accordance with an embodiment of the present invention.
如图7所示,不同CPU和外部设备互交的具体流程,包括:As shown in Figure 7, the specific processes for the interaction between different CPUs and external devices include:
步骤702,判断CPU1是否接收到CPU2发来的中断信号,若判断结果为是,进入步骤704,若判断结果为否,进入步骤706。In step 702, it is determined whether the CPU 1 receives the interrupt signal sent by the CPU 2. If the determination result is yes, the process proceeds to step 704. If the determination result is negative, the process proceeds to step 706.
步骤704,断开与外设的连接。 Step 704, disconnecting from the peripheral device.
步骤706,判断当前业务是否需要使用外设,若判断结果为是,进入步骤708。In step 706, it is determined whether the current service needs to use the peripheral device. If the determination result is yes, the process proceeds to step 708.
步骤708,CPU2向CPU1发送中断信号,返回步骤702。In step 708, the CPU 2 sends an interrupt signal to the CPU 1, and returns to step 702.
步骤710,判断CPU2是否接收到CPU1发来的中断信号,若判断结果为是,进入步骤712,若判断结果为否,进入步骤714。In step 710, it is determined whether the CPU 2 receives the interrupt signal sent by the CPU 1. If the determination result is YES, the process proceeds to step 712. If the determination result is negative, the process proceeds to step 714.
步骤712,断开与外设的连接。In step 712, the connection to the peripheral is disconnected.
步骤714,判断当前业务是否需要使用外设,若判断结果为是,进入步骤716。In step 714, it is determined whether the current service needs to use the peripheral device. If the determination result is yes, the process proceeds to step 716.
步骤716,CPU2向CPU1发送中断信号,返回步骤710。In step 716, the CPU 2 sends an interrupt signal to the CPU 1, and returns to step 710.
具体地,考虑到用户使用手机存在一些交互场景,不同场景下需要使用不同的CPU控制,可以在两个CPU之间增加中断控制信号,通过中断控制信号,通过中断信号实现不同CPU控制,如前用户在上网时,手机安全系统SED中的安全联系人突然来电,CPU2给CPU1发一个中断信号,将对数据的处理权交给CPU1处理,从而保障用户私密数据的安全。Specifically, considering that there are some interaction scenarios in the user using the mobile phone, different CPU controls are needed in different scenarios, and an interrupt control signal can be added between the two CPUs, and the interrupt control signal is used to implement different CPU control by interrupting the signal, as before. When the user is on the Internet, the security contact in the mobile security system SED suddenly calls, and the CPU2 sends an interrupt signal to the CPU1, and the processing right of the data is given to the CPU1 for processing, thereby ensuring the security of the user's private data.
以上结合附图详细说明了本发明的技术方案,通过本发明的技术方案, 在双系统的新型双待机的手机中每个Modem都配备一个专用的CPU、RAM和EMMC,并物理完全分开,其中CPU1定义只处理安全系统中的私有数据,CPU2定义只处理普通系统中的公开信息数据,通过监控控制域筛选出安全系统和普通系统的数据,将数据交由不同的CPU处理,保证私密数据的安全,极大的提高不同数据的处理时间,提高用户的体验。The technical solution of the present invention is described in detail above with reference to the accompanying drawings, by the technical solution of the present invention, In the dual-system dual standby mobile phone, each Modem is equipped with a dedicated CPU, RAM and EMMC, and is physically separated. CPU1 defines only the private data in the security system, and CPU2 defines only the public in the system. The information data is used to filter out the data of the security system and the common system through the monitoring control domain, and the data is processed by different CPUs to ensure the security of the private data, greatly improve the processing time of different data, and improve the user experience.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (10)

