CN101685484A - Computer and data exchange method of operating system thereof - Google Patents

Computer and data exchange method of operating system thereof Download PDF

Info

Publication number
CN101685484A
CN101685484A CN200810223222A CN200810223222A CN101685484A CN 101685484 A CN101685484 A CN 101685484A CN 200810223222 A CN200810223222 A CN 200810223222A CN 200810223222 A CN200810223222 A CN 200810223222A CN 101685484 A CN101685484 A CN 101685484A
Authority
CN
China
Prior art keywords
data
operating system
memory module
data channel
swap
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810223222A
Other languages
Chinese (zh)
Inventor
宁晓魁
胡民
郭轶尊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN200810223222A priority Critical patent/CN101685484A/en
Publication of CN101685484A publication Critical patent/CN101685484A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a computer and data exchange method of an operating system thereof, wherein the computer comprises a first operating system, a second operating system, a first data channel belonging to the first operating system and a second data channel belonging to the second operating system, and a third storage module, wherein the second operating system is separated from the first operating system; the first data channel and the second data channel are arranged in a chip; the third storage module is connected with the first data channel and the second data channel; the first operating system can and only can realize data interaction with the third storage module by the first data channel; and the second operating system can and only can realize data interaction with the third storage module by the second data channel. The scheme can realize that IT managers in an enterprise formulate safety strategies to outworkers or isolation mechanisms with large interactive data quantity of an internal network and an external network, and realize data exchange of the internal network and the external network on a local machine.

