CN103400086B - A kind of terminal - Google Patents
A kind of terminal Download PDFInfo
- Publication number
- CN103400086B CN103400086B CN201310326660.4A CN201310326660A CN103400086B CN 103400086 B CN103400086 B CN 103400086B CN 201310326660 A CN201310326660 A CN 201310326660A CN 103400086 B CN103400086 B CN 103400086B
- Authority
- CN
- China
- Prior art keywords
- processor
- data
- external equipment
- private data
- cpu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a kind of terminal, including: first processor, for processing the private data in described terminal;Second processor, for processing the non-private data in described terminal;Restricted external equipment, is connected to described first processor;Unrestricted class external equipment, is connected to described second processor;Wherein, described first processor or the second processor set up DMA transfer passage by configuration between forwarding interface and Peripheral Interface respectively, it is achieved described second processor or first processor and described restricted external equipment or the connection of unrestricted class external equipment and alternately.By technical scheme, the private data in terminal and non-private data can be made to be physically isolated process, it is ensured that private data cannot be obtained by unsafe application program, is effectively improved the safety of terminal.
Description
Technical field
The present invention relates to technical field of data security, in particular to a kind of terminal.
Background technology
As it is shown in figure 1, terminal is provided with a lot of peripheral hardware (i.e. external equipment 102), such as display screen, touch
Screen, photographing unit, button, communication module, sensor assembly etc..In the related, be provided only with in terminal single
Processor (CPU shown in Fig. 1), then this processor can be under the control of any application, outside arbitrarily
If transmission data, it is also possible to receive the data from any peripheral hardware, then at some, there is too high authority when tag memory
During application program, indefinite third party application of especially originating, then these application programs can control end easily
In end, only processor, calls private data, is the most arbitrarily uploaded to other-end or server.Meanwhile, by
In all data handled by this only processor all in identical memory space (RAM shown in Fig. 1 and
ROM) in, thus above-mentioned application program is the most most probably by simple breaking techniques, can obtain in this memory space
Take private data.Therefore, for the application program in terminal, particularly when some the third-party application journey in terminal
Sequence, the when of being from some unique hackers or personal information dealer, will cause the user profile in terminal
It is under the most unsafe state Deng private data.
So, how to solve the problem of data safety that single processor brings to terminal, become skill the most urgently to be resolved hurrily
Art problem.
Summary of the invention
The present invention is based at least one of the problems referred to above, it is proposed that a kind of new technical scheme, in can making terminal
Private data and non-private data be physically isolated process, it is ensured that private data cannot be by unsafe application journey
Sequence obtains, and is effectively improved the safety of terminal.
In view of this, the present invention proposes a kind of terminal, including: first processor, for processing in described terminal
Private data;Second processor, for processing the non-private data in described terminal;Restricted external equipment, connects
To described first processor;Unrestricted class external equipment, is connected to described second processor;Wherein, at described first
Reason device is realized and the connection of described restricted external equipment and mutual by the first Peripheral Interface, and by the first forwarding interface in fact
Now with the connection of described second processor, and by joining between described first forwarding interface and described first Peripheral Interface
Set up vertical DMA transfer passage, it is achieved the connection of described second processor and described restricted external equipment and alternately;
And
Described second processor is realized and the connection of described unrestricted class external equipment and alternately by the second Peripheral Interface, and
Realized and the connection of described first processor by the second forwarding interface, and by described second forwarding interface and described the
Between two Peripheral Interfaces, DMA transfer passage is set up in configuration, it is achieved outside described first processor and described unrestricted class
The connection of equipment is with mutual.
In this technical scheme, first pass through setting and be respectively used to process private data and multiple process of non-private data
Device so that be effectively isolated physically between private data and non-private data, thus the most only avoid
When using single processor, only any application just can be made easily from this single process by cracking in authority etc.
Device obtains private data.Meanwhile, mutual by between first processor and the second processor, use docking port
Configuration realizes setting up corresponding DMA transfer passage in first processor or the second processor, thus by first
Reason device controls the second processor and the interaction of restricted external equipment, is controlled the first process by the second processor
Device and the interaction of unrestricted class external equipment, it is ensured that private data and non-private data are in processes such as transmission, process
Isolated, make the second processor cannot touch private data, it is to avoid the problem that private data is acquired and leaks.
In technique scheme, it is preferable that also include: the first storage device, corresponding to described first processor,
The storage of private data is carried out for described first processor;Second storage device, corresponding to described second processor,
The storage of non-private data is carried out for described second processor.
In this technical scheme, the processor for private data and non-private data uses separated depositing physically
Storage device so that private data and non-private data, processing and store when, all realize isolation physically, from
And obtain more preferable data safe effect.
In technique scheme, it is preferable that described restricted external equipment is used for: the data of transmission will be there is a need to
All pass through in described first Peripheral Interface transmission extremely described first processor;Described first processor is used for: directly to private
Ciphertext data processes, and by non-private data by described first forwarding interface transmission extremely described second processor;With
And
Described unrestricted class external equipment is used for: the data that be there is a need to transmission are all passed through described second Peripheral Interface and passes
Transport in described second processor;Described second processor is used for: directly process non-private data, and by private
Ciphertext data is by described second forwarding interface transmission extremely described first processor.
In this technical scheme, owing to restricted external equipment and unrestricted class external equipment all cannot obtain the class of primary data
Type, thus directly send data to first processor or the second processor being connected, and by first processor and second
Processor carries out type identification to the data received respectively, so that it is guaranteed that private data is all carried out by first processor
Reason, non-private data is all processed by the second processor, it is ensured that private data and non-private data physically every
From, contribute to promoting the safety of terminal.
In technique scheme, it is preferable that described restricted external equipment is used for: the data of transmission will be there is a need to
All pass through in described first Peripheral Interface transmission extremely described first processor;And described unrestricted class external equipment is used for:
The data that be there is a need to transmission are all passed through in described second Peripheral Interface transmission extremely described second processor.
Wherein, described first processor is used for: directly process private data, and non-private data is passed through institute
State the first forwarding interface transmission to described second processor;Described second processor is used for: receives and processes from described
The non-private data of first processor, and be all forwarded to receiving the data from described unrestricted class external equipment
Described first processor, to be processed private data therein by described first processor, and receives this at first
The non-private data that reason device returns.
In this technical scheme, either from restricted external equipment or the data of unrestricted class external equipment, all
By first processor, it can be carried out type identification and data distribution.Owing to first processor is specifically designed to process secret
Data, are for the second processor, safer processor, thus all send all data to first
Processor, even if non-private data therein is by other application programs (application journey should being sent to relative to script
Sequence) obtain and utilize, also it is not result in the leakage of private information;As long as and ensure that private data will not be by second
Processor processes, it becomes possible to is physically segregated unauthorized applications and obtains private data based on the second processor
Take and utilize, ensuring that the data safety of terminal.
In technique scheme, it is preferable that the first Peripheral Interface on described first processor, the first forwarding interface
And one_to_one corresponding between described restricted external equipment;And the second Peripheral Interface on described second processor, second
One_to_one corresponding between forwarding interface and described unrestricted class external equipment.
In this technical scheme, by Peripheral Interface, forwarding interface, restricted external equipment/unrestricted class external equipment
Between one_to_one corresponding so that outside setting up in first processor corresponding to each restricted external equipment/unrestricted class
The special DMA transfer passage of portion's equipment, it is simple to the individual transmission of data, it is to avoid data cross and confusion occur.
In technique scheme, it is preferable that be provided with on described second processor and on described first processor
The first transceiver interface that one forwarding interface connects one to one, the most described second processor is used for: is needing and is specifying
In the case of restricted external equipment interacts, by the appointment corresponding to the described restricted external equipment specified
One transceiver interface sends to described first processor and goes code;Described first processor is used for: according to connecing of receiving
Logical instruction, determines the first forwarding interface and the first Peripheral Interface that described appointment the first transceiver interface is corresponding, and this
Between one forwarding interface and the first Peripheral Interface, DMA transfer passage is set up in configuration;And
Connected one to one with the second forwarding interface on described second processor it is provided with on described first processor
Two transceiver interface, the most described first processor is used for: interact at the unrestricted class external equipment needed with specify
In the case of, by appointment the second transceiver interface corresponding to the described unrestricted class external equipment specified at described second
Reason device sends and goes code;Described second processor is used for: according to going code of receiving, and determines described appointment
The second forwarding interface that two transceiver interface are corresponding and the second Peripheral Interface, and connect at this second forwarding interface and the second peripheral hardware
Between Kou, DMA transfer passage is set up in configuration.
