CN103400086A

CN103400086A - Terminal

Info

Publication number: CN103400086A
Application number: CN2013103266604A
Authority: CN
Inventors: 丁兆刚; 冯耀辉
Original assignee: Yulong Computer Telecommunication Scientific Shenzhen Co Ltd; Dongguan Yulong Telecommunication Technology Co Ltd
Current assignee: Yulong Computer Telecommunication Scientific Shenzhen Co Ltd; Dongguan Yulong Telecommunication Technology Co Ltd
Priority date: 2013-07-30
Filing date: 2013-07-30
Publication date: 2013-11-20
Anticipated expiration: 2033-07-30
Also published as: CN103400086B

Abstract

The invention provides a terminal. The terminal comprises a first processor, a second processor, a restriction type external device and a non-restriction type external device, wherein the first processor is used for processing confidential data in the terminal, the second processor is used for processing non-confidential data in the terminal, the restriction type external device is connected to the first processor, and the non-restriction type external device is connected to the second processor; a DMA transmission channel is configured and established between a forward interface and an external interface for the first processor or the second processor respectively, and therefore the second processor or the first processor is connected with and interacts with the restriction type external device or the non-restriction type external device. By the adoption of the technical scheme of the terminal, the confidential data and the non-confidential data in the terminal are isolated and processed physically, therefore, the effect that the confidential data cannot be acquired by unsafe applications is ensured, and the safety of the terminal is effectively improved.

Description

A kind of terminal

Technical field

The present invention relates to the Technology On Data Encryption field, in particular to a kind of terminal.

Background technology

As shown in Figure 1, a lot of peripheral hardwares (being external unit 102) are installed, such as display screen, touch-screen, camera, button, communication module, sensor assembly etc. in terminal.In correlation technique, only be provided with single processor (CPU shown in Fig. 1) in terminal, this processor can be under the control of any application, send data to any peripheral hardware, also can receive the data from any peripheral hardware, when existing some to have the application program of too high authority in terminal, especially the indefinite third party application of originating, these application programs only processor in control terminal easily, call private data, be uploaded to even arbitrarily other-end or server.Simultaneously, because handled all data of this only processor all are in identical storage space (RAM shown in Fig. 1 and ROM), thereby above-mentioned application program can be obtained private data also most probably by simply cracking technology in this storage space.Therefore, for the application program in terminal, some third party application in the terminal particularly, be from some unique hackers or personal information dealer the time, will cause the private datas such as user profile in terminal to be under very unsafe state.

So, how to solve the problem of data safety that single processor brings to terminal, become the technical matters that needs to be resolved hurrily at present.

Summary of the invention

The present invention one of just is being based in the problems referred to above at least, a kind of new technical scheme has been proposed, can make private data and non-private data in terminal be isolated physically processing, guarantee that private data can't be obtained by unsafe application program, has effectively promoted the security of terminal.

In view of this, the present invention proposes a kind of terminal, comprising: first processor, for the treatment of the private data in described terminal; The second processor, for the treatment of the non-private data in described terminal; Restricted external unit, be connected to described first processor; Unrestricted class external unit, be connected to described the second processor; Wherein, described first processor is realized and being connected and alternately of described restricted external unit by the first Peripheral Interface, and by the first forwarding interface, realized and being connected of described the second processor, and set up the DMA transmission channel by configuration between described the first forwarding interface and described the first Peripheral Interface, realize being connected and alternately of described the second processor and described restricted external unit; And

Described the second processor is realized and being connected and alternately of described unrestricted class external unit by the second Peripheral Interface, and by the second forwarding interface, realized and being connected of described first processor, and set up the DMA transmission channel by configuration between described the second forwarding interface and described the second Peripheral Interface, realize being connected and alternately of described first processor and described unrestricted class external unit.

In this technical scheme, at first be respectively used to process a plurality of processors of private data and non-private data by setting, make between private data and non-private data and be able to effectively be isolated physically, thereby while avoiding only using single processor in terminal, only by cracking on authority etc., just can make easily any application obtain private data from this single processor.Simultaneously, mutual by between first processor and the second processor, adopt the configuration of docking port to realize setting up corresponding DMA transmission channel in first processor or the second processor, thereby by first processor control the second processor and restricted external unit reciprocal process, controlled the reciprocal process of first processor and unrestricted class external unit by the second processor, guarantee that private data and non-private data are isolated in processes such as transmission, processing, make the second processor can't touch private data, the problem of avoiding private data to be acquired and leaking.

In technique scheme, preferably, also comprise: the first memory storage, corresponding to described first processor, is used for described first processor and carries out the storage of private data; The second memory storage,, corresponding to described the second processor, be used for described the second processor and carry out the storage of non-private data.

In this technical scheme, the processor that is used for private data and non-private data uses the memory storage that is separated physically, make private data and non-private data when processing and storing, all realize isolation physically, thereby obtain better data security effect.

In technique scheme, preferably, described restricted external unit is used for: all data that need to transmit are all transferred to described first processor by described the first Peripheral Interface; Described first processor is used for: directly private data is processed, and non-private data is transferred to described the second processor by described the first forwarding interface; And

Described unrestricted class external unit is used for: all data that need to transmit are all transferred to described the second processor by described the second Peripheral Interface; Described the second processor is used for: directly non-private data is processed, and private data is transferred to described first processor by described the second forwarding interface.

In this technical scheme, because restricted external unit and unrestricted class external unit all can't obtain the type of primary data, thereby directly send data to connected first processor or the second processor, and by first processor and the second processor, respectively the data that receive are carried out type identification, thereby guarantee that private data all processed by first processor, non-private data is all processed by the second processor, guarantee private data and the isolation physically of non-private data, help to promote the security of terminal.

In technique scheme, preferably, described restricted external unit is used for: all data that need to transmit are all transferred to described first processor by described the first Peripheral Interface; And described unrestricted class external unit is used for: all data that need to transmit are all transferred to described the second processor by described the second Peripheral Interface.

Wherein, described first processor is used for: directly private data is processed, and non-private data is transferred to described the second processor by described the first forwarding interface; Described the second processor is used for: receive and process the non-private data from described first processor, and the data that will receive from described unrestricted class external unit all are forwarded to described first processor, by described first processor, private data is wherein processed, and receive the non-private data that this first processor returns.

In this technical scheme, no matter be from restricted external unit or the data of unrestricted class external unit, can carry out type identification and data allocations to it by first processor.Because first processor is specifically designed to the processing private data, for the second processor, safer processor, thereby all data all are sent to first processor,, even if non-private data is wherein obtained and utilizes by other application programs (with respect to the former application program that should be sent to), also can not cause the leakage of private information; As long as and can guarantee that private data can not processed by the second processor, just can isolate physically unauthorized applications based on the second processor to the obtaining and utilizing of private data, thereby guaranteed the data security of terminal.

In technique scheme, preferably, corresponding one by one between the first Peripheral Interface on described first processor, the first forwarding interface and described restricted external unit; And corresponding one by one between the second Peripheral Interface on described the second processor, the second forwarding interface and described unrestricted class external unit.