Description

Method for interchanging data between a kind of computing machine and operating system thereof
Technical field
The present invention relates to the data security technical field, the method for interchanging data between particularly a kind of computing machine and operating system thereof.
Background technology
E-Government requires " physical isolation " between the inside and outside network, therefore uses two net isolation machines, carries out physical isolation in network service.
But the physical isolation of network is brought a lot of inconvenience to data communication, increasingly mature along with Network, and the demand of exchanges data is proposed strong.
Demand according to this exchanges data, begin most to adopt the mode of manual delivery, just copy data to a storage medium from a computing machine, then the copying data in this storage medium is arrived an other computing machine, clearly this mode not only bothers, and efficient is extremely low.
In order to change the shortcoming of above-mentioned processing mode, the gateway technology had appearred afterwards, it utilizes intermediate data to switch the district, be connected to timesharing with intranet and extranet, but moment only is connected with a network, keep the physical isolation of intranet and extranet, the switching of realization data.
Yet the inventor finds that there is following shortcoming at least in prior art in realizing implementation procedure of the present invention:
Because the center gateway is in certain location, therefore at some specific occasions (as user's out using double network isolation computer), the user can't use the center gateway to carry out exchanges data, and will be mutual for frequent inside and outside netting index certificate simultaneously, use the also very inconvenience of center gateway.
Summary of the invention
The purpose of the embodiment of the invention provides the method for interchanging data between a kind of computing machine and operating system thereof, realize on the computing machine isolating between the heterogeneous networks and operating system between safe and reliable exchanges data.
To achieve these goals, the embodiment of the invention provides a kind of computing machine, comprising:
First operating system;
Second operating system, and isolate mutually between described first operating system;
Be arranged at first data channel that is specific to described first operating system and second data channel that is specific to described second operating system in the chip;
The 3rd memory module is connected with described second data channel with described first data channel;
The described first operating system energy and only can by described first data channel realize and described the 3rd memory module between data interaction; The described second operating system energy and only can by described second data channel realize and described the 3rd memory module between data interaction.
Preferably, described first data channel that is specific to described first operating system is arranged in the safety chip with second data channel that is specific to described second operating system.
Preferably, described first operating system is provided with first data exchange module, described second operating system is provided with second data exchange module, the described first data exchange module energy and only can by described first data channel realize and described the 3rd memory module between data interaction; The described second data exchange module energy and only can by described the 3rd data channel realize and described second memory module between data interaction.
Preferably, described the 3rd memory module is provided with:
Data storage cell;
Monitoring unit is used to monitor data read command or write order from described data channel;
Processing unit, be used for when listening to the data write order, treat swap data from the data channel reception that receives described data write order, and send to described data storage cell, and when the monitored data read command, the described swap data for the treatment of is sent from the data channel that receives described data read command.
Preferably, be provided with in the described safety chip:
First authentication ' unit is used for asking the operating system and the user that carry out exchanges data to authenticate to described first operating system and described second operating system.
Preferably, be provided with in the described safety chip:
The policy configurations unit is used to dispose security strategy;
Judging unit is used for judging whether that according to described security strategy strategy the operating system and described second memory module that allow described request to carry out exchanges data carry out data interaction.
Preferably, the data of transmitting between described data exchange module and described second memory module are platform configuration register binding ciphered data.
To achieve these goals, the embodiment of the invention also provides the method for interchanging data between a kind of operation system of computer, it is characterized in that, comprising:
First operating system reads from first data memory module corresponding with described first operating system and treats swap data;
Described first operating system utilizes first data channel of the described first operating system special use with described switched data transmission to the three data memory modules for the treatment of;
Wherein, the described swap data for the treatment of that is transferred to described the 3rd data memory module is switched to described second operating system after second data channel of being utilized the described second operating system special use by second operating system reads;
Described first data memory module, described second data memory module and described the 3rd data memory module physical isolation.
Preferably, described first operating system utilizes described first data channel that described switched data transmission to the three memory modules for the treatment of are specifically comprised:
Described first operating system and described the 3rd memory module utilize the status register of described first data channel mutual, notify the opposite end to be ready for exchanges data mutually;
Described first operating system writes described data length and the described swap data for the treatment of of treating swap data to described first data channel;