In this technical scheme, interact by going code between first processor and the second processor, go forward side by side one
Walk the control by first processor path close or disconnecting, it is achieved to the second processor and restricted external equipment
Between the control of DMA transfer path, and control path close by the second processor or disconnecting, reality
The now control to the DMA transfer path between first processor and unrestricted class external equipment, it is to avoid first processor
Peripheral hardware is called with the second processor simultaneously, and prevents private data and the contact of the second processor further,
Contribute to promoting the safety of terminal.
In technique scheme, it is preferable that described second processor is additionally operable to: complete and the described restriction specified
Class external equipment mutual in the case of, by described appointment the first transceiver interface to described first processor send interrupt
Instruction;Described first processor is additionally operable to: according to the interrupt instruction received, and disconnects described DMA transfer passage;
And
Described first processor is additionally operable to: in the friendship of the path completed between the described unrestricted class external equipment specified
In the case of Hu, send interrupt instruction by described appointment the second transceiver interface to described second processor;Described second
Processor is additionally operable to: according to the interrupt instruction received, and disconnects described DMA transfer passage.
In this technical scheme, owing to first processor or the second processor are after receiving and going code, may be temporarily
Stop self restricted or unrestricted class external equipment is called, and first allow requesting party to perform feature operation.Cause
This, so that first processor or the second processor restore to the original state as early as possible, complete remaining process task, requesting party
Should actively send interrupt instruction, it is ensured that first processor and the timely recovery of the second processor.
In technique scheme, it is preferable that also include: kind judging device, it is arranged on described restricted outside and sets
On path between standby and described first processor, for the data from described restricted external equipment are carried out type
Judge, and according to judged result, described data are added corresponding mark;Wherein, described first processor is used for:
Receive from the data of described kind judging device time, if the mark of these data represents that it is private data, the most directly
Connect process, if the mark of these data represents that it is non-private data, be then forwarded to described second processor;
And/or described kind judging device be arranged between described unrestricted class external equipment and described second processor logical
Lu Shang, for carrying out type judgement to the data from described unrestricted class external equipment, and according to judged result to institute
State data and add corresponding mark;Described second processor is used for: receiving the number from described kind judging device
According to time, if the mark of these data represents that it is non-private data, the most directly process, if the mark of these data represents that it is
Private data, then be forwarded to described first processor.
In this technical scheme, kind judging device the data from external equipment are carried out type identification, and without
First processor performs the type identification operation, thus contributes to reducing requirement to first processor so that reduce by the
One processor and the production cost of whole terminal, or be used for other increasingly complex processed calculating resource accordingly
Journey, to improve treatment effeciency.
In technique scheme, it is preferable that also include: at least one first communication module, it is respectively connecting to described
First processor and described second processor, for carrying out the mutual of private data with described first processor, and with institute
State the second processor and carry out the mutual of non-private data.
In this technical scheme, when data uplink, then first processor and the second processor are utilized respectively the first communication
Module carries out data transmission;When data downstream, directly downlink data can be carried out type knowledge by first communication module
Not, thus data distribution is carried out according to recognition result so that private data and non-private data are respectively allocated to first
Processor and the second processor, it is achieved data isolation physically, contribute to promoting the safety of terminal.
In technique scheme, it is preferable that also include: at least one second communication module, process with described first
Device is connected and carries out data interaction;Wherein, described first processor is to from least one second communication module described
Private data process, and the non-private data from least one second communication module described is transmitted to the most described
Second processor processes.
In this technical scheme, owing to first processor is " safe processor " relative to the second processor, thus
By second communication module is only connected with first processor so that private data is without going past the second processor, it is impossible to
Got by the second processor by unauthorized applications, contribute to promoting the safety of terminal.Meanwhile, by by
One processor carries out the type identification of data, contributes to reducing the configuration needs to second communication module, and correspondingly controls
The manufacturing cost of terminal processed.
By above technical scheme, the private data in terminal and non-private data can be made to be physically isolated place
Reason, it is ensured that private data cannot be obtained by unsafe application program, is effectively improved the safety of terminal.
Accompanying drawing explanation
Fig. 1 shows the structural representation of the terminal in correlation technique;
Fig. 2 shows the concrete structure schematic diagram of terminal according to an embodiment of the invention;
Fig. 3 shows the terminal structure schematic diagram comprising two or more processor according to an embodiment of the invention;
Fig. 4 shows the terminal structure comprising two or more processor signal according to another embodiment of the invention
Figure;
Fig. 5 is the terminal structure schematic diagram under a kind of detailed description of the invention of the embodiment shown in Fig. 4;
Fig. 6 shows the terminal structure comprising two or more processor signal according to still another embodiment of the invention
Figure;
Fig. 7 shows the concrete structure schematic diagram of terminal according to another embodiment of the invention;
Fig. 8 shows the attachment structure signal of single communication module according to an embodiment of the invention and processor
Figure;
Fig. 9 shows the attachment structure signal of multiple communication module according to an embodiment of the invention and processor
Figure;
Figure 10 is Fig. 8 or each communication module of embodiment illustrated in fig. 9 is connected knot with a kind of of more than 2 processors
Structure schematic diagram;
Figure 11 is Fig. 8 or each communication module of embodiment illustrated in fig. 9 is connected with the another kind of of more than 2 processors
Structural representation;
Figure 12 is the attachment structure schematic diagram under a kind of detailed description of the invention of embodiment illustrated in fig. 11;
Figure 13 shows that the attachment structure of single communication module according to another embodiment of the invention and processor is shown
It is intended to;
Figure 14 shows that the attachment structure of multiple communication modules according to another embodiment of the invention and processor is shown
It is intended to;
Figure 15 is Figure 13 or each communication module of embodiment illustrated in fig. 14 is connected with a kind of of more than 2 processors
Structural representation;
Figure 16 is Figure 13 or each communication module of embodiment illustrated in fig. 14 connects with the another kind of of more than 2 processors
Connect structural representation;
Figure 17 is the attachment structure schematic diagram under a kind of detailed description of the invention of embodiment illustrated in fig. 16.
Detailed description of the invention
In order to be more clearly understood that the above-mentioned purpose of the present invention, feature and advantage, real with concrete below in conjunction with the accompanying drawings
The present invention is further described in detail by mode of executing.It should be noted that in the case of not conflicting, the application
Embodiment and embodiment in feature can be mutually combined.
Elaborate a lot of detail in the following description so that fully understanding the present invention, but, the present invention also may be used
Implementing to use other to be different from other modes described here, therefore, protection scope of the present invention is not by following
The restriction of disclosed specific embodiment.
Fig. 2 shows the concrete structure schematic diagram of terminal according to an embodiment of the invention.
As in figure 2 it is shown, the present invention proposes a kind of terminal, including: CPU1, for processing the private in described terminal
Ciphertext data;CPU2, for processing the non-private data in described terminal;Restricted external equipment 102, is connected to institute
State CPU1;Unrestricted class external equipment 104, is connected to described CPU2;Wherein, described CPU1 is by the first peripheral hardware
Interface realizes and the connection of described restricted external equipment 102 and mutual, and by the first forwarding interface realization with described
The connection of CPU2, and set up DMA by configuration between described first forwarding interface and described first Peripheral Interface
Transmission channel, it is achieved the connection of described CPU2 and described restricted external equipment 102 and alternately;And
Described CPU2 is realized and the connection of described unrestricted class external equipment 104 and alternately by the second Peripheral Interface, and
The connection with described CPU1 is realized by the second forwarding interface, and by outside described second forwarding interface and described second
If DMA transfer passage is set up in configuration between interface, it is achieved described CPU1 and described unrestricted class external equipment 104
Connection and mutual.