  1. 一种数据处理装置,用于终端,其特征在于,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述装置包括:A data processing device is used for a terminal, wherein the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than a security level of the second operating system, The device includes:
    第一通信单元,与监控控制单元连接,接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;The first communication unit is connected to the monitoring control unit, receives the first service data from the first identity card, and transmits the first service data to the monitoring control unit;
    第二通信单元,与所述监控控制单元连接,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;a second communication unit, connected to the monitoring control unit, receiving second service data from the second identity card, and transmitting the second service data to the monitoring control unit;
    所述监控控制单元,连接在所述第一通信单元和第一处理单元、所述第二通信单元和第二处理单元之间,接收来自所述第一通信单元和所述第二通信单元的第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元;The monitoring control unit is connected between the first communication unit and the first processing unit, the second communication unit, and the second processing unit, and receives the first communication unit and the second communication unit Decoding the first service data and the second service data into the first operating system data and the second operating system data corresponding to the first operating system, and dividing the first service data and the second service data Transmitting the first operating system data to the first processing unit, and sending the second operating system data to the second processing unit;
    所述第一处理单元,用于处理所述第一操作系统数据,并基于所述第一操作系统数据与所述终端的外部设备进行数据交互;The first processing unit is configured to process the first operating system data, and perform data interaction with an external device of the terminal based on the first operating system data;
    所述第二处理单元,用于处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。The second processing unit is configured to process the second operating system data, and perform data interaction with an external device of the terminal based on the second operating system data.
  2. 根据权利要求1所述的数据处理装置,其特征在于,还包括:The data processing apparatus according to claim 1, further comprising:
    第一存储单元,连接至所述第一处理单元,用于对所述第一处理单元处理后的第一操作系统数据进行存储;a first storage unit, connected to the first processing unit, configured to store the first operating system data processed by the first processing unit;
    第二存储单元,连接至所述第二处理单元,用于对所述第二处理单元处理后的第二操作系统数据进行存储。The second storage unit is connected to the second processing unit, and configured to store the second operating system data processed by the second processing unit.
  3. 根据权利要求1或2所述的数据处理装置,其特征在于,还包括:The data processing device according to claim 1 or 2, further comprising:
    所述第一处理单元还用于:The first processing unit is further configured to:
    在处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。 When processing the first operating system data, if the first operating system data involves data service data, sending the data service data to the second processing unit, so that the second processing unit Data services are processed.
  4. 根据权利要求1所述的数据处理装置,其特征在于,所述第一处理单元包括第一控制子单元,用于在所述第一处理单元需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元与所述外部设备之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备进行的交互时,向所述第二处理单元发送反馈信号,通知所述第二处理单元继续进行与所述外部设备之间的数据交互。The data processing apparatus according to claim 1, wherein the first processing unit comprises a first control subunit, and the first processing unit is required to use the first operating system data according to the terminal When the external device interacts, sending an interrupt signal to the second processing unit, interrupting data interaction between the second processing unit and the external device, and completing the external processing with the external processing unit And performing a feedback signal to the second processing unit to notify the second processing unit to continue data interaction with the external device.
  5. 根据权利要求1所述的数据处理装置,其特征在于,所述第二处理单元包括第二控制子单元,在所述第二处理单元需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元发送中断信号,中断所述第一处理单元与所述外部设备之间进行的数据交互,以及在所述第二处理单元完成与所述外部设备进行的数据交互时,向所述第一处理单元发送反馈信号,通知所述第一处理单元继续进行与所述外部设备之间的数据交互。The data processing apparatus according to claim 1, wherein said second processing unit comprises a second control subunit, and said second processing unit is required to perform said external computer based on said second operating system data Transmitting, sending an interrupt signal to the first processing unit, interrupting data interaction between the first processing unit and the external device, and completing data with the external device at the second processing unit When interacting, a feedback signal is sent to the first processing unit to notify the first processing unit to continue data interaction with the external device.