Described the 3rd memory module reads the described swap data for the treatment of from described first data channel, and judges according to described data length whether the described swap data for the treatment of finishes receiving;
Described the 3rd memory module judge described treat that swap data finishes receiving after, preserve the described swap data for the treatment of and arrive described the 3rd memory module.
Preferably, when described the 3rd memory module receives when wrong judging the described swap data for the treatment of, notify described first operating system to restart exchanges data.
Preferably, second operating system is utilized described second data channel to read the described swap data for the treatment of from described the 3rd memory module specifically to comprise:
Described second operating system and described the 3rd memory module utilize the status register of second data channel of described safety chip mutual, notify the opposite end to prepare to carry out exchanges data mutually;
Described the 3rd memory module writes described data length and the described swap data for the treatment of of treating swap data in the described three module to described second data channel;
Described second operating system reads the described swap data for the treatment of from described second data channel, and judges according to described data length whether the described swap data for the treatment of finishes receiving;
Described second operating system judge described treat that swap data finishes receiving after, preserve the described swap data for the treatment of and arrive described second memory module.
Preferably, described second operating system receives when wrong judging the described swap data for the treatment of, notifies described the 3rd memory module to restart exchanges data.
Preferably, described method also comprises step:
Described first operating system and second operating system of auditing and the data interaction behavior of described the 3rd memory module in data exchange process, any described data interaction behavior audit failure then stops described data exchange process.
Preferably, described first operating system and second operating system and described the 3rd memory module The data platform configuration register binding cipher mode in data exchange process transmits.
Preferably, the data exchange process of described first operating system and second operating system and described the 3rd data memory module satisfies pre-configured security strategy.
Preferably, described method also comprises step:
Write down described first operating system and second operating system and the operation behavior of described the 3rd data memory module in described data exchange process.
The embodiment of the invention has following beneficial effect:
In the embodiment of the invention, because different operating system is provided with different special data channels, simultaneously, one of them operating system energy and only can by the first special-purpose data channel realize with the 3rd memory module between data interaction, so realize between the heterogeneous networks safe and reliable exchanges data between isolation and operating system on computers.
Description of drawings
Fig. 1 is the structural representation of computing machine of two operating systems of the specific embodiment of the invention;
Method for interchanging data between the computer internal operation system of Fig. 2 specific embodiment of the invention;
The detailed process synoptic diagram of step 23 in the method for Fig. 3 specific embodiment of the invention;
The detailed process synoptic diagram of step 24 in the method for Fig. 4 specific embodiment of the invention.
Embodiment
In the computing machine and the method for interchanging data between operating system thereof of the specific embodiment of the invention, in computer-internal one at least two Locality corresponding with operating system is set, because each Locality has independent register space and different data channel, therefore different operating system uses the data channel and the data exchange zone of different mutual isolation to carry out can realizing safe and reliable exchanges data alternately.
In specific embodiments of the invention, with safety chip two separate passages being set is that example is elaborated.
Before embodiments of the present invention is described in detail, earlier safety chip is introduced, be beneficial to better understand the embodiment of the invention.
At security attack means commonly used at present, chip has carried out a series of safety Design from hardware point of view, and it comprises:
Total line traffic control: the chip internal bus does not expose, and can't read chip internal information from chip pin;
Frequency detecting: prevent to carry out the electrical characteristics analytical attack by the means that load abnormal frequency;
Voltage detecting: prevent to carry out the electrical characteristics analytical attack by the means that load abnormal voltage;
Wiring is handled: opposing is carried out physical analysis by means such as probe, dissections;
Pin shielding: avoid chip internal information to leak, prevent non-pin mode attack by pin;
Electric current is smoothly controlled: the electric current during to chip operation is smoothly controlled, the opposing energy attack;
Encrypt storage: the sensitive information of chip internal is encrypted storage, and opposing is dissected, and microscope such as reads at physical attacks.
The computing machine of the specific embodiment of the invention comprises:
Mutual at least two operating systems of isolating;
Corresponding with described at least two operating systems respectively and mutual operating system memory module of isolating;
At least two data channel of mutually isolating corresponding with described at least two operating systems;
The exchange memory module is with described and operating system memory module physical isolation;
Each operating system in described at least two operating systems is provided with data exchange module, described data exchange module is used for the data channel by the operating system that is specific to described data exchange module place, carries out data transmission between the operating system relative operation system memory module at described data exchange module place and described exchange memory module.