In this technical scheme, first pass through setting and be respectively used to process private data and multiple process of non-private data
Device so that be effectively isolated physically between private data and non-private data, thus the most only avoid
When using single processor, only any application just can be made easily from this single process by cracking in authority etc.
Device obtains private data.Meanwhile, mutual by between CPU1 and CPU2, use the configuration of docking port real
Now CPU1 or CPU2 sets up corresponding DMA transfer passage, thus controlled CPU2 and limit by CPU1
The interaction of class external equipment 102 processed, controlled the CPU1 friendship with unrestricted class external equipment 104 by CPU2
Process mutually, it is ensured that private data and non-private data are isolated in processes such as transmission, process, make CPU2 to connect
Contact private data, it is to avoid the problem that private data is acquired and leaks.
Specifically, for private data and non-private data, can be preset by manufacturer, it is also possible to by user according to certainly
Oneself practical situation determines.Such as in the case of one, can using the data that are associated with some application program all as
Private data or non-private data, such as will be with " address list ", " message registration ", " short message ", " postal
Part " etc. the relevant data of application program, no matter reading or write, all can be regarded as private data, or will be with certain game
The data that application is relevant, all as non-private data;Such as, in the case of another kind, the data of certain type can be made
For private data or non-private data, such as using the interaction data with Web bank all as private data, and by software
Renewal bag data as non-private data etc., it is also possible to comprise other differentiation mode, the most do not carry out a string
Lift.
The multiple hardwares equipment that external equipment in terminal pre-sets in including terminal, except the display shown in Fig. 2
Screen (such as LCD, Liquid Crystal Display, liquid crystal display), touch screen (TW:Touch
Window), outside photographing unit (CAMERA), button (KEY) etc., it is also possible to include such as: for wireless
The communication module of mobile communication, sensor (SENSOR), WIFI(Wireless Fidelity, WLAN)
Module, bluetooth (BT, Bluetooth) module, GPS(Global Position System, global positioning system)
Module, NFC(Near field Communication, near-field communication) module, audio codec (AUDIO
CODEC) etc..In this application, external equipment has been divided into outside restricted external equipment 102 and unrestricted class
Equipment 104.Wherein, restricted external equipment 102 refers to determine that the outside that will necessarily produce private data sets
Standby, such as touch screen, bluetooth module, GPS module etc., by being directly connected with CPU1, so that it is guaranteed that secret
Data will not contact with CPU2;Unrestricted class external equipment 104 refers to temporarily not be found to produce private data
External equipment, such as display screen, photographing unit etc., it may produce private data, simply temporarily not find, but lead to
Cross the type identification to its data such as CPU2 or CPU1, it can be ensured that private data is finally carried out by CPU1
Reason, thus ensure the data safety of terminal.
In technique scheme, it is preferable that CPU1 and CPU2 can be with common storage space, i.e. RAM, ROM
Deng, but in order to prevent malicious application from obtaining private data from shared memory space, the most in fig. 2,
CPU1 employs RAM1 and ROM1, CPU2 and then employs RAM2 and ROM2, can physically by
CPU1 with CPU2 use memory space separate mutually from.Use separated physically due to CPU1 and CPU2
Storage device so that private data and non-private data are processing and when storage, all realize physically every
From, thus obtain more preferable data safe effect.
In technique scheme, it is preferable that described restricted external equipment 102 will be there is a need to the data of transmission all
By in described first Peripheral Interface transmission to described CPU1;Private data is directly processed by described CPU1,
And by non-private data by described forwarding interface transmission to described CPU2.Meanwhile, described unrestricted class external equipment
The data that be there is a need to transmission are all passed through in described Peripheral Interface transmission extremely described CPU2 by 104;Described CPU2 is straight
Connect and non-private data is processed, and by private data by described forwarding interface transmission to described CPU1.
In this technical scheme, owing to restricted external equipment 102 and unrestricted class external equipment 104 all cannot be learnt
The type of data, thus directly send data to CPU1 or CPU2 being connected, and divided by CPU1 and CPU2
The other data to receiving carry out type identification, so that it is guaranteed that private data is all by CPU1 process, non-secret number
According to all by CPU2 process, it is ensured that private data and the isolation physically of non-private data, contribute to promoting eventually
The safety of end.
In technique scheme, it is preferable that described restricted external equipment 102 is used for: transmission will be there is a need to
Data are all passed through in described Peripheral Interface transmission extremely described CPU1;And described unrestricted class external equipment 104 is used for:
The data that be there is a need to transmission are all passed through described second Peripheral Interface transmit to CPU2;Described CPU1 is used for:
Directly private data is processed, and by non-private data by described forwarding interface transmission to described CPU2;Institute
State CPU2 for: receive and process the non-private data from described CPU1, and will receive from described non-
The data of restricted external equipment 104 are all forwarded to described CPU1, with by described CPU1 to private data therein
Process, and receive the non-private data that this CPU1 returns.
In this technical scheme, either from restricted external equipment 102 or unrestricted class external equipment 104
Data, can be carried out type identification and data distribution by CPU1 to it.Owing to CPU1 is specifically designed to process secret
Data, are for CPU2, safer processor, thus all data are all sent to CPU1,
Even if non-private data therein is obtained by other application programs (application program relative to being originally sent to)
And utilization, also it is not result in the leakage of private information;As long as and ensure that private data will not be by CPU2
Reason, it becomes possible to be physically segregated unauthorized applications based on CPU2 to the acquisition of private data and utilization, thus really
Protect the data safety of terminal.
In technique scheme, it is preferable that the first Peripheral Interface, the first forwarding interface and the institute on described CPU1
State one_to_one corresponding between restricted external equipment 102;And the second Peripheral Interface on described CPU2, second forward
One_to_one corresponding between interface and described unrestricted class external equipment 104.
In this technical scheme, outside Peripheral Interface, forwarding interface, the unrestricted class of restricted external equipment 102/
One_to_one corresponding between equipment 104 so that set up corresponding to each restricted external equipment 102/ non-in CPU1
The special DMA transfer passage of restricted external equipment 104, it is simple to the individual transmission of data, it is to avoid occur data to hand over
Fork and confusion.
In technique scheme, it is preferable that be provided with on described CPU2 and connect with the first forwarding on described CPU1
The first transceiver interface that mouth connects one to one, the most described CPU2 is used for: set with the restricted outside specified at needs
In the case of standby 102 interact, by receiving corresponding to the appointment first of the described restricted external equipment 102 specified
Send out interface to go code to described CPU1 transmission;Described CPU1 is used for: according to going code of receiving, determine
The first forwarding interface that described appointment the first transceiver interface is corresponding and the first Peripheral Interface, and at this first forwarding interface and
Between first Peripheral Interface, DMA transfer passage is set up in configuration;And
It is provided with the second transmitting-receiving connected one to one with the second forwarding interface on described CPU2 on described CPU1 to connect
Mouthful, the most described CPU1 is used for: in the case of the unrestricted class external equipment 104 needed with specify interacts,
By sending to described CPU2 corresponding to appointment second transceiver interface of the described unrestricted class external equipment 104 specified
Go code;Described CPU2 is used for: according to going code of receiving, and determines described appointment the second transceiver interface pair
The second forwarding interface answered and the second Peripheral Interface, and configure between this second forwarding interface and second Peripheral Interface and build
Vertical DMA transfer passage.
In this technical scheme, interact by going code between CPU1 and CPU2, and pass through further
The control that path is closed or disconnects by CPU1, it is achieved to the DMA between CPU2 and restricted external equipment 102
The control of transmission channel, and control path being closed by CPU2 or disconnecting, it is achieved to CPU1 and non-limit
The control of the DMA transfer path between class external equipment 104 processed, it is to avoid peripheral hardware is entered by CPU1 and CPU2 simultaneously
Row calls, and prevents contacting of private data and CPU2 further, contributes to the safety of lifting terminal.