  6. 一种数据处理方法,用于终端,其特征在于,所述终端包括第一操作系统和第二操作系统,其中所述第一操作系统的安全级别高于所述第二操作系统的安全级别,所述终端还包括第一处理单元、第二处理单元、第一通信单元、第二通信单元、第一存储单元、第二存储单元和监控控制单元,所述方法包括:A data processing method for a terminal, wherein the terminal includes a first operating system and a second operating system, wherein a security level of the first operating system is higher than a security level of the second operating system, The terminal further includes a first processing unit, a second processing unit, a first communication unit, a second communication unit, a first storage unit, a second storage unit, and a monitoring control unit, the method comprising:
    通过第一通信单元接收来自第一身份识别卡的第一业务数据,并将所述第一业务数据传输至所述监控控制单元;Receiving, by the first communication unit, first service data from the first identity card, and transmitting the first service data to the monitoring control unit;
    通过第二通信单元,接收来自第二身份识别卡的第二业务数据,并将所述第二业务数据传输至所述监控控制单元;Receiving, by the second communication unit, second service data from the second identity card, and transmitting the second service data to the monitoring control unit;
    通过所述监控控制单元接收来自所述第一通信单元和所述第二通信单元的第一业务数据和第二业务数据,并将所述第一业务数据和所述第二业务数据划分为所述第一操作系统对应的第一操作系统数据和第二操作系统数据,并将所述第一操作系统数据发送至所述第一处理单元,将所述第二操作系统数据发送至所述第二处理单元;Receiving, by the monitoring control unit, first service data and second service data from the first communication unit and the second communication unit, and dividing the first service data and the second service data into Transmitting the first operating system data and the second operating system data corresponding to the first operating system, and sending the first operating system data to the first processing unit, and sending the second operating system data to the first Two processing unit;
    通过第一处理单元处理所述第一操作系统数据,并基于所述第一操作 系统数据与所述终端的外部设备进行数据交互;Processing the first operating system data by the first processing unit and based on the first operation The system data performs data interaction with an external device of the terminal;
    通过所述第二处理单元处理所述第二操作系统数据,并基于所述第二操作系统数据与所述终端的外部设备进行数据交互。Processing, by the second processing unit, the second operating system data, and performing data interaction with an external device of the terminal based on the second operating system data.
  7. 根据权利要求6所述的数据处理方法,其特征在于,还包括:The data processing method according to claim 6, further comprising:
    通过第一存储单元对所述第一处理单元处理后的第一操作系统数据进行存储;And storing, by the first storage unit, the first operating system data processed by the first processing unit;
    通过第二存储单元对所述第二处理单元处理后的第二操作系统数据进行存储。The second operating system data processed by the second processing unit is stored by the second storage unit.
  8. 根据权利要求6或7所述的数据处理方法,其特征在于,还包括:The data processing method according to claim 6 or 7, further comprising:
    在通过所述第一处理单元处理第一操作系统数据时,若所述第一操作系统数据中涉及数据业务数据,则将所述数据业务数据发送至所述第二处理单元,以使所述第二处理单元对所述数据业务进行处理。When the first operating system data is processed by the first processing unit, if data traffic data is involved in the first operating system data, the data service data is sent to the second processing unit, so that the The second processing unit processes the data service.
  9. 根据权利要求6所述的数据处理方法,其特征在于,还包括:The data processing method according to claim 6, further comprising:
    在所述第一处理单元需根据所述第一操作系统数据与所述终端的外部设备进行交互时,向所述第二处理单元发送中断信号,中断所述第二处理单元与所述外部设备之间进行的数据交互,以及在所述第一处理单元完成与所述外部设备进行的交互时,向所述第二处理单元发送反馈信号,通知所述第二处理单元继续进行与所述外部设备之间的数据交互。And when the first processing unit needs to interact with the external device of the terminal according to the first operating system data, sending an interrupt signal to the second processing unit, interrupting the second processing unit and the external device Data interaction between the two, and when the first processing unit completes interaction with the external device, sending a feedback signal to the second processing unit to notify the second processing unit to proceed with the external Data interaction between devices.
  10. 根据权利要求6所述的数据处理方法,其特征在于,还包括:The data processing method according to claim 6, further comprising:
    在所述第二处理单元需根据所述第二操作系统数据与所述外部设备进行交互时,向所述第一处理单元发送中断信号,中断所述第一处理单元与所述外部设备之间进行的数据交互,以及在所述第二处理单元完成与所述外部设备进行的数据交互时,向所述第一处理单元发送反馈信号,通知所And when the second processing unit needs to interact with the external device according to the second operating system data, sending an interrupt signal to the first processing unit, interrupting between the first processing unit and the external device Data interaction performed, and when the second processing unit completes data interaction with the external device, sending a feedback signal to the first processing unit to notify the
    述第一处理单元继续进行与所述外部设备之间的数据交互。 The first processing unit continues with data interaction with the external device.
PCT/CN2015/082877 2015-01-22 2015-06-30 Data processing apparatus and data processing method WO2016115833A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510033718.5A CN104618894B (en) 2015-01-22 2015-01-22 Data processing equipment and data processing method
CN201510033718.5 2015-01-22