Be provided with in the described exchange memory module:
Data storage cell is used for storage and is used to treat swap data;
Monitoring unit is used to monitor data read command or write order from described data channel;
Processing unit, be used for when listening to the data write order, receive the described swap data for the treatment of from the data channel that receives described data write order, and send to described data storage cell, and when the monitored data read command, the described swap data for the treatment of is sent from the data channel that receives described data read command.
Described data exchange module comprises:
The passage application unit is used for to described safety chip sendaisle solicitation message, and application is used to carry out the data channel of exchanges data;
In specific embodiments of the invention, the data channel of isolating is arranged in the safety chip mutually, simultaneously, is provided with in the described safety chip:
Data channel is set up the unit, be used for according to described passage solicitation message, set up unique data channel (because corresponding one by one between data exchange module and the operating system corresponding to described data exchange module, that is to say, this data channel is also unique corresponding to operating system), and distribute to the data exchange module of sendaisle solicitation message.
With two operating systems the embodiment of the invention is described below, the computing machine of two operating systems comprises as shown in Figure 1:
First operating system is provided with first data exchange module, and first operating system is corresponding with first memory module simultaneously;
Second operating system, and isolate mutually between described first operating system, being provided with second data exchange module, first operating system is corresponding with second memory module simultaneously;
Safety chip is provided with first data channel that is specific to described first operating system and second data channel that is specific to described second operating system;
The 3rd memory module is connected with described second data channel with described first data channel;
The first data exchange module energy of described first operating system and only can by described first data channel realize and described the 3rd memory module between data interaction; The second data exchange module energy in described second operating system and only can by described second data channel realize and described the 3rd memory module between data interaction.
Can find by above-mentioned description process, carry out exchanges data by safety chip, though be to adopt same safety chip, but because the physical space address of adopting isolates fully, adopt FED4_0xxxh as Locality 0, Locality 1 adopts FED4_1 xxxh address, simultaneously, different Locality has separately configuration register, data register etc., so still realized safe and reliable exchanges data.
To how setting up this data channel be elaborated below.
Computer starting, when needs carry out exchanges data, the first os starting data exchange module;
Data exchange module is by the status register sendaisle solicitation message to the Locality (safety zone that isolates in the safety chip) of safety chip X, and application is used to carry out the data channel of exchanges data;
Safety chip carries out the rights of using checking, sets up and open the data channel that is specific to described operating system by the back in checking.
Method for interchanging data between a kind of operation system of computer of the embodiment of the invention comprises:
First operating system reads from first data memory module corresponding with described first operating system and treats swap data;
Described first operating system utilizes first data channel of the described first operating system special use with described switched data transmission to the three data memory modules for the treatment of;
Wherein, the described swap data for the treatment of that is transferred to described the 3rd data memory module is switched to described second operating system after second data channel of being utilized the described second operating system special use by second operating system reads;
Described first data memory module, second data memory module and the 3rd data memory module physical isolation.
Method for interchanging data between two operating systems of the computing machine of the specific embodiment of the invention is provided with at least two operating systems of mutual isolation in the described computing machine, as shown in Figure 2, this method comprises:
Step 21, safety chip are that at least two operating systems (first operating system and second operating system) of the mutual isolation of computing machine are distributed special data channel respectively;
Step 22, first operating system read from first data memory module corresponding with described first operating system and treat swap data;
Step 23, described first operating system utilize first data channel of the described first operating system special use that the described switched data transmission for the treatment of is arrived and physically-isolated the 3rd memory module of described first data memory module;
Step 24, second operating system utilize second data channel of the described second operating system special use to read the described swap data for the treatment of from described the 3rd memory module;
Step 25, described second operating system is saved in second memory module with the described swap data for the treatment of, described the 3rd memory module and described second memory module and the first memory module physical isolation.
Described first memory module, second memory module and the 3rd memory module are respectively independently physical storage medium, or 3 parts that isolated by isolation card in the same physical storage medium.
In step 21, need distribute special data channels at least two operating systems of the mutual isolation of computing machine, in specific embodiments of the invention, it specifically comprises:
Step 211, computer starting, when needs carried out exchanges data, operating system was to the status register sendaisle solicitation message of the Locality of safety chip X, and application is used to carry out the data channel of exchanges data;