In technique scheme, it is preferable that described CPU2 is additionally operable to: complete with described specify restricted outside
Portion's equipment 102 mutual in the case of, by described appointment the first transceiver interface to described CPU1 send in severed finger
Order;Described CPU1 is additionally operable to: according to the interrupt instruction received, and disconnects described DMA transfer passage;And
Described CPU1 is additionally operable to: in the friendship of the path completed between the described unrestricted class external equipment 104 specified
In the case of Hu, send interrupt instruction by described appointment the second transceiver interface to described CPU2;Described CPU2 is also
For: according to the interrupt instruction received, disconnect described DMA transfer passage.
In this technical scheme, owing to CPU1 or CPU2 is after receiving and going code, may be suspended self
For calling of restricted or unrestricted class external equipment 104, and requesting party is first allowed to perform feature operation.Therefore,
So that CPU1 or CPU2 restores to the original state as early as possible, completing remaining process task, requesting party should actively send
Interrupt instruction, it is ensured that the timely recovery of CPU1 and CPU2.
Below it is all to be to describe and analyze terminal to comprise the situation of an a CPU1 and CPU2 carry out, but
In order to obtain higher disposal ability, or reach more excellent safe effect, terminal can comprise greater number
CPU1 and/or greater number of CPU2, below in conjunction with Fig. 3-5, so that terminal to include CPU1, CPU1A
The processor processed for private data with CPU1B etc. and CPU2, CPU2A and CPU2B etc. are for non-private
As a example by the processor that ciphertext data processes, the terminal structure in the case of greater number of processor and process strategy are carried out
Explanation.Certainly, it should be appreciated by those skilled in the art: multiple for private data for terminal only comprises
The processor processed or the situation only comprising multiple processor processed for non-private data, and processor quantity
More often, its catenation principle is actually identical, will not be described in great detail in the application.
Although it should be noted that terminal existing a lot of restricted external equipment 102 and unrestricted class external equipment
104, but each restricted external equipment 102, company between unrestricted class external equipment 104 and CPU1, CPU2
Access node structure and data transfer mode, the most similar, thus in order to clearly to describe it concrete
Attachment structure and data transmission policies, below will be with some restricted external equipment 102 and non-limit in each embodiment
It is described in detail as a example by class external equipment 104 processed.And those skilled in the art it is clearly understood that: below based on
Attachment structure described by " restricted external equipment 102 " and " unrestricted class external equipment 104 " and data transmission
Strategy, actually display can be outside any restricted external equipment 102 terminal and any unrestricted class
Equipment 104.
It addition, the various circuit switching control modes mentioned in above technical scheme, all can apply to each skill following
In art scheme, it is achieved to the interactive controlling between CPU and external equipment.
Embodiment one
For processing in multiple CPU of private data/non-private data, using certain CPU as with restricted outside
" relaying " of equipment 102, other CPU are then by should " relaying " realize and restricted external equipment 102
Mutual;Meanwhile, using certain CPU as " relaying " with unrestricted class external equipment 104, and other CPU
Then by should " relaying " realize with unrestricted class external equipment 104 mutual.
Specifically, as shown in Figure 3, it is assumed that between CPU1 and restricted external equipment 102 set up connect, and its
He, for processing multiple CPU of private data, is connected by " series connection " mode with CPU1;Simultaneously, it is assumed that
Set up between CPU2 and unrestricted class external equipment 104 and connect, and other are for processing the multiple of non-private data
CPU is connected by " in parallel " mode.
Mutual with restricted external equipment 102:
For " series connection " mode: when CPU1 needs mutual with restricted external equipment 102, then CPU1 is direct
Data interaction is carried out with restricted external equipment 102;When CPU1A needs to hand over restricted external equipment 102
Time mutually, then carried out data forwarding by CPU1;When CPU1B needs to interact with restricted external equipment 102
Time, then carried out data forwarding by CPU1A, CPU1.
For " in parallel " mode: when CPU2 needs mutual with restricted external equipment 102, then CPU2 is permissible
By sending request to CPU1, CPU1 configured by port, it is established that CPU2 and restricted external equipment
DMA transfer passage between 102, thus realize data interaction;When CPU2A needs and restricted external equipment
102 when interacting, then carried out data forwarding successively by CPU2 and CPU1;Outside CPU2B needs and is restricted
When portion's equipment 102 interacts, also carried out data forwarding successively by CPU2 and CPU1.
Mutual with unrestricted class external equipment 104:
For " series connection " mode: when CPU1 needs mutual with unrestricted class external equipment 104, then CPU1 can
By sending request to CPU2, CPU2 to be configured by port, it is established that CPU1 sets outside unrestricted class
DMA transfer passage between standby 104, thus realize data interaction;When CPU1A needs and outside unrestricted class
When equipment 104 interacts, the most first sending to CPU1, then CPU1 sends request to CPU2, sets up DMA
Transmission channel carries out data interaction;When CPU1B needs to interact with unrestricted class external equipment 104, then first
Being forwarded to CPU1 via CPU1A, then CPU1 sends request to CPU2, sets up DMA transfer passage and carries out
Data interaction.
For " in parallel " mode: when CPU2 needs mutual with unrestricted class external equipment 104, then CPU2 can
Data interaction is carried out with unrestricted class external equipment 104 with direct;When CPU2A needs and unrestricted class external equipment
104 when interacting, then carried out data forwarding by CPU2;When CPU2B needs and unrestricted class external equipment 104
When interacting, also carried out data forwarding by CPU2.
Certainly, the connected mode of " in parallel ", even part can also be used to adopt for the CPU of private data process
The connected mode of " in parallel " is used by " series connection ", part;And the CPU being used for the process of non-private data can also
The connected mode of " series connection ", even part is used to use " series connection ", part to use the connected mode of " in parallel ",
This is apparent from.But owing to only CPU1 is directly connected with restricted external equipment 102, only has CPU2 straight
Connect and be connected with unrestricted class external equipment 104, if thus other any CPU hope and restricted external equipment 102
Or unrestricted class external equipment 104 is mutual, being finally required for being carried out forwarding by CPU1 or CPU2 can realize.
Mutual except with external equipment (including restricted external equipment 102 and unrestricted class external equipment 104),
When interacting between multiple CPU, it is also possible to need the data of other CPU to forward.Such as when CPU1 with
When CPU2 or CPU1A interacts, then direct interaction;When CPU1 Yu CPU1B interacts, then
CPU1A is needed to forward;When CPU2 Yu CPU1, CPU2A or CPU2B interact, the most directly hand over
Mutually;When CPU2A Yu CPU2B interacts, then CPU2 is needed to forward.
Additionally, on the basis of " in parallel ", also likely to be present between CPU2A with CPU2B to be connected and (figure do not show
Go out), it is possible to realize directly data interaction between the two.Further, when CPU more, all of
Between CPU, the most all may directly perform data interaction, and without the forwarding of other CPU.
Embodiment two
In the multiple CPU for processing private data, each CPU all " in parallel " is to restricted external equipment
102, and directly interact, without other CPU as " relaying " with restricted external equipment 102.
Specifically, as shown in Figure 4, CPU1, CPU1A, CPU1B of being used for processing private data are respectively connecting to
Restricted external equipment 102;Meanwhile, in CPU2, CPU2A, the CPU2B processing non-private data, only
CPU2 is connected directly to unrestricted class external equipment 104.
Meanwhile, between multiple CPU with same treatment function, " the string mentioned in above-mentioned word can be used
Connection " and/or " in parallel " mode.As a kind of specific embodiment, Fig. 4 shows: be used for processing private data
CPU1, CPU1A, CPU1B have employed " series connection " mode, and for process non-private data CPU2,
CPU2A, CPU2B have employed " in parallel " mode.
(1) mutual with restricted external equipment 102
When a part of CPU is connected to restricted external equipment 102, the CPU such as processed for private data,
Then these CPU can directly interact with restricted external equipment 102, including transmission and the reception of data;And
Other CPU being directly connected to restricted external equipment 102, are the most now process for non-private data
CPU, when these CPU need to interact with restricted external equipment 102, need to relate to these CPU with
It is connected directly to the interaction between the CPU of restricted external equipment 102.
1) processing procedure of data uplink
Assuming that each CPU all can directly carry out data interaction (company concrete not shown in figure with other any CPU
Connect relation), then CPU2A or CPU2B directly can be connected directly to restricted external equipment 102 to certain
CPU sends request so that it is by port configuration set up CPU2A or CPU2B and restricted external equipment 102 it
Between DMA transfer passage, such as by CPU1A or CPU1B receive request and perform port configuration, with set up on
DMA transfer passage between CPU2A or CPU2B and the restricted external equipment 102 stated.