In this technical scheme, by the correspondence one by one between Peripheral Interface, forwarding interface, restricted external unit/unrestricted class external unit, make the special-purpose DMA transmission channel of setting up corresponding to each restricted external unit/unrestricted class external unit in first processor, be convenient to the independent transmission of data, avoid occurring data cross and confusion.

In technique scheme, preferably, be provided with on described the second processor with described first processor on the first forwarding interface connect one to one first the transmitting-receiving interface, described the second processor is used for: in the situation that need to carry out with the restricted external unit of appointment alternately, appointment the first transmitting-receiving interface by the restricted external unit corresponding to described appointment sends and goes code to described first processor; Described first processor is used for:, according to going code of receiving, determine described appointment the first corresponding the first forwarding interface and the first Peripheral Interface of transmitting-receiving interface, and the DMA transmission channel is set up in configuration between this first forwarding interface and the first Peripheral Interface; And

Be provided with on described first processor with described the second processor on the second forwarding interface connect one to one second the transmitting-receiving interface, described first processor is used for: in the situation that need to carry out with the unrestricted class external unit of appointment alternately, appointment the second transmitting-receiving interface by the unrestricted class external unit corresponding to described appointment sends and goes code to described the second processor; Described the second processor is used for:, according to going code of receiving, determine described appointment the second corresponding the second forwarding interface and the second Peripheral Interface of transmitting-receiving interface, and the DMA transmission channel is set up in configuration between this second forwarding interface and the second Peripheral Interface.

in this technical scheme, undertaken mutual between first processor and the second processor by going code, and further by the control of first processor to the closed or disconnection of path, the control of realization to the DMA transmission channel between the second processor and restricted external unit, and by the control of the second processor to the closed or disconnection of path, the control of realization to the DMA transmission channel between first processor and unrestricted class external unit, avoid first processor and the second processor simultaneously peripheral hardware to be called, and further prevent contacting of private data and the second processor, help to promote the security of terminal.

In technique scheme, preferably, described the second processor also is used for:, in the situation that complete mutual with the restricted external unit of described appointment, by described appointment the first transmitting-receiving interface, to described first processor, send interrupt instruction; Described first processor also is used for:, according to the interrupt instruction that receives, disconnect described DMA transmission channel; And

Described first processor also is used for: in the situation that complete and the unrestricted class external unit of described appointment between path mutual, send interrupt instruction by described appointment the second transmitting-receiving interface to described the second processor; Described the second processor also is used for:, according to the interrupt instruction that receives, disconnect described DMA transmission channel.

In this technical scheme, after receiving and going code, may suspend self for the calling of restricted or unrestricted class external unit, and first allow the requesting party to carry out feature operation due to first processor or the second processor.Therefore, in order to make first processor or the second processor, restore to the original state as early as possible, complete remaining Processing tasks, the requesting party should initiatively send interrupt instruction, guarantees the timely recovery of first processor and the second processor.

In technique scheme, preferably, also comprise: kind judging device, be arranged on the path between described restricted external unit and described first processor, be used for the data from described restricted external unit are carried out the type judgement, and according to judged result, described data added corresponding sign; Wherein, described first processor is used for: when the data from described kind judging device that receive,, if the sign of these data represents that it is private data, directly process, if the sign of these data represents that it is non-private data, is forwarded to described the second processor;

And/or described kind judging device is arranged on path between described unrestricted class external unit and described the second processor, be used for the data from described unrestricted class external unit are carried out the type judgement, and according to judged result, described data added corresponding sign; Described the second processor is used for: when the data that receive from described kind judging device,, if the sign of these data represents that it is non-private data, directly process, if the sign of these data represents that it is private data, is forwarded to described first processor.

In this technical scheme, by kind judging device, the data from external unit are carried out type identification, carry out the type identifying operation and need not first processor, thereby help to reduce the requirement to first processor, make the production cost that reduces first processor and whole terminal, or corresponding computational resource is used for other more complex process, to improve treatment effeciency.

In technique scheme, preferably, also comprise: at least one first communication module is connected to respectively described first processor and described the second processor, be used for carrying out the mutual of private data with described first processor, and with described the second processor, carry out the mutual of non-private data.

In this technical scheme, when data uplink, first processor and the second processor utilize respectively first communication module to carry out data transmission; When data downstream, can directly to downlink data, carry out type identification by first communication module, thereby according to recognition result, carry out data allocations, make private data and non-private data be assigned to respectively first processor and the second processor, realize data isolation physically, help to promote the security of terminal.

In technique scheme, preferably, also comprise: at least one second communication module is connected with described first processor and to carry out data mutual; Wherein, described first processor is processed the private data from described at least one second communication module, and will transfer to from the non-private data of described at least one second communication module described the second processor and process.

In this technical scheme, because first processor is " safe processor " with respect to the second processor, thereby by second communication module only is connected with first processor, make the private data can be through the second processor, can't be got by the second processor by unauthorized applications, help to promote the security of terminal.Simultaneously,, by carried out the type identification of data by first processor, help to reduce the configuration needs to second communication module, and the manufacturing cost of control terminal correspondingly.

By above technical scheme, can make private data and non-private data in terminal be isolated physically processing, guarantee that private data can't be obtained by unsafe application program, has effectively promoted the security of terminal.

Description of drawings

Fig. 1 shows the structural representation of the terminal in correlation technique;

Fig. 2 shows the concrete structure schematic diagram of terminal according to an embodiment of the invention;

Fig. 3 shows the terminal structure schematic diagram that comprises two above processors according to an embodiment of the invention;

Fig. 4 shows the terminal structure schematic diagram that comprises two above processors according to another embodiment of the invention;

Fig. 5 is the terminal structure schematic diagram under a kind of embodiment of embodiment shown in Figure 4;

Fig. 6 shows the terminal structure schematic diagram that comprises two above processors according to still another embodiment of the invention;

Fig. 7 shows the concrete structure schematic diagram of terminal according to another embodiment of the invention;

Fig. 8 shows the syndeton schematic diagram of single communication module according to an embodiment of the invention and processor;

Fig. 9 shows the syndeton schematic diagram of a plurality of communication module according to an embodiment of the invention and processor;

Figure 10 is Fig. 8 or each communication module embodiment illustrated in fig. 9 and a kind of syndeton schematic diagram of 2 above processors;

Figure 11 is Fig. 8 or each communication module embodiment illustrated in fig. 9 and the another kind of syndeton schematic diagram of 2 above processors;

Figure 12 is the syndeton schematic diagram under a kind of embodiment embodiment illustrated in fig. 11;

Figure 13 show according to another embodiment of the invention single communication module and the syndeton schematic diagram of processor;

Figure 14 show according to another embodiment of the invention a plurality of communication modules and the syndeton schematic diagram of processor;

Figure 15 is Figure 13 or each communication module embodiment illustrated in fig. 14 and a kind of syndeton schematic diagram of 2 above processors;

Figure 16 is Figure 13 or each communication module embodiment illustrated in fig. 14 and the another kind of syndeton schematic diagram of 2 above processors;

Figure 17 is the syndeton schematic diagram under a kind of embodiment embodiment illustrated in fig. 16.