Step 212, safety chip carries out the rights of using checking to described passage solicitation message;
Step 213, after Authority Verification passed through, safety chip was opened unique data channel corresponding to described operating system.
Below, suppose that the data channel of the first operating system special use is the data channel of Locality X, and the data channel of the second operating system special use being the data channel of Locality Y, the process that data are exchanged is described in detail.
Step 23 specifically comprises as shown in Figure 3:
Step 231, first operating system sends first message to the status register of the Locality of the safety chip of correspondence X, and request sends data to data exchange zone;
After step 232, safety chip receive first message, change the value of the status register of described Locality X;
Value indication the other side request that step 233, the 3rd memory module detect the status register of Locality X begins to carry out data when sending, and sends second message to the status register of the Locality of safety chip X, and request begins to carry out Data Receiving;
After step 234, safety chip receive second message, change the value of the status register of described Locality X;
Step 235, when value indication the other side request that first operating system detects status register begins to carry out Data Receiving, data channel to Locality X at first writes data length, write data then, after finishing, status register to the Locality X of the safety chip of correspondence sends message, and designation data is sent completely;
Whether step 236, the 3rd memory module be from the data channel reading of data, and finish receiving according to the data length judgment data that reads;
Step 237, the 3rd memory module judge finish receiving after, and when the value designation data that detects status register is sent completely, send message to the status register of the Locality X of the safety chip of correspondence, designation data finishes receiving.
Certainly, in specific embodiments of the invention, if reception mistake, can send message to the status register of the Locality of the safety chip of correspondence X by the 3rd memory module, indication receives mistake, when value indication the other side that first operating system detects status register receives mistake, restart said process.
Step 24 specifically comprises as shown in Figure 4:
Step 241, second operating system sends the 3rd message to the status register of the Locality of the safety chip of correspondence Y, and request is obtained data from data exchange zone;
After step 242, safety chip receive data exchange request message, change the value of the status register of described Locality Y;
When value indication the other side request that step 243, the 3rd memory module detect status register begins to carry out exchanges data, send the 4th message to the status register of the Locality of safety chip Y, request begins to carry out data and sends;
After step 244, safety chip receive the 4th message, change the value of the status register of described Locality Y;
Value indication the other side request that step 245, second operating system detect status register begins to carry out data when sending, and sends the 5th message to the status register of the Locality of safety chip Y, and request begins to carry out Data Receiving;
Step 246, when value indication the other side request that the 3rd memory module detects status register begins to carry out Data Receiving, at first write data length to data channel, write data then, after finishing, send data to the status register of the Locality Y of the safety chip of correspondence and send message, designation data is sent completely;
Whether step 247, second operating system be from the data channel reading of data, and finish receiving according to the data length judgment data that reads;
Step 248, second operating system judge finish receiving after, and when the value designation data that detects status register is sent completely, sends Data Receiving to the status register of the Locality Y of the safety chip of correspondence and finish message, designation data finishes receiving.
Certainly, in specific embodiments of the invention, if reception mistake, can send message to the status register of the Locality of the safety chip of correspondence Y by second operating system, indication receives mistake, when value indication the other side that the 3rd memory module detects status register receives mistake, restart said process.
Certainly, consider safety, the method for the embodiment of the invention also comprises:
Safety chip is to the act of execution audit in steps of the institute in the data exchange process, and any one step behavior audit failure then stops data exchange process.
Simultaneously, utilize operating system can revise PCR (the Platform Configuration Register of the Locality of special-purpose separately safety chip, platform configuration register), and the characteristic that its system can only read, adopt PCR binding cipher mode to transmit at data exchange process.
In the method for the embodiment of the invention, also comprise between this step 231 and the step 232:
Safety chip is verified first operating system and user, and checking is by entering next step, otherwise directly end;
Safety chip judges whether to allow described first operating system to send data to described to data exchange zone according to pre-configured strategy, if enter step 232, otherwise directly finish.
Also comprise between this step 241 and the step 242:
Safety chip is verified second operating system and user, and checking is by entering next step, otherwise directly end;
Safety chip according to pre-configured strategy judge whether to allow described second operating system from described to the data exchange zone reading of data, if enter step 242, otherwise directly finish.
For the ease of inquiry, the method for the embodiment of the invention also comprises:
Write down described at least two operating systems and the operation behavior of described the 3rd memory module in described data exchange process.
Certainly, in the description of the above embodiments, be the explanation that data channel is carried out to be set with safety chip, it will be appreciated by persons skilled in the art that this data channel of isolating mutually also can realize by other chips.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (16)