Assuming that each CPU is only capable of carries out direct interaction with adjacent CPU, ratio as shown in Figure 4, CPU2A or
CPU2B is merely able to carry out direct interaction with CPU2, then CPU2A or CPU2B can send data to
CPU2, is sent request by CPU2 to CPU1, and CPU1 sets up CPU2 and external equipment 102 by port configuration
Between DMA transfer passage, then data are sent directly to restricted external equipment 102 by CPU2.
Assuming that each CPU is except carrying out direct interaction with adjacent CPU, additionally it is possible to the other types specified
CPU interact, than as it is shown in figure 5, energy adjacent as same type of CPU, CPU2 and CPU2A
Enough direct interactions, and can also be with CPU1 direct interaction as different types of CPU, CPU2;Similarly, then
CPU2A can directly with adjacent CPU2, CPU2B direct interaction, additionally it is possible to CPU1A direct interaction, then
CPU2A can by adjacent C PU indirect communication such as CPU2 to CPU1, and be further transmitted to limit by CPU1
Class external equipment 102, it is also possible to by being directly transferred to CPU1A, and be further transmitted to restricted by CPU1A
External equipment 102.Now, CPU2, CPU2A, CPU2B can by corresponding CPU1, CPU1A,
CPU1B sends request so that it is set up corresponding DMA transfer passage by port configuration, it is achieved CPU2,
CPU2A, CPU2B are mutual with restricted external equipment 102.
2) processing procedure of data downstream
A) there is not the DMA transfer passage having built up, then need data to be transmitted by restricted external equipment 102
To the CPU being joined directly together, such as transmit to CPU1A, be then further transmitted to target CPU.Such as work as restriction
After class external equipment 102 sends data to CPU1A: in the case of the first, CPU1A finds that these data are non-
Private data, but unclear by which CPU process;In the case of the second, CPU1A finds that these data are non-
Private data, and know should be by which CPU process.
In above-mentioned two situations, it is still necessary to be analyzed according to the concrete connection of CPU:
Assuming that each CPU all can directly carry out data interaction (company concrete not shown in figure with other any CPU
Connect relation), then for the first situation, it is non-for processing that CPU1A can directly send data to any one
The CPU of private data, such as CPU2A, then decided specific aims CPU by CPU2A;For the second
Situation, CPU1A can directly send data to target CPU, such as CPU2A.
Assuming that each CPU is only capable of carries out direct interaction with adjacent CPU, as shown in Figure 4, CPU1A can only for ratio
Enough and CPU1 and CPU1B carries out direct interaction, then CPU1A can send data to CPU1, by CPU1
Send to CPU2, and be forwarded to target CPU by CPU2.
Assuming that each CPU is except carrying out direct interaction with adjacent CPU, additionally it is possible to the other types specified
CPU interact, than as it is shown in figure 5, energy adjacent as same type of CPU, CPU1 and CPU1A
Enough direct interactions, and can also be with CPU2 direct interaction as different types of CPU, CPU1;Similarly, then
CPU1A can directly with adjacent CPU1, CPU1B direct interaction, additionally it is possible to CPU2A direct interaction, then
When CPU1A receives the non-private data that restricted external equipment 102 sends, can be adjacent by CPU1 etc.
CPU indirect communication is to being used for processing the CPU of non-private data, it is also possible to by being directly transferred to CPU2A, and by
CPU2A determines and transmits to final target CPU.
B) there is the DMA transfer passage having built up.
Assuming that as shown in Figure 3 and Figure 4, set up in CPU1 and have between CPU2 and restricted external equipment 102
DMA transfer passage.When restricted external equipment 102 needs transmission to CPU2, this DMA can be directly utilized
Transmission channel is transmitted;When restricted external equipment 102 needs transmission to CPU2A or CPU2B, Ke Yitong
Cross DMA transfer passage to send to CPU2, and forwarded by CPU2, it is also possible to send to being directly connected to
In the case of CPU(is for Fig. 3, it is CPU1;Or in the case of for Fig. 4, including CPU1, CPU1A
Or CPU1B), then it is forwarded to concrete target CPU by this CPU.
Assuming that as it is shown in figure 5, each CPU being the most directly connected with restricted external equipment 102, all pass through in correspondence
The CPU being joined directly together with restricted external equipment 102 in set up DMA transfer passage, thus restricted outside
Equipment 102 by the selection to DMA transfer passage, can directly send data to target CPU of correspondence
(CPU2, CPU2A or CPU2B).
(2) mutual with unrestricted class external equipment 104
As shown in Figure 6, when a part of CPU is connected to unrestricted class external equipment 104, such as non-secret
The CPU that data process, then these CPU can directly interact with unrestricted class external equipment 104, including number
According to transmission and reception;And other CPU not being directly connected to unrestricted class external equipment 104, it is the most now
The CPU processed for private data, when these CPU need to interact with unrestricted class external equipment 104,
Need to relate to the interaction between these CPU and the CPU being connected directly to unrestricted class external equipment 104.
Owing to detailed process is connected to restricted outside with all CPU processed for private data shown in Fig. 4
Equipment 102 is similar, then here is omitted.
As it is shown in fig. 7, in each technical scheme of the application, it is also possible to including: kind judging device 105, if
Put on the path between described restricted external equipment 102 and described CPU1, for from described restricted outside
The data of portion's equipment 102 carry out type judgement, and according to judged result, described data are added corresponding mark;Its
In, described CPU1 is used for: when receiving the data from described kind judging device 105, if the mark of these data
Know and represent that it is private data, the most directly process, if the mark of these data represents that it is non-private data, be then forwarded to
Described CPU2;
And/or described kind judging device 105 is arranged between described unrestricted class external equipment 104 and described CPU2
Path on, for the data from described unrestricted class external equipment 104 are carried out type judgement, and according to judgement
Described data are added corresponding mark by result;Described CPU2 is used for: receiving from described kind judging device
105 data time, if the mark of these data represents that it is non-private data, the most directly process, if the mark of these data
Represent that it is private data, be then forwarded to described CPU1.
In this technical scheme, kind judging device 105 data from external equipment are carried out type identification, and
Perform the type identification operation without CPU1, thus contribute to reducing the requirement to CPU1 so that reduce CPU1
With the production cost of whole terminal, or it is used for other increasingly complex processing procedures by calculating resource accordingly, to improve
Treatment effeciency.
In each technical scheme shown in Fig. 2 to Fig. 6, actually can meaning external equipment in office with corresponding
Kind judging device 105 is added, for the data from external equipment are carried out type identification, to realize between CPU
Corresponding data distribution.And other data transfer modes in addition and strategy, all with each technical scheme phase above-mentioned
With, then here is omitted.
Described above is all the data interaction between CPU and external equipment, and for terminal, also includes
And the data interaction between other-end or server, then relate to the up-downgoing data between CPU and communication module and hand over
Mutually.
As shown in Figure 8, it is assumed that CPU1 is used for processing private data, CPU2 is used for processing non-private data, and leads to
Letter module 106 is for the transmitting-receiving of up-downgoing data.So, for upstream data, owing to communication module 106 connects respectively
Be connected to CPU1 and CPU2, thus from the data of CPU1 be exactly private data, data from CPU2 be exactly
Non-private data;For downlink data, communication module 106 directly the data received are carried out type identification, if
For private data, then it is directly transferred to CPU1, if non-private data, is then directly transferred to CPU2.
By communication module 106, data are carried out type identification so that private data and non-private data are respectively allocated
To CPU1 and CPU2, it is achieved data isolation physically, contribute to promoting the safety of terminal.