Publications (1)

Publication Number Publication Date
WO2016115833A1 true WO2016115833A1 (en) 2016-07-28

Family

ID=53153128

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082877 WO2016115833A1 (en) 2015-01-22 2015-06-30 Data processing apparatus and data processing method

Country Status (2)

Country Link
CN (1) CN104618894B (en)
WO (1) WO2016115833A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109802774A (en) * 2019-02-18 2019-05-24 深圳市岚明电子科技有限公司 Data uploading method and communication equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618894B (en) * 2015-01-22 2018-05-15 宇龙计算机通信科技(深圳)有限公司 Data processing equipment and data processing method
CN104811530A (en) * 2015-03-02 2015-07-29 西安酷派软件科技有限公司 Multisystem communication terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100097386A1 (en) * 2008-10-20 2010-04-22 Samsung Electronics Co. Ltd. Apparatus and method for operating multiple operating systems in multi-modem mobile communication terminal
CN103391191A (en) * 2013-07-30 2013-11-13 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103402013A (en) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103458125A (en) * 2013-09-06 2013-12-18 叶鼎 High-grade privacy smart phone and method for protecting private information thereof
CN104159329A (en) * 2014-09-03 2014-11-19 谭卫 Mobile terminal and application method thereof
CN104618894A (en) * 2015-01-22 2015-05-13 宇龙计算机通信科技(深圳)有限公司 Data processing device and method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103402018A (en) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103369525A (en) * 2013-07-30 2013-10-23 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103354495B (en) * 2013-07-30 2016-12-28 东莞宇龙通信科技有限公司 Terminal and data processing method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100097386A1 (en) * 2008-10-20 2010-04-22 Samsung Electronics Co. Ltd. Apparatus and method for operating multiple operating systems in multi-modem mobile communication terminal
CN103391191A (en) * 2013-07-30 2013-11-13 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103402013A (en) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 Terminal and data processing method
CN103458125A (en) * 2013-09-06 2013-12-18 叶鼎 High-grade privacy smart phone and method for protecting private information thereof
CN104159329A (en) * 2014-09-03 2014-11-19 谭卫 Mobile terminal and application method thereof
CN104618894A (en) * 2015-01-22 2015-05-13 宇龙计算机通信科技(深圳)有限公司 Data processing device and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109802774A (en) * 2019-02-18 2019-05-24 深圳市岚明电子科技有限公司 Data uploading method and communication equipment

Also Published As

Publication number Publication date
CN104618894B (en) 2018-05-15
CN104618894A (en) 2015-05-13

Similar Documents

Publication Publication Date Title
JP6235017B2 (en) Apparatus and method for mobile communications computing
JP5611338B2 (en) Providing security for virtual mobile devices
JP5620482B2 (en) Control usage of virtual mobile devices
JP2012531676A (en) Virtual mobile device
CN104216761B (en) It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system
CN105657712B (en) Access control method and device for WiFi hotspot
CN103019837A (en) Resource scheduling method, device and terminal equipment
WO2016115833A1 (en) Data processing apparatus and data processing method
TW201635139A (en) Application permission management system, management device and method thereof
CN103400081A (en) Terminal and display control method of user interface
CN102572814B (en) A kind of mobile terminal virus monitor method, system and device
TW201902285A (en) Method and terminal for determining establishment cause
EP2949083B1 (en) Receiving a communication event
WO2012163113A1 (en) Method and device for data service protection
TWI617967B (en) System and method for generating multi-interface
CN103402017B (en) Terminal and data processing method
CN103402199A (en) Terminal and safe data processing method
CN103369148B (en) Terminal and data processing method
US20150326536A1 (en) System and method for execution of dedicated personas in mobile technology platforms
CN104301567A (en) Network communication method and system
WO2019134638A1 (en) Information processing method and device, terminal, and storage medium
CN103391191A (en) Terminal and data processing method
WO2017166620A1 (en) Communication information processing method and apparatus, communication terminal, and electronic device
CN103402013A (en) Terminal and data processing method
CN103368724A (en) Terminal and data processing method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15878505

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15878505

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07/12/2017)

122 Ep: pct application non-entry in european phase

Ref document number: 15878505

Country of ref document: EP

Kind code of ref document: A1