1. computing machine comprises:
First operating system;
Second operating system, and isolate mutually between described first operating system;
Be arranged at first data channel that is specific to described first operating system and second data channel that is specific to described second operating system in the chip;
The 3rd memory module is connected with described second data channel with described first data channel;
The described first operating system energy and only can by described first data channel realize and described the 3rd memory module between data interaction; The described second operating system energy and only can by described second data channel realize and described the 3rd memory module between data interaction.
2. computing machine according to claim 1 is characterized in that, described first data channel that is specific to described first operating system is arranged in the safety chip with second data channel that is specific to described second operating system.
3. computing machine according to claim 2, it is characterized in that, described first operating system is provided with first data exchange module, described second operating system is provided with second data exchange module, the described first data exchange module energy and only can by described first data channel realize and described the 3rd memory module between data interaction; The described second data exchange module energy and only can by described the 3rd data channel realize and described second memory module between data interaction.
4. computing machine according to claim 2 is characterized in that, described the 3rd memory module is provided with:
Data storage cell;
Monitoring unit is used to monitor data read command or write order from described data channel;
Processing unit, be used for when listening to the data write order, treat swap data from the data channel reception that receives described data write order, and send to described data storage cell, and when the monitored data read command, the described swap data for the treatment of is sent from the data channel that receives described data read command.
5. computing machine according to claim 2 is characterized in that, is provided with in the described safety chip:
First authentication ' unit is used for asking the operating system and the user that carry out exchanges data to authenticate to described first operating system and described second operating system.
6. computing machine according to claim 5 is characterized in that, is provided with in the described safety chip:
The policy configurations unit is used to dispose security strategy;
Judging unit is used for judging whether that according to described security strategy strategy the operating system and described second memory module that allow described request to carry out exchanges data carry out data interaction.
7. according to claim 1,2,3,4,5 or 6 described computing machines, it is characterized in that the data of transmitting between described data exchange module and described second memory module are platform configuration register binding ciphered data.
8. the method for interchanging data between an operation system of computer is characterized in that, comprising:
First operating system reads from first data memory module corresponding with described first operating system and treats swap data;
Described first operating system utilizes first data channel of the described first operating system special use with described switched data transmission to the three data memory modules for the treatment of;
Wherein, the described swap data for the treatment of that is transferred to described the 3rd data memory module is switched to described second operating system after second data channel of being utilized the described second operating system special use by second operating system reads;
Described first data memory module, described second data memory module and described the 3rd data memory module physical isolation.
9. method according to claim 8 is characterized in that, described first operating system utilizes described first data channel that described switched data transmission to the three memory modules for the treatment of are specifically comprised:
Described first operating system and described the 3rd memory module utilize the status register of described first data channel mutual, notify the opposite end to be ready for exchanges data mutually;
Described first operating system writes described data length and the described swap data for the treatment of of treating swap data to described first data channel;
Described the 3rd memory module reads the described swap data for the treatment of from described first data channel, and judges according to described data length whether the described swap data for the treatment of finishes receiving;
Described the 3rd memory module judge described treat that swap data finishes receiving after, preserve the described swap data for the treatment of and arrive described the 3rd memory module.
10. method according to claim 9 is characterized in that, when described the 3rd memory module receives when wrong judging the described swap data for the treatment of, notifies described first operating system to restart exchanges data.
11. method according to claim 10 is characterized in that, second operating system is utilized described second data channel to read the described swap data for the treatment of from described the 3rd memory module specifically to comprise:
Described second operating system and described the 3rd memory module utilize the status register of second data channel of described safety chip mutual, notify the opposite end to prepare to carry out exchanges data mutually;
Described the 3rd memory module writes described data length and the described swap data for the treatment of of treating swap data in the described three module to described second data channel;
Described second operating system reads the described swap data for the treatment of from described second data channel, and judges according to described data length whether the described swap data for the treatment of finishes receiving;
Described second operating system judge described treat that swap data finishes receiving after, preserve the described swap data for the treatment of and arrive described second memory module.
12. method according to claim 11 is characterized in that, described second operating system receives when wrong judging the described swap data for the treatment of, notifies described the 3rd memory module to restart exchanges data.
13. method according to claim 8 is characterized in that, also comprises:
Described first operating system and second operating system of auditing and the data interaction behavior of described the 3rd memory module in data exchange process, any described data interaction behavior audit failure then stops described data exchange process.
14. method according to claim 8 is characterized in that, described first operating system and second operating system and described the 3rd memory module The data platform configuration register binding cipher mode in data exchange process transmits.
15. method according to claim 8 is characterized in that, the data exchange process of described first operating system and second operating system and described the 3rd data memory module satisfies pre-configured security strategy.
16. method according to claim 8 is characterized in that, also comprises:
Write down described first operating system and second operating system and the operation behavior of described the 3rd data memory module in described data exchange process.
CN200810223222A 2008-09-27 2008-09-27 Computer and data exchange method of operating system thereof Pending CN101685484A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810223222A CN101685484A (en) 2008-09-27 2008-09-27 Computer and data exchange method of operating system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810223222A CN101685484A (en) 2008-09-27 2008-09-27 Computer and data exchange method of operating system thereof