Meanwhile, in order to promote safety further, it is also possible to add a function for communication module 106, i.e. work as communication
When module 106 is mutual with CPU1, cut off the connection with CPU2, when communication module 106 is mutual with CPU2,
Cut off the connection with CPU1;Or, between communication module 106 and CPU1, CPU2, add circuit switch module
(not shown in figure, being similar to the kind judging device 105 shown in Fig. 7), by circuit switch module self or
CPU1, CPU2 are controlled, it is achieved when communication module 106 is mutual with CPU1, cut off the company with CPU2
Connect, when communication module 106 is mutual with CPU2, cut off the connection with CPU1.By the company's on and off to circuit
Open so that physically separate private data and non-private data, contribute to promoting further the safety of terminal.
Can also there is multiple communication module 106 in terminal, ratio is as it is shown in figure 9, include communication module 106A and lead to
Letter module 106B, is both respectively connecting to CPU1 and CPU2, then for communication module 106A or communication module
For 106B, it is actually identical with the communication module 106 shown in Figure 10, can use for reference and use shown in Fig. 8
The process strategy of communication module 106 correspondence, thus here is omitted.
Similar situation shown in Fig. 3-6, when terminal exists multiple CPU for processing private data and/or multiple
When the CPU processing non-private data, communication module 106(described in Fig. 8-9 is used for illustrating, logical
Letter module 106A and communication module 106B are same), above-mentioned multiple CPU can take following strategy.
Wherein, the most still include CPU1, CPU1A and CPU1B for the CPU processing private data, be used for
Process as a example by the CPU of non-private data includes CPU2, CPU2A and CPU2B and illustrate.
Embodiment one
Communication module 106 is only connected to one for processing the CPU of private data and one for processing non-secret number
According to CPU, be such as connected to CPU1 and CPU2.
So, during for data uplink, private data/non-private data is directly transmitted to the mould that communicates by CPU1/CPU2
Block 106, and CPU1A, CPU1B need to transmit to CPU1 private data, and it is forwarded to, by CPU1, the mould that communicates
Block 106;Similarly, CPU2A, CPU2B need to transmit to CPU2 non-private data, and are forwarded by CPU2
To communication module 106.
During for data downstream, all of private data is all sent to CPU1 by communication module 106, by all of non-
Private data all sends to CPU2, and wherein, in the case of the first, communication module 106 can be by the solution to data
The modes such as analysis, it is thus understood that for processing target CPU of these data, then communication module 106 can be added on the data
Corresponding mark, thus after CPU1 or CPU2 receives these data, can determine according to the mark added
Corresponding target CPU, to realize forwarding;In the case of the second, communication module 106 cannot learn the data received
Target CPU, then communication module 106 directly transmits it to CPU1 or CPU2, by CPU1 or CPU2 from
Row determines corresponding target CPU.
Based on the different connected modes between multiple CPU, when carrying out data transmission between CPU, difference can be there is
Situation.As shown in Figure 10, CPU1, CPU1A and CPU1B use the mode of " series connection " to ratio,
CPU2, CPU2A and CPU2B use the mode of " in parallel ", then need to send upstream data as CPU1B
Or when receiving downlink data, need to transmit via the two-stage of CPU1A and CPU1, can realize;And for
For CPU2A and CPU2B, the Primary Transmit of CPU2 is the most only needed to realize.
Certainly, it is similar to description during Fig. 3-6, for any type of multiple CPU, as being used for processing private data
Or the CPU of non-private data, all can use " series connection " or the connected mode of " in parallel " according to actual needs,
The mode that even can simultaneously use " series connection " and " in parallel " is attached.
Embodiment two
As shown in figure 11, communication module 106 can also be respectively connecting to all of CPU, then for upstream data,
Each CPU can be directly transferred to communication module 106, and without performing forwarding by other CPU, is conducive to
Reduce data transmission delay.And for downlink data, if communication module 106 will be understood that concrete target CPU,
Then can be directly transferred to this target CPU;If communication module 106 can not recognize concrete target CPU, then
Take following manner:
In the case of the first, communication module 106 carries out type identification to downlink data, and according to recognition result, by number
According to transmission to certain acquiescence or the arbitrary CPU for processing same type data, such as by private data default transport
To CPU1, non-private data default transport is to CPU2, or arbitrarily transmits private data to CPU1, CPU1A
Or CPU1B, non-private data is arbitrarily transmitted to CPU2, CPU2A or CPU2B, then by receiving under this
The CPU of row data further determines that and is forwarded to concrete target CPU.
In the case of the second, communication module 106 does not carry out type identification to downlink data, then directly passed by downlink data
Transport to certain acquiescence or arbitrary CPU, and directly carried out type identification by this CPU or be forwarded to other CPU and carry out
Type identification, then according to recognition result, sends to target CPU.Specifically, such as default transport is to CPU1,
Then carried out type identification by CPU1 (or to specify that all downlink datas are carried out type identification by CPU1A, then need
Transmit to CPU1A and carry out type identification), and according to recognition result by downlink data transmission to concrete target
CPU。
Above-mentioned in the case of each, actually further comprises the data interaction between dissimilar CPU, the most also
Comprise following multiple situation:
Assuming that each CPU all can directly carry out data interaction (company concrete not shown in figure with other any CPU
Connect relation).Assuming that CPU1A have received non-private data, if then CPU1A does not knows the mesh that these data are corresponding
Mark CPU, then can directly send data to any one for the CPU processing non-private data, such as
CPU2A, is then decided specific aims CPU by CPU2A;If CPU1A knows the target that these data are corresponding
CPU, then can directly send data to target CPU, such as CPU2A.
Assuming that each CPU is only capable of carries out direct interaction with adjacent CPU, as shown in figure 11, CPU1A is only for ratio
Can carry out direct interaction with CPU1 and CPU1B, then CPU1A can send data to CPU1, by
CPU1 sends to CPU2, and is forwarded to target CPU by CPU2.
Assuming that each CPU is except carrying out direct interaction with adjacent CPU, additionally it is possible to the other types specified
CPU interact, ratio as shown in figure 12, adjacent as same type of CPU, CPU1 and CPU1A,
Can direct interaction, and can also be with CPU2 direct interaction as different types of CPU, CPU1;Similarly,
Then CPU1A can directly with adjacent CPU1, CPU1B direct interaction, additionally it is possible to CPU2A direct interaction,
Then when CPU1A receives the non-private data that communication module 106 sends, can be by adjacent C PU such as CPU1
Indirect communication is to being used for processing the CPU of non-private data, it is also possible to by being directly transferred to CPU2A, and by
CPU2A determines and transmits to final target CPU.
In the technical scheme described by Fig. 8-12, communication module 106 is respectively connecting to for processing private data
CPU and for processing the CPU of non-private data;And in following Figure 13-17, each communication module 106(or
Communication module 106A shown in Figure 16 and communication module 106B) all it is only attached to a type of CPU, such as
It is only connected to the CPU for processing private data, or is only connected to the CPU for processing non-private data.
Specifically, as shown in figure 13, communication module 106 is only connected to CPU1, then for upstream data, and CPU1
Can directly interact with communication module 106, CPU2 then need CPU1 as relaying, indirectly with the mould that communicates
Block 106 interacts.For downlink data, in the case of the first, downlink data can be carried out by communication module 106
Type identification, and according to recognition result, downlink data is added mark, then all send to CPU1, by CPU1
According to the mark on downlink data, determine and process voluntarily, or send to CPU2 process;The second situation
Under, communication module 106 does not carries out type identification to downlink data, then after it being carried out type identification by CPU1, right
Private data directly processes, and non-private data is forwarded to CPU2 process.
Certainly, communication module 106 can also be connected to CPU2, CPU2 directly hand over communication module 106
Mutually, and CPU1 must be using CPU2 as " relaying ", and indirect realization is mutual with communication module 106.But due to
CPU2 is used for processing non-private data, is unsafe CPU for CPU1, because private data can be
CPU2 circulates, unauthorized applications may be caused therefrom to steal.Therefore, in order to obtain safer answering
With environment, it is more likely to directly be connected communication module 106 with CPU1.In each technical scheme following, will be with
Communication module 106 illustrates as a example by being connected with CPU1, but based on foregoing description, this obviously can not be managed
Solution becomes a kind of and limits or limit.
As shown in figure 14, when terminal exists multiple communication module, such as include communication module 106A and the mould that communicates
Block 106B, then be respectively connecting to CPU1.So, for communication module 106A or communication module 106B,
It is identical with the communication module 106 shown in Figure 12, corresponding connected mode can be used or process strategy, herein
Repeat no more.