Embodiment

, in order more clearly to understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.Need to prove, in the situation that do not conflict, the application's embodiment and the feature in embodiment can make up mutually.

A lot of details have been set forth in the following description so that fully understand the present invention; but; the present invention can also adopt other to be different from other modes described here and implement, and therefore, protection scope of the present invention is not subjected to the restriction of following public specific embodiment.

Fig. 2 shows the concrete structure schematic diagram of terminal according to an embodiment of the invention.

As shown in Figure 2, the present invention proposes a kind of terminal, comprising: CPU1, for the treatment of the private data in described terminal; CPU2, for the treatment of the non-private data in described terminal; Restricted external unit 102, be connected to described CPU1; Unrestricted class external unit 104, be connected to described CPU2; Wherein, described CPU1 is realized and being connected and alternately of described restricted external unit 102 by the first Peripheral Interface, and by the first forwarding interface, realized and being connected of described CPU2, and set up the DMA transmission channel by configuration between described the first forwarding interface and described the first Peripheral Interface, realize being connected and alternately of described CPU2 and described restricted external unit 102; And

Described CPU2 is realized and being connected and alternately of described unrestricted class external unit 104 by the second Peripheral Interface, and by the second forwarding interface, realized and being connected of described CPU1, and set up the DMA transmission channel by configuration between described the second forwarding interface and described the second Peripheral Interface, realize being connected and alternately of described CPU1 and described unrestricted class external unit 104.

In this technical scheme, at first be respectively used to process a plurality of processors of private data and non-private data by setting, make between private data and non-private data and be able to effectively be isolated physically, thereby while avoiding only using single processor in terminal, only by cracking on authority etc., just can make easily any application obtain private data from this single processor.Simultaneously, mutual by between CPU1 and CPU2, adopt the configuration of docking port to realize setting up corresponding DMA transmission channel in CPU1 or CPU2, thereby by CPU1 control CPU2 and restricted external unit 102 reciprocal process, controlled the reciprocal process of CPU1 and unrestricted class external unit 104 by CPU2, guarantee that private data and non-private data are isolated in processes such as transmission, processing, make CPU2 can't touch private data, the problem of avoiding private data to be acquired and leaking.

Particularly,, for private data and non-private data, can be preset by manufacturer, also can be determined according to the actual conditions of oneself by the user.For example in a kind of situation, can be with the data that are associated with some application program all as private data or non-private data, such as data that will be relevant to application programs such as " address list ", " message registration ", " short message ", " mails ", no matter read or write, all can be regarded as private data, or data that will be relevant to certain game application, all as non-private data; For example in another kind of situation, can be with the data of certain type as private data or non-private data, such as will be with the interaction data of Web bank all as private data, and with the renewal bag data of software as non-private data etc., can also comprise other differentiation mode, not enumerate herein.

external unit in terminal comprises the multiple hardwares equipment that sets in advance in terminal, except the display screen shown in Fig. 2 (such as LCD, Liquid Crystal Display, liquid crystal display), touch-screen (TW:Touch Window), camera (CAMERA), outside button (KEY) etc., can also comprise as the communication module that is used for wireless mobile communications, sensor (SENSOR), WIFI(Wireless Fidelity, WLAN (wireless local area network)) module, bluetooth (BT, Bluetooth) module, GPS(Global Position System, GPS) module, NFC(Near field Communication, near-field communication) module, audio codec (AUDIO CODEC) etc.In this application, external unit is divided for restricted external unit 102 and unrestricted class external unit 104.Wherein, restricted external unit 102 refers to can determine to produce the external unit of private data,, such as touch-screen, bluetooth module, GPS module etc., by directly with CPU1, being connected, thereby guarantees that private data can not contact with CPU2; Unrestricted class external unit 104 refers to the temporary transient external unit of not finding to produce private data, such as display screen, camera etc., it may produce private data, just temporarily do not find, but by the type identification to its data such as CPU2 or CPU1, can guarantee that private data finally processed by CPU1, thereby guarantee the data security of terminal.

In technique scheme, preferably, CPU1 and CPU2 can common storage space, be RAM, ROM etc., yet in order to prevent that malicious application from obtaining private data from the storage space of sharing, such as in Fig. 2, CPU1 has used RAM1 and ROM1, CPU2 has used RAM2 and ROM2, can physically with CPU1, with the storage space that CPU2 uses, divide mutually isolation.Because CPU1 and CPU2 use the memory storage that is separated physically, make private data and non-private data process and storage in, all realize isolation physically, thereby obtain better data security effect.

In technique scheme, preferably, described restricted external unit 102 all transfers to all data that need to transmit in described CPU1 by described the first Peripheral Interface; Described CPU1 directly processes private data, and non-private data is transferred to described CPU2 by described forwarding interface.Simultaneously, described unrestricted class external unit 104 all transfers to all data that need to transmit in described CPU2 by described Peripheral Interface; Described CPU2 directly processes non-private data, and private data is transferred to described CPU1 by described forwarding interface.

In this technical scheme, because restricted external unit 102 and unrestricted class external unit 104 all can't obtain the type of primary data, thereby directly send data to connected CPU1 or CPU2, and by CPU1 and CPU2, respectively the data that receive are carried out type identification, thereby guarantee that private data all processed by CPU1, non-private data is all processed by CPU2, guarantees private data and the isolation physically of non-private data, helps to promote the security of terminal.

In technique scheme, preferably, described restricted external unit 102 is used for: all data that need to transmit are all transferred to described CPU1 by described Peripheral Interface; And described unrestricted class external unit 104 is used for: all data that need to transmit are all transferred to CPU2 by described the second Peripheral Interface; Described CPU1 is used for: directly private data is processed, and non-private data is transferred to described CPU2 by described forwarding interface; Described CPU2 is used for: receive and process the non-private data from described CPU1, and the data that will receive from described unrestricted class external unit 104 all are forwarded to described CPU1, by described CPU1, private data is wherein processed, and receive the non-private data that this CPU1 returns.

In this technical scheme, no matter be from restricted external unit 102 or the data of unrestricted class external unit 104, can carry out type identification and data allocations to it by CPU1.Because CPU1 is specifically designed to the processing private data, for CPU2, safer processor, thereby all data all are sent to CPU1,, even if non-private data is wherein obtained and utilizes by other application programs (with respect to the former application program that should be sent to), also can not cause the leakage of private information; As long as and can guarantee that private data can not processed by CPU2, just can isolate physically unauthorized applications based on CPU2 to the obtaining and utilizing of private data, thereby guaranteed the data security of terminal.

In technique scheme, preferably, corresponding one by one between the first Peripheral Interface on described CPU1, the first forwarding interface and described restricted external unit 102; And corresponding one by one between the second Peripheral Interface on described CPU2, the second forwarding interface and described unrestricted class external unit 104.

In this technical scheme, by the correspondence one by one between Peripheral Interface, forwarding interface, the unrestricted class external unit 104 of restricted external unit 102/, make the special-purpose DMA transmission channel of setting up corresponding to the unrestricted class external unit 104 of each restricted external unit 102/ in CPU1, be convenient to the independent transmission of data, avoid occurring data cross and confusion.

In technique scheme, preferably, be provided with on described CPU2 with described CPU1 on the first forwarding interface connect one to one first the transmitting-receiving interface, described CPU2 is used for: in the situation that need to carry out with the restricted external unit 102 of appointment alternately, appointment the first transmitting-receiving interface by the restricted external unit 102 corresponding to described appointment sends and goes code to described CPU1; Described CPU1 is used for:, according to going code of receiving, determine described appointment the first corresponding the first forwarding interface and the first Peripheral Interface of transmitting-receiving interface, and the DMA transmission channel is set up in configuration between this first forwarding interface and the first Peripheral Interface; And

Be provided with on described CPU1 with described CPU2 on the second forwarding interface connect one to one second the transmitting-receiving interface, described CPU1 is used for: in the situation that need to carry out with the unrestricted class external unit 104 of appointment alternately, appointment the second transmitting-receiving interface by the unrestricted class external unit 104 corresponding to described appointment sends and goes code to described CPU2; Described CPU2 is used for:, according to going code of receiving, determine described appointment the second corresponding the second forwarding interface and the second Peripheral Interface of transmitting-receiving interface, and the DMA transmission channel is set up in configuration between this second forwarding interface and the second Peripheral Interface.

In this technical scheme, undertaken mutual between CPU1 and CPU2 by going code, and further by the control of CPU1 to the closed or disconnection of path, the control of realization to the DMA transmission channel between CPU2 and restricted external unit 102, and by the control of CPU2 to the closed or disconnection of path, the control of realization to the DMA transmission channel between CPU1 and unrestricted class external unit 104, avoid CPU1 and CPU2 simultaneously peripheral hardware to be called, and further prevent contacting of private data and CPU2, help to promote the security of terminal.

In technique scheme, preferably, described CPU2 also is used for:, in the situation that complete mutual with the restricted external unit 102 of described appointment, by described appointment the first transmitting-receiving interface, to described CPU1, send interrupt instruction; Described CPU1 also is used for:, according to the interrupt instruction that receives, disconnect described DMA transmission channel; And

Described CPU1 also is used for: in the situation that complete and the unrestricted class external unit 104 of described appointment between path mutual, send interrupt instruction by described appointment the second transmitting-receiving interface to described CPU2; Described CPU2 also is used for:, according to the interrupt instruction that receives, disconnect described DMA transmission channel.

In this technical scheme, after receiving and going code, may suspend self for the calling of restricted or unrestricted class external unit 104, and first allow the requesting party to carry out feature operation due to CPU1 or CPU2.Therefore, in order to make CPU1 or CPU2, restore to the original state as early as possible, complete remaining Processing tasks, the requesting party should initiatively send interrupt instruction, guarantees the timely recovery of CPU1 and CPU2.

all below to be specification and analysis with the situation that comprises a CPU1 and a CPU2 in terminal, yet in order to obtain stronger processing power, or reach more excellent safe effect, can comprise the CPU1 of greater number and/or the CPU2 of greater number in terminal, below in conjunction with Fig. 3-5, to include CPU1 in terminal, CPU1A and CPU1B etc. are used for the processor that private data is processed, and CPU2, the processor that CPU2A and CPU2B etc. are used for non-private data processing is example, terminal structure and processing policy in the situation of the processor of greater number are described.Certainly, what it should be appreciated by those skilled in the art is: for only comprising a plurality of processors of processing for private data in terminal or only comprising the situation of a plurality of processors of processing for non-private data, and in the more situation of processor, its catenation principle is actually identical, will repeat no more in the application.

Need to prove, although have a lot of restricted external units 102 and unrestricted class external unit 104 in terminal, but syndeton and data transfer mode between each restricted external unit 102, unrestricted class external unit 104 and CPU1, CPU2, be actually similar, thereby in order more clearly to describe its concrete syndeton and data transmission policies, below will be elaborated as an example of some restricted external units 102 and unrestricted class external unit 104 example in each embodiment.And those skilled in the art should be clear and definite be: following based on " restricted external unit 102 " and " unrestricted class external unit 104 " described syndeton and data transmission policies, in fact show any restricted external unit 102 and any unrestricted class external unit 104 can be applicable in terminal.

In addition, the various circuit switching control modes of mentioning in above technical scheme, all can be applied in following each technical scheme, realizes the mutual control between CPU and external unit.

Embodiment one

In a plurality of CPU for the treatment of private data/non-private data, use certain CPU as " relaying " with restricted external unit 102, other CPU are by should " relaying " realizing mutual with restricted external unit 102; Simultaneously, use certain CPU as " relaying " with unrestricted class external unit 104, other CPU are by should " relaying " realizing mutual with unrestricted class external unit 104.

Particularly, as shown in Figure 3, suppose between CPU1 and restricted external unit 102 and connect, and other are for the treatment of a plurality of CPU of private data, with CPU1, by " series connection " mode, are connected; Simultaneously, suppose between CPU2 and unrestricted class external unit 104 and connect, and other a plurality of CPU for the treatment of non-private data connect by " parallel connection " mode.

Mutual with restricted external unit 102:

For " series connection " mode: when CPU1 need to be mutual with restricted external unit 102, CPU1 directly carried out data interaction with restricted external unit 102; When CPU1A need to carry out by CPU1, carrying out data retransmission when mutual with restricted external unit 102; When CPU1B need to carry out by CPU1A, CPU1, carrying out data retransmission when mutual with restricted external unit 102.

For " parallel connection " mode: when CPU2 need to be mutual with restricted external unit 102, CPU2 can be by sending request to CPU1,, set up the DMA transmission channel between CPU2 and restricted external unit 102, thereby realize data interaction by port arrangement by CPU1; When CPU2A need to carry out by CPU2 and CPU1, carrying out successively data retransmission when mutual with restricted external unit 102; When CPU2B need to carry out also by CPU2 and CPU1, carrying out successively data retransmission when mutual with restricted external unit 102.

Mutual with unrestricted class external unit 104:

For " series connection " mode: when CPU1 need to be mutual with unrestricted class external unit 104, CPU1 can be by sending request to CPU2,, set up the DMA transmission channel between CPU1 and unrestricted class external unit 104, thereby realize data interaction by port arrangement by CPU2; When CPU1A need to carry out first being sent to CPU1 when mutual with unrestricted class external unit 104, then CPU1 sends request to CPU2, sets up the DMA transmission channel and carries out data interaction; When CPU1B need to carry out when mutual with unrestricted class external unit 104, first via CPU1A, be forwarded to CPU1, then CPU1 sends request to CPU2, sets up the DMA transmission channel and carries out data interaction.

For " parallel connection " mode: when CPU2 need to be mutual with unrestricted class external unit 104, CPU2 can be directly and unrestricted class external unit 104 carry out data interaction; When CPU2A need to carry out by CPU2, carrying out data retransmission when mutual with unrestricted class external unit 104; When CPU2B need to carry out also by CPU2, carrying out data retransmission when mutual with unrestricted class external unit 104.

Certainly, the CPU that is used for the private data processing also can adopt the connected mode of " parallel connection ", and even part adopts " series connection ", part to adopt the connected mode of " parallel connection "; And the CPU that is used for non-private data processing also can adopt the connected mode of " series connection ", and even part adopts " series connection ", part to adopt the connected mode of " parallel connection ", and this is apparent.But owing to only having CPU1 directly with restricted external unit 102, to be connected, to only have CPU2 directly with unrestricted class external unit 104, to be connected, if thereby other any CPU hope are mutual with restricted external unit 102 or unrestricted class external unit 104, finally all need to be forwarded and can be realized by CPU1 or CPU2.

Mutual except with external unit (comprising restricted external unit 102 and unrestricted class external unit 104),, when carrying out between a plurality of CPU when mutual, also may need the data retransmission of other CPU.Such as carrying out as CPU1 and CPU2 or CPU1A when mutual, direct interaction gets final product; When CPU1 and CPU1B carry out needing CPU1A to forward when mutual; When CPU2 and CPU1, CPU2A or CPU2B carry out when mutual, direct interaction gets final product; When CPU2A and CPU2B carry out needing CPU2 to forward when mutual.

In addition, on the basis of " parallel connection ", also may exist and be connected (not shown) between CPU2A and CPU2B, can realize directly data interaction between the two.Further, when CPU more, between all CPU, all directly executing data is mutual in twos, and need not the forwarding of other CPU.

Embodiment two

In a plurality of CPU for the treatment of private data, each CPU all " parallel connection ", to restricted external unit 102, and directly carries out alternately with restricted external unit 102, and does not need other CPU conducts " relaying ".

Particularly, as shown in Figure 4, for the treatment of CPU1, CPU1A, the CPU1B of private data, be connected to respectively restricted external unit 102; Simultaneously, in CPU2, the CPU2A of non-private data, CPU2B, only CPU2 is connected directly to unrestricted class external unit 104.

Simultaneously, have between a plurality of CPU of same treatment function, can adopt " series connection " and/or " parallel connection " mode of mentioning in above-mentioned word., as a kind of specific embodiment, illustrated in Fig. 4: CPU1, CPU1A, CPU1B for the treatment of private data have adopted " series connection " mode, and for the treatment of CPU2, CPU2A, the CPU2B of non-private data, have adopted " parallel connection " mode.

(1) mutual with restricted external unit 102

When a part of CPU was connected to restricted external unit 102, such as the CPU that is used for the private data processing, these CPU can directly carry out comprising the sending and receiving of data alternately with restricted external unit 102; And other do not have and the direct-connected CPU of restricted external unit 102, such as the CPU that processes for being used for non-private data this moment,, when these CPU need to carry out when mutual with restricted external unit 102, need to relate to these CPU and be connected directly to reciprocal process between the CPU of restricted external unit 102.

1) processing procedure of data uplink

Suppose that each CPU all can directly carry out data interaction (not shown concrete annexation) with other any CPU, CPU2A or CPU2B can directly send request to certain CPU that is connected directly to restricted external unit 102, make it by port arrangement, set up DMA transmission channel between CPU2A or CPU2B and restricted external unit 102, such as by CPU1A or CPU1B, receiving and ask and carry out port arrangement, to set up the DMA transmission channel between above-mentioned CPU2A or CPU2B and restricted external unit 102.

Suppose that each CPU only can carry out direct interaction with adjacent CPU, such as shown in Figure 4, CPU2A or CPU2B are merely able to carry out direct interaction with CPU2, CPU2A or CPU2B can send data to CPU2, send request by CPU2 to CPU1, CPU1 sets up DMA transmission channel between CPU2 and external unit 102 by port arrangement, and CPU2 directly is sent to restricted external unit 102 with data.

Suppose each CPU except carrying out direct interaction with adjacent CPU, can also carry out alternately with the CPU of the other types of appointment, such as shown in Figure 5, CPU as same type, CPU2 and CPU2A be adjacent, can direct interaction, and as dissimilar CPU, CPU2 can also with the CPU1 direct interaction; Similarly, CPU2A can be directly and adjacent CPU2, CPU2B direct interaction, can also with the CPU1A direct interaction, CPU2A can be by adjacent C PU indirect communication such as CPU2 to CPU1, and by CPU1, further transfer to restricted external unit 102, also can be by directly transferring to CPU1A, and by CPU1A, further transfer to restricted external unit 102.At this moment, CPU2, CPU2A, CPU2B can send request by the CPU1 to correspondence, CPU1A, CPU1B, make it by port arrangement, set up corresponding DMA transmission channel, realize the mutual of CPU2, CPU2A, CPU2B and restricted external unit 102.

2) processing procedure of data downstream

A) there do not is the DMA transmission channel of having set up, need to send data to the CPU that directly is connected by restricted external unit 102,, such as transferring to CPU1A, then further transfer to target CPU.Such as after restricted external unit 102 sends data to CPU1A: in the first situation, CPU1A finds that these data are non-private data, but does not know and by which CPU processed; In the second situation, CPU1A finds that these data are non-private data, and knows and be processed by which CPU.

In above-mentioned two situations, still need to analyze according to the concrete connection of CPU:

Suppose that each CPU all can directly carry out data interaction (not shown concrete annexation) with other any CPU, for the first situation, CPU1A can directly send data to any one CPU for the treatment of non-private data, such as CPU2A, then by the CPU2A CPU that decides specific aims; For the second situation, CPU1A can directly send data to target CPU, such as CPU2A.

Suppose that each CPU only can carry out direct interaction with adjacent CPU, such as shown in Figure 4, CPU1A is merely able to carry out direct interaction with CPU1 and CPU1B, and CPU1A can send data to CPU1, by CPU1, is sent to CPU2, and by CPU2, is forwarded to target CPU.

Suppose each CPU except carrying out direct interaction with adjacent CPU, can also carry out alternately with the CPU of the other types of appointment, such as shown in Figure 5, CPU as same type, CPU1 and CPU1A be adjacent, can direct interaction, and as dissimilar CPU, CPU1 can also with the CPU2 direct interaction; Similarly, CPU1A can be directly and adjacent CPU1, CPU1B direct interaction, can also with the CPU2A direct interaction, when CPU1A receives the non-private data of restricted external unit 102 transmissions, can be by adjacent C PU indirect communication such as CPU1 to the CPU for the treatment of non-private data, also can be by directly transferring to CPU2A, and by CPU2A, determine and transfer to final target CPU.

B) there is the DMA transmission channel of having set up.

Suppose as shown in Figure 3 and Figure 4, set up the DMA transmission channel that has between CPU2 and restricted external unit 102 in CPU1.When restricted external unit 102 need to transfer to CPU2, can directly utilize this DMA transmission channel to transmit; When restricted external unit 102 need to transfer to CPU2A or CPU2B, can be sent to CPU2 by the DMA transmission channel, and by CPU2, be forwarded, also can be sent in the situation of direct-connected CPU(for Fig. 3, be CPU1; Or in the situation for Fig. 4, comprise CPU1, CPU1A or CPU1B), then by this CPU, be forwarded to concrete target CPU.

Suppose as shown in Figure 5, the CPU that each directly is not connected with restricted external unit 102, all by set up the DMA transmission channel in correspondence and CPU that restricted external unit 102 directly is connected, thereby restricted external unit 102 can, by the selection to the DMA transmission channel, directly send data to corresponding target CPU(CPU2, CPU2A or CPU2B).

(2) mutual with unrestricted class external unit 104

As shown in Figure 6, when a part of CPU was connected to unrestricted class external unit 104, such as the CPU that is used for non-private data processing, these CPU can directly carry out comprising the sending and receiving of data alternately with unrestricted class external unit 104; And other do not have and the direct-connected CPU of unrestricted class external unit 104, such as the CPU that processes for being used for private data this moment,, when these CPU need to carry out when mutual with unrestricted class external unit 104, need to relate to these CPU and be connected directly to reciprocal process between the CPU of unrestricted class external unit 104.

It is similar that the CPU that processes due to detailed process and the private data that is useful on shown in Figure 4 is connected to restricted external unit 102, repeats no more herein.

As shown in Figure 7, in each technical scheme of the application, can also comprise: kind judging device 105, be arranged on the path between described restricted external unit 102 and described CPU1, be used for the data from described restricted external unit 102 are carried out the type judgement, and according to judged result, described data added corresponding sign; Wherein, described CPU1 is used for: when the data that receive from described kind judging device 105,, if the sign of these data represents that it is private data, directly process, if the sign of these data represents that it is non-private data, is forwarded to described CPU2;

And/or described kind judging device 105 is arranged on path between described unrestricted class external unit 104 and described CPU2, be used for the data from described unrestricted class external unit 104 are carried out the type judgement, and according to judged result, described data added corresponding sign; Described CPU2 is used for: when the data that receive from described kind judging device 105,, if the sign of these data represents that it is non-private data, directly process, if the sign of these data represents that it is private data, is forwarded to described CPU1.

In this technical scheme, carry out type identification by 105 pairs of data from external unit of kind judging device, carry out the type identifying operation and need not CPU1, thereby help to reduce the requirement to CPU1, make the production cost that reduces CPU1 and whole terminal, or corresponding computational resource is used for other more complex process, to improve treatment effeciency.

In each technical scheme shown in Fig. 2 to Fig. 6, in fact can unexpected section equipment in office and corresponding CPU between add kind judging device 105, be used for the data from external unit are carried out type identification, to realize corresponding data allocations.And in addition other data transfer modes and strategy are all identical with above-mentioned each technical scheme, repeat no more herein.

Described above is all data interaction between CPU and external unit, and for terminal, also comprise and other-end or server between data interaction, relate to the up-downgoing data interaction between CPU and communication module.

As shown in Figure 8, suppose CPU1 for the treatment of private data, CPU2 is for the treatment of non-private data, and communication module 106 is used for the transmitting-receiving of up-downgoing data.So,, for upstream data, because communication module 106 is connected to respectively CPU1 and CPU2, thereby from the data of CPU1, be exactly private data, from the data of CPU2, be just non-private data; , for downlink data, directly the data that receive are carried out type identification by communication module 106, if private data directly transfers to CPU1, if non-private data directly transfers to CPU2.

Carry out type identification by 106 pairs of data of communication module, make private data and non-private data be assigned to respectively CPU1 and CPU2, realize data isolation physically, help to promote the security of terminal.

Simultaneously,, for further lifting security, can also be that communication module 106 is added functions, namely when communication module 106 was mutual with CPU1, cut-out was connected with CPU2's, and when communication module 106 was mutual with CPU2, cut-out was connected with CPU1's; Perhaps, add the circuit switching module (not shown between communication module 106 and CPU1, CPU2, be similar to the kind judging device 105 shown in Fig. 7), control by circuit switching module self or CPU1, CPU2, realize when communication module 106 is mutual with CPU1, cut-out is connected with CPU2's, and when communication module 106 was mutual with CPU2, cut-out was connected with CPU1's.Disconnect by the connected sum to circuit, make and physically isolate private data and non-private data, help further to promote the security of terminal.

Can also there be a plurality of communication modules 106 in terminal, such as shown in Figure 9, comprise communication module 106A and communication module 106B, both be connected to respectively CPU1 and CPU2, for communication module 106A or communication module 106B, in fact be identical with communication module 106 shown in Figure 10, can use for reference and adopt the processing policy of communication module shown in Figure 8 106 correspondences, thereby repeat no more herein.

Situation shown in similar Fig. 3-6, there are a plurality of CPU for the treatment of private data in terminal, and/or during a plurality of CPU for the treatment of non-private data, be used for for example for the communication module 106(described in Fig. 8-9, communication module 106A and communication module 106B are identical with it), above-mentioned a plurality of CPU can take following strategy.

Wherein, still with the CPU for the treatment of private data, comprise CPU1, CPU1A and CPU1B herein, for the treatment of the CPU of non-private data, comprise that CPU2, CPU2A and CPU2B are that example describes.

Embodiment one

Communication module 106 only is connected to a CPU for the treatment of private data and the CPU for the treatment of non-private data, such as being connected to CPU1 and CPU2.

So, during for data uplink, CPU1/CPU2 is directly with private data/non-private data transfers to communication module 106, and CPU1A, CPU1B need to transfer to private data CPU1, and by CPU1, is forwarded to communication module 106; Similarly, CPU2A, CPU2B need to transfer to CPU2 with non-private data, and by CPU2, are forwarded to communication module 106.

During for data downstream, communication module 106 all is sent to CPU1 with all private datas, all non-private datas all is sent to CPU2, wherein, in the first situation, communication module 106 can be recognized the target CPU for the treatment of these data by the modes such as parsing to data, and communication module 106 can be added corresponding sign on these data, thereby after CPU1 or CPU2 receive these data, can determine corresponding target CPU according to the sign of adding, to realize forwarding; In the second situation, communication module 106 can't be learnt the target CPU of the data that receive, and communication module 106 directly transmits it to CPU1 or CPU2, by CPU1 or CPU2, determines voluntarily corresponding target CPU.

, based on the different connected modes between a plurality of CPU, while carrying out data transmission between CPU, can there is different situations.Such as shown in Figure 10, what CPU1, CPU1A and CPU1B adopted is the mode of " series connection ", and what CPU2, CPU2A and CPU2B adopted is the mode of " parallel connection ", when CPU1B need to send upstream data or downlink data receiving, need to, via the two-stage transmission of CPU1A and CPU1, can realize; And, for CPU2A and CPU2B, all only need the one-level transmission of CPU2 to realize.

Certainly, be similar to the description of Fig. 3-6 o'clock, a plurality of CPU for any type, as the CPU for the treatment of private data or non-private data, all can adopt according to actual needs the connected mode of " series connection " or " parallel connection ", even can adopt simultaneously " series connection " and be connected parallel connection " mode connect.

Embodiment two

As shown in figure 11, communication module 106 can also be connected to respectively all CPU, and for upstream data, each CPU can directly transfer to communication module 106, and need not to carry out by other CPU, forwards, and is conducive to reduce data transmission delay.And, for downlink data,, if communication module 106 can be recognized concrete target CPU, can directly transfer to this target CPU; , if communication module 106 can not be recognized concrete target CPU, take following manner:

In the first situation, 106 pairs of downlink datas of communication module carry out type identification, and according to recognition result, send data to certain acquiescence or arbitrarily for the treatment of the CPU of same type data, such as with the private data default transport to CPU1, non-private data default transport is to CPU2, or private data is transferred to arbitrarily CPU1, CPU1A or CPU1B, non-private data is transferred to arbitrarily CPU2, CPU2A or CPU2B, then by the CPU that receives this downlink data, further determined and be forwarded to concrete target CPU.

In the second situation, communication module 106 is not carried out type identification to downlink data, directly with downlink data transmission to certain acquiescence or CPU arbitrarily, and by this CPU, directly carried out type identification or be forwarded to other CPU carrying out type identification, then, according to recognition result, be sent to target CPU.Particularly, such as default transport to CPU1, by CPU1, carry out type identification (or stipulate that all downlink datas carry out type identification by CPU1A, need to transfer to CPU1A and carry out type identification), and according to recognition result with downlink data transmission to concrete target CPU.

In above-mentioned each situation, in fact also comprised the data interaction between dissimilar CPU, also comprise following multiple situation this moment:

Suppose that each CPU all can directly carry out data interaction (not shown concrete annexation) with other any CPU.Suppose that CPU1A has received non-private data,, if CPU1A does not know the target CPU that these data are corresponding, can directly send data to any one CPU for the treatment of non-private data, such as CPU2A, then by the CPU2A CPU that decides specific aims; , if CPU1A knows the target CPU that these data are corresponding, can directly send data to target CPU, such as CPU2A.

Suppose that each CPU only can carry out direct interaction with adjacent CPU, such as shown in Figure 11, CPU1A is merely able to carry out direct interaction with CPU1 and CPU1B, and CPU1A can send data to CPU1, by CPU1, is sent to CPU2, and by CPU2, is forwarded to target CPU.

Suppose each CPU except carrying out direct interaction with adjacent CPU, can also carry out alternately with the CPU of the other types of appointment, such as shown in Figure 12, CPU as same type, CPU1 and CPU1A be adjacent, can direct interaction, and as dissimilar CPU, CPU1 can also with the CPU2 direct interaction; Similarly, CPU1A can be directly and adjacent CPU1, CPU1B direct interaction, can also with the CPU2A direct interaction, when CPU1A receives the non-private data of communication module 106 transmissions, can be by adjacent C PU indirect communication such as CPU1 to the CPU for the treatment of non-private data, also can be by directly transferring to CPU2A, and by CPU2A, determine and transfer to final target CPU.

In the described technical scheme in Fig. 8-12, communication module 106 is connected to respectively for the treatment of the CPU of private data with for the treatment of the CPU of non-private data; And in following Figure 13-17, communication module 106A shown in each communication module 106(or Figure 16 and communication module 106B) all only be connected to the CPU of a type, such as the CPU that only is connected to for the treatment of private data, or only be connected to CPU for the treatment of non-private data.

Particularly, as shown in figure 13, communication module 106 only is connected to CPU1, for upstream data, CPU1 can be directly and communication module 106 carry out alternately, CPU2 needs CPU1 as relaying, indirectly and communication module 106 carry out alternately.For downlink data, in the first situation, communication module 106 can be carried out type identification to downlink data, and according to recognition result, downlink data is added sign, then all be sent to CPU1,, determine by oneself, or being sent to CPU2 is processed according to the sign on downlink data by CPU1; In the second situation, communication module 106 is not carried out type identification to downlink data, after by CPU1, it being carried out type identification, private data is directly processed, and non-private data is forwarded to CPU2 processes.

Certainly, communication module 106 also can be connected to CPU2, directly with communication module 106, carried out alternately by CPU2, and CPU1 must be with CPU2 as " relaying ", indirectly realization and communication module 106 alternately.But, for the treatment of non-private data, be unsafe CPU due to CPU2 for CPU1,, because private data can circulate in CPU2, may cause unauthorized applications therefrom to be stolen.Therefore,, in order to obtain safer applied environment, be more prone to communication module 106 directly is connected with CPU1.In following each technical scheme, will be connected with CPU1 take communication module 106 as example and describe, but based on foregoing description, this obviously can not be understood as that a kind of restriction or limit.

As shown in figure 14, when having a plurality of communication module in terminal,, such as comprising communication module 106A and communication module 106B, be connected to respectively CPU1.So, for communication module 106A or communication module 106B, with communication module 106 shown in Figure 12, be identical, can adopt corresponding connected mode or processing policy, repeat no more herein.

Situation shown in similar Fig. 8-12, there are a plurality of CPU for the treatment of private data in terminal, and/or during a plurality of CPU for the treatment of non-private data, be used for for example for the communication module 106(described in Figure 13-14, communication module 106A and communication module 106B are identical with it), above-mentioned a plurality of CPU can take following strategy.

Embodiment one

Communication module 106 only is connected to a CPU for the treatment of private data or the CPU for the treatment of non-private data, such as being connected to CPU1.

So, during for data uplink, CPU1 directly and communication module 106 carry out alternately, and other all CPU will need directly or indirectly all to need the data transmission that sends to CPU1, by CPU1, are forwarded to communication module 106, realize the up transmission of data.

During for data downstream, in the first situation, communication module 106 can be by the modes such as parsing to data, recognize the target CPU for the treatment of these data, communication module 106 can be added corresponding sign on these data, thereby after CPU1 receives these data, can be according to the sign of adding, determine corresponding target CPU, to realize forwarding; In the second situation, communication module 106 can't be learnt the target CPU of the data that receive, communication module 106 directly transmits it to CPU1, determines voluntarily corresponding target CPU by CPU1, certainly, communication module 106 can be identified the type of data, after determining that it is private data or non-private data, just send to CPU1, perhaps communication module 106 is not carried out the type identification operation, but directly send to CPU1, by CPU1, the data that receive are carried out type identification.

, based on the different connected modes between a plurality of CPU, while carrying out data transmission between CPU, can there is different situations.Such as shown in Figure 15, what CPU1, CPU1A and CPU1B adopted is the mode of " series connection ", and what CPU2, CPU2A and CPU2B adopted is the mode of " parallel connection ", when CPU1B need to send upstream data or downlink data receiving, need to, via the two-stage transmission of CPU1A and CPU1, can realize; And, for CPU2A and CPU2B, all only need the one-level transmission of CPU2 to realize.

Certainly, be similar to the description of Figure 10-12 o'clock, a plurality of CPU for any type, as the CPU for the treatment of private data or non-private data, all can adopt according to actual needs the connected mode of " series connection " or " parallel connection ", even can adopt simultaneously " series connection " and be connected parallel connection " mode connect.

Embodiment two

As shown in figure 16, communication module 106 can also be connected to respectively all CPU of same type, such as being connected to simultaneously specifically CPU1, CPU1A and the CPU1B in finger figure of all CPU(for the treatment of private data).

So, for upstream data, each CPU for the treatment of private data can directly transfer to communication module 106, forward and need not to carry out by other CPU, be conducive to reduce data transmission delay, and, for the treatment of the CPU of non-private data, still need to forward the data to certain CPU for the treatment of private data,, such as CPU1, can realize the up transmission of data.

And for downlink data, if communication module 106 can be recognized concrete target CPU, suppose that these data are private data, can directly transfer to this target CPU, suppose that these data are non-private data, after this non-private data being added sign, directly transfer to certain this CPU of the CPU(that is connected can for the acquiescence or arbitrarily, such as acquiescence all is sent to CPU1, or select at random a connected CPU), be assumed to CPU1, by CPU1, according to the sign on data, be forwarded to corresponding target CPU; , if communication module 106 can not be recognized concrete target CPU, take following manner:

in the first situation, 106 pairs of downlink datas of communication module carry out type identification, and according to recognition result, send data to certain acquiescence or arbitrarily for the treatment of the CPU of same type data, such as with the private data default transport to CPU1, after non-private data is added corresponding type identification, default transport is to CPU1, or private data is transferred to arbitrarily CPU1, CPU1A or CPU1B, after being added corresponding type identification, non-private data transfers to arbitrarily CPU1, CPU1A or CPU1B, then further determined by the CPU that receives this downlink data and be forwarded to concrete target CPU.

Suppose that each CPU only can carry out direct interaction with adjacent CPU, such as shown in Figure 16, CPU1A is merely able to carry out direct interaction with CPU1 and CPU1B, and CPU1A can send data to CPU1, by CPU1, is sent to CPU2, and by CPU2, is forwarded to target CPU.

Suppose each CPU except carrying out direct interaction with adjacent CPU, can also carry out alternately with the CPU of the other types of appointment, such as shown in Figure 17, CPU as same type, CPU1 and CPU1A be adjacent, can direct interaction, and as dissimilar CPU, CPU1 can also with the CPU2 direct interaction; Similarly, CPU1A can be directly and adjacent CPU1, CPU1B direct interaction, can also with the CPU2A direct interaction, when CPU1A receives the non-private data of communication module 106 transmissions, can be by adjacent C PU indirect communication such as CPU1 to the CPU for the treatment of non-private data, also can be by directly transferring to CPU2A, and by CPU2A, determine and transfer to final target CPU.

More than be described with reference to the accompanying drawings technical scheme of the present invention, consider in correlation technique, terminal only comprises single cpu, all data all by this CPU process, the operation such as storage, easily by any application, therefrom obtained easily private data, cause the leakage of privacy of user.Therefore, the application has proposed a kind of terminal, can make private data and non-private data in terminal be isolated physically processing, guarantees that private data can't be obtained by unsafe application program, has effectively promoted the security of terminal.

The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims

1. a terminal, is characterized in that, comprising:

First processor, for the treatment of the private data in described terminal;

The second processor, for the treatment of the non-private data in described terminal;

Restricted external unit, be connected to described first processor;

Unrestricted class external unit, be connected to described the second processor;

Wherein, described first processor is realized and being connected and alternately of described restricted external unit by the first Peripheral Interface, and by the first forwarding interface, realized and being connected of described the second processor, and set up the DMA transmission channel by configuration between described the first forwarding interface and described the first Peripheral Interface, realize being connected and alternately of described the second processor and described restricted external unit; And

2. terminal according to claim 1, is characterized in that, also comprises:

The first memory storage,, corresponding to described first processor, be used for described first processor and carry out the storage of private data;

The second memory storage,, corresponding to described the second processor, be used for described the second processor and carry out the storage of non-private data.

3. terminal according to claim 1, is characterized in that, described restricted external unit is used for: all data that need to transmit are all transferred to described first processor by described the first Peripheral Interface; Described first processor is used for: directly private data is processed, and non-private data is transferred to described the second processor by described the first forwarding interface; And

4. terminal according to claim 1, is characterized in that, described restricted external unit is used for: all data that need to transmit are all transferred to described first processor by described the first Peripheral Interface; And described unrestricted class external unit is used for: all data that need to transmit are all transferred to described the second processor by described the second Peripheral Interface;

Wherein, described first processor is used for: directly private data is processed, and non-private data is transferred to described the second processor by described the first forwarding interface;

Described the second processor is used for: receive and process the non-private data from described first processor, and the data that will receive from described unrestricted class external unit all are forwarded to described first processor, by described first processor, private data is wherein processed, and receive the non-private data that this first processor returns.

5. terminal according to claim 1, is characterized in that, and is corresponding one by one between the first Peripheral Interface on described first processor, the first forwarding interface and described restricted external unit; And

Corresponding one by one between the second Peripheral Interface on described the second processor, the second forwarding interface and described unrestricted class external unit.

6. terminal according to claim 5, is characterized in that,

Be provided with on described the second processor with described first processor on the first forwarding interface connect one to one first the transmitting-receiving interface, described the second processor is used for: in the situation that need to carry out with the restricted external unit of appointment alternately, appointment the first transmitting-receiving interface by the restricted external unit corresponding to described appointment sends and goes code to described first processor; Described first processor is used for:, according to going code of receiving, determine described appointment the first corresponding the first forwarding interface and the first Peripheral Interface of transmitting-receiving interface, and the DMA transmission channel is set up in configuration between this first forwarding interface and the first Peripheral Interface; And

7. terminal according to claim 6, is characterized in that,

Described the second processor also is used for:, in the situation that complete mutual with the restricted external unit of described appointment, by described appointment the first transmitting-receiving interface, to described first processor, send interrupt instruction; Described first processor also is used for:, according to the interrupt instruction that receives, disconnect described DMA transmission channel; And

8. terminal according to claim 1, is characterized in that, also comprises:

Kind judging device, be arranged on the path between described restricted external unit and described first processor, is used for the data from described restricted external unit are carried out the type judgement, and according to judged result, described data added corresponding sign; Described first processor is used for: when the data from described kind judging device that receive,, if the sign of these data represents that it is private data, directly process, if the sign of these data represents that it is non-private data, is forwarded to described the second processor;

9. the described terminal of any one according to claim 1 to 8, is characterized in that, also comprises:

At least one first communication module, be connected to respectively described first processor and described the second processor, is used for carrying out the mutual of private data with described first processor, and with described the second processor, carries out the mutual of non-private data.

10. the described terminal of any one according to claim 1 to 8, is characterized in that, also comprises:

At least one second communication module, be connected with described first processor and to carry out data mutual;

Wherein, described first processor is processed the private data from described at least one second communication module, and will transfer to from the non-private data of described at least one second communication module described the second processor and process.