Publications (1)

Publication Number Publication Date
CN101685484A true CN101685484A (en) 2010-03-31

Family

ID=42048641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810223222A Pending CN101685484A (en) 2008-09-27 2008-09-27 Computer and data exchange method of operating system thereof

Country Status (1)

Country Link
CN (1) CN101685484A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104331667A (en) * 2014-10-24 2015-02-04 宇龙计算机通信科技(深圳)有限公司 Data storing method and system based on dual system
CN104573555A (en) * 2015-01-14 2015-04-29 宇龙计算机通信科技(深圳)有限公司 Contact management method and device for terminal and terminal
CN105812364A (en) * 2016-03-11 2016-07-27 深圳市全智达科技有限公司 Data transmission method and device
CN105808327A (en) * 2014-12-30 2016-07-27 联想(上海)信息技术有限公司 System management method and apparatus as well as electronic device
CN106034117A (en) * 2015-03-13 2016-10-19 深圳酷派技术有限公司 Method and device for shifting content between systems and intelligent terminal
CN106548096A (en) * 2015-09-23 2017-03-29 深圳市全智达科技有限公司 Data transmission method and device
CN107743117A (en) * 2017-08-22 2018-02-27 北京华电众信技术股份有限公司 Gateway and the method and apparatus of control data transmission
WO2018119904A1 (en) * 2016-12-29 2018-07-05 华为技术有限公司 System-on-chip and method for switching secure operating systems
CN109698837A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10204061B2 (en) 2014-10-24 2019-02-12 Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd. Dual-system-based data storage method and terminal
WO2016062149A1 (en) * 2014-10-24 2016-04-28 宇龙计算机通信科技(深圳)有限公司 Dual-system-based data storage method and system
CN104331667A (en) * 2014-10-24 2015-02-04 宇龙计算机通信科技(深圳)有限公司 Data storing method and system based on dual system
CN105808327A (en) * 2014-12-30 2016-07-27 联想(上海)信息技术有限公司 System management method and apparatus as well as electronic device
CN105808327B (en) * 2014-12-30 2019-05-31 联想(上海)信息技术有限公司 Method for managing system, device and electronic equipment
CN104573555A (en) * 2015-01-14 2015-04-29 宇龙计算机通信科技(深圳)有限公司 Contact management method and device for terminal and terminal
CN104573555B (en) * 2015-01-14 2017-09-08 宇龙计算机通信科技(深圳)有限公司 Contact management method and managing device and terminal for terminal
CN106034117A (en) * 2015-03-13 2016-10-19 深圳酷派技术有限公司 Method and device for shifting content between systems and intelligent terminal
CN106548096A (en) * 2015-09-23 2017-03-29 深圳市全智达科技有限公司 Data transmission method and device
CN105812364A (en) * 2016-03-11 2016-07-27 深圳市全智达科技有限公司 Data transmission method and device
WO2018119904A1 (en) * 2016-12-29 2018-07-05 华为技术有限公司 System-on-chip and method for switching secure operating systems
US10853519B2 (en) 2016-12-29 2020-12-01 Huawei Technologies Co., Ltd. System on chip and method for implementing secure operating system switching
CN107743117A (en) * 2017-08-22 2018-02-27 北京华电众信技术股份有限公司 Gateway and the method and apparatus of control data transmission
CN109698837A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method
CN109698837B (en) * 2019-02-01 2021-06-18 重庆邮电大学 Internal and external network isolation and data exchange device and method based on unidirectional transmission physical medium

Similar Documents

Publication Publication Date Title
CN101685484A (en) Computer and data exchange method of operating system thereof
RU2764292C1 (en) Protection apparatus of an external terminal and protection system
CN109561071B (en) Data flow control's external terminal protective equipment and protection system
US7650510B2 (en) Method and apparatus for in-line serial data encryption
CN102474515B (en) Connection device certification
CN101494602B (en) Energy-saving method and apparatus for communication equipment
CN109522760B (en) Data forwarding control method and system based on hardware control logic
CN113596009B (en) Zero trust access method, system, zero trust security proxy, terminal and medium
CN101916342A (en) Secure mobile storage device and method for realizing secure data exchange by using same
WO2012100079A2 (en) Apparatus and method for enhancing security of data on a host computing device and a peripheral device
CN108681677A (en) Based on the double net computer methods of USB interface security isolation, apparatus and system
EP2477376A1 (en) Communication control apparatus, communication system, information processing apparatus, and communication control method
CN106446654B (en) Input output device of computer partition method based on fingerprint recognition
CN108288004A (en) A kind of encryption chip is in REE and TEE environmental coexistence system and methods
CN106959910A (en) Remote data management method and system
CN101420299B (en) Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment
CN103984901B (en) A kind of trusted computer system and its application process
CN111901418B (en) External terminal protection equipment and system based on unidirectional file transfer protocol
CN104580744A (en) Terminal and control method and device thereof
WO2016136223A1 (en) Interconnection device, management device, resource-disaggregated computer system, method, and program
CN111131280A (en) Internal and external network isolation system
CN107743117A (en) Gateway and the method and apparatus of control data transmission
CN100471107C (en) Data one-way transmission system based on one-way isolated hardware channel
KR101150797B1 (en) The Monitor whose Ubiquitous security is strengthened and operating in a row
JP2003152806A (en) Switch connection control system for communication path

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100331