Similar situation shown in Fig. 8-12, when terminal exists multiple CPU for processing private data and/or many
Individual when the CPU processing non-private data, communication module 106(described in Figure 13-14 is used for lifting
Example, communication module 106A and communication module 106B are same), above-mentioned multiple CPU can take following plan
Slightly.
Wherein, the most still include CPU1, CPU1A and CPU1B for the CPU processing private data, be used for
Process as a example by the CPU of non-private data includes CPU2, CPU2A and CPU2B and illustrate.
Embodiment one
Communication module 106 is only connected to one for processing the CPU of private data or one for processing non-secret number
According to CPU, be such as connected to CPU1.
So, during for data uplink, CPU1 directly interacts with communication module 106, and other are all of
CPU is required to directly or indirectly by needing the data sent to transmit to CPU1, CPU1 be forwarded to communication module
106, it is achieved the up transmission of data.
During for data downstream, in the case of the first, communication module 106 can by modes such as the parsings to data,
Recognize target CPU for processing these data, then communication module 106 can add corresponding mark on the data
Know, thus after CPU1 receives these data, corresponding target CPU can be determined according to the mark added,
To realize forwarding;In the case of the second, communication module 106 cannot learn target CPU of the data received, then lead to
Letter module 106 directly transmits it to CPU1, CPU1 determine corresponding target CPU, certainly, communication voluntarily
The type of data can be identified by module 106, after determining that it is private data or non-private data, just sends
To CPU1, or communication module 106 does not perform type identification operation, but is transmitted directly to CPU1, by CPU1
The data received are carried out type identification.
Based on the different connected modes between multiple CPU, when carrying out data transmission between CPU, difference can be there is
Situation.As shown in figure 15, CPU1, CPU1A and CPU1B use the mode of " series connection " to ratio,
CPU2, CPU2A and CPU2B use the mode of " in parallel ", then need to send upstream data as CPU1B
Or when receiving downlink data, need to transmit via the two-stage of CPU1A and CPU1, can realize;And for
For CPU2A and CPU2B, the Primary Transmit of CPU2 is the most only needed to realize.
Certainly, it is similar to description during Figure 10-12, for any type of multiple CPU, as being used for processing secret number
According to or the CPU of non-private data, all can use " series connection " or the connection side of " in parallel " according to actual needs
Formula, it might even be possible to simultaneously use the mode of " series connection " and " in parallel " to be attached.
Embodiment two
As shown in figure 16, communication module 106 can also be respectively connecting to all CPU of same type, such as simultaneously
It is connected to CPU1, CPU1A and CPU1B that all CPU(for processing private data refer specifically in figure).
So, for upstream data, each CPU for processing private data can be directly transferred to the mould that communicates
Block 106, and without performing forwarding by other CPU, advantageously reduce data transmission delay, and be used for processing non-private
The CPU of ciphertext data, then remain a need for forwarding the data to certain for the CPU processing private data, such as CPU1,
The up transmission of data can be realized.
And for downlink data, if communication module 106 will be understood that concrete target CPU, it is assumed that these data are private
Ciphertext data, then can be directly transferred to this target CPU, it is assumed that these data are non-private data, then to this non-secret number
After adding mark, being directly transferred to certain this CPU of the CPU(being connected can be acquiescence or arbitrary, such as
Acquiescence all sends to CPU1, or randomly chooses a connected CPU), it is assumed that for CPU1, then by CPU1
It is forwarded to corresponding target CPU according to the mark in data;If communication module 106 can not recognize concrete target
CPU, then take following manner:
In the case of the first, communication module 106 carries out type identification to downlink data, and according to recognition result, by number
According to transmission to certain acquiescence or the arbitrary CPU for processing same type data, such as by private data default transport
To CPU1, after non-private data is added corresponding type identification, default transport is to CPU1, or is appointed by private data
Meaning transmission, to CPU1, CPU1A or CPU1B, is arbitrarily transmitted after non-private data is added corresponding type identification
To CPU1, CPU1A or CPU1B, then further determined that by the CPU receiving this downlink data and be forwarded to
Concrete target CPU.
In the case of the second, communication module 106 does not carry out type identification to downlink data, then directly passed by downlink data
Transport to certain acquiescence or arbitrary CPU, and directly carried out type identification by this CPU or be forwarded to other CPU and carry out
Type identification, then according to recognition result, sends to target CPU.Specifically, such as default transport is to CPU1,
Then carried out type identification by CPU1 (or to specify that all downlink datas are carried out type identification by CPU1A, then need
Transmit to CPU1A and carry out type identification), and according to recognition result by downlink data transmission to concrete target
CPU。
Above-mentioned in the case of each, actually further comprises the data interaction between dissimilar CPU, the most also
Comprise following multiple situation:
Assuming that each CPU all can directly carry out data interaction (company concrete not shown in figure with other any CPU
Connect relation).Assuming that CPU1A have received non-private data, if then CPU1A does not knows the mesh that these data are corresponding
Mark CPU, then can directly send data to any one for the CPU processing non-private data, such as
CPU2A, is then decided specific aims CPU by CPU2A;If CPU1A knows the target that these data are corresponding
CPU, then can directly send data to target CPU, such as CPU2A.
Assuming that each CPU is only capable of carries out direct interaction with adjacent CPU, as shown in figure 16, CPU1A is only for ratio
Can carry out direct interaction with CPU1 and CPU1B, then CPU1A can send data to CPU1, by
CPU1 sends to CPU2, and is forwarded to target CPU by CPU2.
Assuming that each CPU is except carrying out direct interaction with adjacent CPU, additionally it is possible to the other types specified
CPU interact, ratio as shown in figure 17, adjacent as same type of CPU, CPU1 and CPU1A,
Can direct interaction, and can also be with CPU2 direct interaction as different types of CPU, CPU1;Similarly,
Then CPU1A can directly with adjacent CPU1, CPU1B direct interaction, additionally it is possible to CPU2A direct interaction,
Then when CPU1A receives the non-private data that communication module 106 sends, can be by adjacent C PU such as CPU1
Indirect communication is to being used for processing the CPU of non-private data, it is also possible to by being directly transferred to CPU2A, and by
CPU2A determines and transmits to final target CPU.
Technical scheme being described in detail above in association with accompanying drawing, it is contemplated that in correlation technique, terminal only comprises list
Individual CPU, the operation such as the most all data all are carried out processing by this CPU, storage, easily by any application therefrom
Obtain private data easily, cause the leakage of privacy of user.Therefore, present applicant proposes a kind of terminal, end can be made
Private data and non-private data in end are physically isolated process, it is ensured that private data cannot be answered by unsafe
Obtain by program, be effectively improved the safety of terminal.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made
Any modification, equivalent substitution and improvement etc., should be included within the scope of the present invention.
Claims (10)
1. a terminal, it is characterised in that including:
First processor, for processing the private data in described terminal;
Second processor, for processing the non-private data in described terminal;
Restricted external equipment, is connected to described first processor;
Unrestricted class external equipment, is connected to described second processor;
Wherein, described first processor is realized and described restricted external equipment by the first Peripheral Interface
Connection is with mutual, and is realized the connection with described second processor by the first forwarding interface, and passes through
Between described first forwarding interface and described first Peripheral Interface, DMA transfer passage is set up in configuration, real
The connection of existing described second processor and described restricted external equipment and alternately;And
Described second processor is realized the connection with described unrestricted class external equipment by the second Peripheral Interface
Alternately, and realized the connection with described first processor by the second forwarding interface, and by described
Between second forwarding interface and described second Peripheral Interface, DMA transfer passage is set up in configuration, it is achieved institute
State the connection and alternately of first processor and described unrestricted class external equipment.
Terminal the most according to claim 1, it is characterised in that also include:
First storage device, corresponding to described first processor, carries out private for described first processor
The storage of ciphertext data;
Second storage device, corresponding to described second processor, carries out non-for described second processor
The storage of private data.
Terminal the most according to claim 1, it is characterised in that described restricted external equipment
For: the data that be there is a need to transmission are all passed through at described first Peripheral Interface transmission extremely described first
In reason device;Described first processor is used for: directly process private data, and by non-secret number
According to by described first forwarding interface transmission extremely described second processor;And
Described unrestricted class external equipment is used for: the data that be there is a need to transmission are all passed through described second
In Peripheral Interface transmission extremely described second processor;Described second processor is used for: directly to non-secret
Data process, and are processed to described first by described second forwarding interface transmission by private data
Device.
Terminal the most according to claim 1, it is characterised in that described restricted external equipment
For: the data that be there is a need to transmission are all passed through at described first Peripheral Interface transmission extremely described first
In reason device;And described unrestricted class external equipment is used for: the data that be there is a need to transmission are all passed through institute
State in the second Peripheral Interface transmission extremely described second processor;
Wherein, described first processor is used for: directly process private data, and by non-secret
Data are by described first forwarding interface transmission extremely described second processor;
Described second processor is used for: receive and process the non-secret number from described first processor
According to, and be all forwarded to receiving the data from described unrestricted class external equipment at described first
Reason device, to be processed private data therein by described first processor, and receives this at first
The non-private data that reason device returns.
Terminal the most according to claim 1, it is characterised in that on described first processor
One_to_one corresponding between first Peripheral Interface, the first forwarding interface and described restricted external equipment;And
Outside the second Peripheral Interface, the second forwarding interface and described unrestricted class on described second processor
One_to_one corresponding between portion's equipment.
Terminal the most according to claim 5, it is characterised in that
It is provided with on described second processor and the first forwarding interface one a pair on described first processor
The first transceiver interface that should connect, the most described second processor is used for: restricted with specify at needs
In the case of external equipment interacts, by the finger corresponding to the described restricted external equipment specified
Fixed first transceiver interface sends to described first processor and goes code;Described first processor is used for:
According to going code of receiving, determine the first forwarding interface that described appointment the first transceiver interface is corresponding
With the first Peripheral Interface, and between this first forwarding interface and first Peripheral Interface configuration set up
DMA transfer passage;And
It is provided with on described first processor and the second forwarding interface one a pair on described second processor
The second transceiver interface that should connect, the most described first processor is used for: unrestricted with specify at needs
In the case of class external equipment interacts, by corresponding to the described unrestricted class external equipment specified
Appointment the second transceiver interface to described second processor send go code;Described second processor is used
In: according to going code of receiving, determine the second forwarding that described appointment the second transceiver interface is corresponding
Interface and the second Peripheral Interface, and configuration is set up between this second forwarding interface and second Peripheral Interface
DMA transfer passage.
Terminal the most according to claim 6, it is characterised in that
Described second processor is additionally operable to: mutual complete with the described restricted external equipment specified
In the case of, send interrupt instruction by described appointment the first transceiver interface to described first processor;
Described first processor is additionally operable to: according to the interrupt instruction received, and disconnects described DMA transfer and leads to
Road;And
Described first processor is additionally operable to: complete and the friendship of the described unrestricted class external equipment specified
In the case of Hu, by described appointment the second transceiver interface severed finger in described second processor sends
Order;Described second processor is additionally operable to: according to the interrupt instruction received, and disconnects described DMA and passes
Defeated passage.
Terminal the most according to claim 1, it is characterised in that also include:
Kind judging device, is arranged between described restricted external equipment and described first processor
On path, for the data from described restricted external equipment are carried out type judgement, and according to sentencing
Described data are added corresponding mark by disconnected result;Described first processor is used for: in coming of receiving
When the data of described kind judging device, if the mark of these data represents that it is private data, the most directly
Connect process, if the mark of these data represents that it is non-private data, be then forwarded to described second and process
Device;
And/or described kind judging device is arranged at described unrestricted class external equipment and described second
On path between reason device, sentence for the data from described unrestricted class external equipment are carried out type
Disconnected, and according to judged result, described data are added corresponding mark;Described second processor is used for:
When receiving the data from described kind judging device, if the mark of these data represents that it is non-private
Ciphertext data, the most directly processes, if the mark of these data represents that it is private data, is then forwarded to described
First processor.
Terminal the most according to any one of claim 1 to 8, it is characterised in that also wrap
Include:
At least one first communication module, is respectively connecting to described first processor and described second and processes
Device, for carrying out the mutual of private data with described first processor, and enters with described second processor
Row non-private data mutual.
Terminal the most according to any one of claim 1 to 8, it is characterised in that also wrap
Include:
At least one second communication module, is connected with described first processor and carries out data interaction;
Wherein, described first processor is to the private data from least one second communication module described
Process, and the non-private data from least one second communication module described is transmitted to described
Second processor processes.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310326660.4A CN103400086B (en) | 2013-07-30 | 2013-07-30 | A kind of terminal |
| PCT/CN2013/084354 WO2015014014A1 (en) | 2013-07-30 | 2013-09-26 | Terminal, data interaction method and data interaction system |
| PCT/CN2013/084356 WO2015014015A1 (en) | 2013-07-30 | 2013-09-26 | Terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310326660.4A CN103400086B (en) | 2013-07-30 | 2013-07-30 | A kind of terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103400086A CN103400086A (en) | 2013-11-20 |
| CN103400086B true CN103400086B (en) | 2016-12-07 |
Family
ID=49563707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310326660.4A Active CN103400086B (en) | 2013-07-30 | 2013-07-30 | A kind of terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103400086B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015096135A1 (en) * | 2013-12-27 | 2015-07-02 | Intel Corporation | Electronic device having two processors to process data |
| CN104992127B (en) * | 2015-07-09 | 2018-07-17 | 李志学 | A kind of Computer Data Security managing device |
| US11301397B2 (en) | 2018-04-24 | 2022-04-12 | Technion Research & Development Foundation Limited | Multiple processor computing device with configurable electrical connectivity to peripherals |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101084505A (en) * | 2004-11-12 | 2007-12-05 | 索尼计算机娱乐公司 | Methods and apparatus for secure data processing and transmission |
| CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100077472A1 (en) * | 2008-09-23 | 2010-03-25 | Atmel Corporation | Secure Communication Interface for Secure Multi-Processor System |
-
2013
- 2013-07-30 CN CN201310326660.4A patent/CN103400086B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101084505A (en) * | 2004-11-12 | 2007-12-05 | 索尼计算机娱乐公司 | Methods and apparatus for secure data processing and transmission |
| CN102043927A (en) * | 2010-12-29 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Computer system for data divulgence protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103400086A (en) | 2013-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10097529B2 (en) | Semiconductor device for controlling access right to server of internet of things device and method of operating the same | |
| US8219135B2 (en) | Method for building spontaneous virtual communities based on common interests using wireless equipment | |
| US20160337322A1 (en) | Semiconductor device for managing user data according to security level and method of operating the same | |
| CN104216761B (en) | It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system | |
| TW201330523A (en) | System and method for facilitating wireless communication | |
| CN103400086B (en) | A kind of terminal | |
| CN106332070A (en) | Secure communication method, device and system | |
| CN103390142B (en) | A kind of terminal | |
| CN104618894B (en) | Data processing equipment and data processing method | |
| CN103390137B (en) | A kind of terminal | |
| CN103400084B (en) | A kind of terminal | |
| Tsuda et al. | Proposal for a seamless connection method for remotely located Bluetooth devices | |
| CN103400080B (en) | A kind of terminal | |
| CN103390136B (en) | A kind of terminal | |
| CN103400088B (en) | A kind of terminal | |
| CN107613453A (en) | Control method and communication system | |
| CN103400085A (en) | Terminal | |
| KR101482492B1 (en) | Method and system for transmitting nmea 2000 network information | |
| CN103390138B (en) | A kind of terminal | |
| JP6950048B2 (en) | Communications system | |
| CN103440437B (en) | Terminal and display control method of user interface | |
| CN109429228A (en) | A kind of radio switch-in method and device | |
| KR101288942B1 (en) | Method for transmitting and receiving of file using near communication and wireless internet, communication terminal therefor | |
| JP2013149058A (en) | Safety confirmation system, terminal and safety confirmation server | |
| CN103401865A (en) | Terminal and data transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |