CN103959203B - There is the mobile device of multiple security domain - Google Patents

There is the mobile device of multiple security domain Download PDF

Info

Publication number
CN103959203B
CN103959203B CN201280053497.2A CN201280053497A CN103959203B CN 103959203 B CN103959203 B CN 103959203B CN 201280053497 A CN201280053497 A CN 201280053497A CN 103959203 B CN103959203 B CN 103959203B
Authority
CN
China
Prior art keywords
user interface
interface element
state
calculating system
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201280053497.2A
Other languages
Chinese (zh)
Other versions
CN103959203A (en
Inventor
D·L·科恩
G·D·H·亨特
J·R·姆利克
D·彭达拉基斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/408,170 external-priority patent/US8850557B2/en
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN103959203A publication Critical patent/CN103959203A/en
Application granted granted Critical
Publication of CN103959203B publication Critical patent/CN103959203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1633Constructional details or arrangements of portable computers not specific to the type of enclosures covered by groups G06F1/1615 - G06F1/1626
    • G06F1/1684Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675
    • G06F1/1694Constructional details or arrangements related to integrated I/O peripherals not covered by groups G06F1/1635 - G06F1/1675 the I/O peripheral being a single or a set of motion sensors for pointer control or gesture input obtained by sensing movements of the portable computer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Share housing and include at least one user interface element;First has isolated computational entity;Second has isolated computational entity;And switching device.Described switching device is configured to: in the first mode, has isolated computational entity by described first and has been connected at least one user interface element described;And in a second mode, isolated computational entity by described second and be connected at least one user interface element described.

Description

There is the mobile device of multiple security domain
Government rights statement:
Inapplicable.
Cross-Reference to Related Applications
This application claims No. 61/535,759 U.S. Provisional Application submitting on November 4th, 2011 Priority, all the elements of this provisional application are expressly incorporated by this with reference to for all purposes. No. 61/596,492 U.S. Provisional Application that the application also requires to submit on February 8th, 2012 preferential Power, all the elements of this provisional application are also expressly incorporated by this with reference to for all purposes.This No. 61/611,352 U.S. Provisional Application of application further requirement submission on March 15th, 2012 Priority, all the elements of this provisional application are expressly incorporated by this further with reference to for all Purpose.The part continuity of the application or following patent application: the sequence that on February 29th, 2012 submits to Row number are 13/408,170, and attorney docket is YOR920120048US1, Richard H.Boivie Et al. entitled " A PROCESSOR AND DATA PROCESSING METHOD WITH NON-HIERARCHICAL COMPUTER SECURITY (have for context state is non-for ENHANCEMENTS FOR CONTEXT STATES Processor that layered method machine strengthens safely and data processing method) " U.S. Patent application, this is special All the elements of profit application are expressly incorporated by this with reference to for all purposes.
Technical field
The present invention relates to electricity, electronics and computer realm, more particularly, it relates to handheld computing device Deng.
Background technology
People are generally mutual with IT system from multiple single security domains.Such as, for company or entity Work or be generally directed to work with someone of company or entity associated and process enterprise domain, for other Thing and process nonbusiness territory.Security, privacy and the management of other defensive measure must be passed through each The integrality in territory, i.e. protect each territory from the impact of unwanted external force.Some territory (is such as used Those territories in enterprise) by access being only limitted to trusted people and software guarantees integrality.Now, For guaranteeing that the most well accepted method of the integrality in multiple territory is to use single physical equipment to access Each territory.This such as could be for the PC of enterprise domain, for the smart phone in nonbusiness territory.? In this case:
1. the PC in enterprise domain and IT system have hardware and/or software security ability to recognize Demonstrate,prove, authorize and manage user;Guarantee only to use qualified software;Protection and management Proprietary data on PC;And provide safety, encryption communication so as at main frame and Data are transmitted between PC.
2. the smart phone for nonbusiness territory is single processing system, and it supports the most non-enterprise Industry Email, social media, Internet service, the application of user's selection and game, The function of picture, music and video content etc.Individuality is responsible for safeguarding its nonbusiness The security in territory.Generally, the level of security of user's management is relatively low.
Some mobile device supports limited cross-domain operation, and these mobile devices such as includeEquipment (is positioned at Phillippe street, Waterloo city, Ontario, Canada 295 The registration mark of the Research In Motion Limited of (postcode is N2L3W8)),Equipment (is positioned at road more unlimited than Dinon, storehouse, California 1 (postcode is 95014) The registration mark of APPLE INC.) andPhone (is positioned at Jia Lifuni state mountain scene The registration mark of the Google Inc. in open-air theater main road, city 1600 (postcode be 94043)). They allow from not same area operation equipment access run in one domain custom-designed should With (such as, Email).These application are intended to generally special by equipment and master computer Code guarantees the integrality in territory.
Summary of the invention
The principle of the present invention provides the technology of the mobile device for having multiple security domain.A side Face, a kind of exemplary means includes: at least one user interface element;First has isolated computational entity; Second has isolated computational entity;And switching device.Described switching device is configured to: at the first mould In formula, isolate computational entity by described first and be connected at least one user interface element described;With And in a second mode, isolated computational entity by described second and be connected at least one user described and connect Mouth element.Also include at least one user interface element described, described first to have isolated calculating real Body, the described second shared housing having isolated computational entity and described switching device.
In yet another aspect, a kind of illustrative methods includes: provide the device just now described, described First mode operates described device;And described device is switched to described from described first mode Two modes.
On the other hand, another kind of exemplary means includes: user interface element;At least one processes Device, it is coupled to described user interface element and runs one of in the following manner: (i) first is personalized, There is the first individuation data associated with it and one or more first personalization program;And (ii) Second individual character, has second individual character data associated with it and one or more second individual character journey Sequence.Also including and the switching device of at least one relational processor described, it causes described device in institute State and switch between the first personalized and described second individual character.When at least one processor described is with described First is personalized when running, the user of described device can not observe or affect the one or more second The operation of personalization program and described second individual character data.When at least one processor described is with described Second individual characterization run time, the user of described device can not observe or affect the one or more first The operation of personalization program and described first individuation data.
In further aspect, it is provided that a set of parts to be assembled into have housing, first processor and The mobile device of at least one user interface element.Described a set of parts include: the second processor;Defeated Entering/o controller, it is configured to determine that user view;And switching device, it is configured to ring I/o controller described in Ying Yu and perform following operation: in the first mode, at described first Reason device is connected at least one user interface element described;And in a second mode, by described second Processor is connected at least one user interface element described.
At further aspect, a kind of method providing service includes providing just for mobile device manufacturers A set of parts of the kind just described, and after being assembled into described mobile device, for described movement The user of equipment provides the support with the personalization of described a set of part relation.
As used herein, " promote " that operation includes performing described operation so that described operation is more held Easily, contribute to performing described operation, or cause performing described operation.Accordingly, as example rather than Limiting, the instruction performed on one processor can promote that the instruction performed on teleprocessing unit is held The operation of row, method is to send suitable data or order to cause or helping to perform described operation. For avoiding doubt, in the case of the method outside operator is operated by execution promotes operation, described Operation is still performed by certain entity or combination of entities.
One or more embodiments of the invention or its element can be real in the form of a computer program product Existing, described computer program includes computer-readable recording medium, and described computer-readable stores Medium has computer usable program code to perform the method step of instruction.Additionally, the present invention One or more embodiments or its element can realize with the form of system (or device), described system (or device) includes memory and at least one processor, and at least one processor described is coupled to institute State memory and be operable to perform exemplary method steps.Further, in yet another aspect, One or more embodiments of the invention or its element can be for performing one or many described here The form of the parts of individual method step realizes;Described parts can include (i) hardware module (multiple), (ii) software module (multiple), its be stored in computer-readable recording medium (or multiple this type of be situated between Matter) in and realize on hardware processor, or the combination of (iii) (i) and (ii);(i)- (iii) either of which in realizes particular technology given herein.
The technology of the present invention can provide the most useful technique effect.Such as, one or more enforcements Example can provide following one or more advantage:
● can be such as processor type, memory size, ancillary equipment etc., in different individual characteies Between the bottom architecture changed, there is antipode;
● it is easier to use the software developed for single personalization equipment.
From the detailed description of the exemplary embodiment to the present invention read below with reference to accompanying drawing, this These and other bright characteristic and advantage will become clear from.
Accompanying drawing explanation
Fig. 1 illustrates basic dual domain devices according to an aspect of the present invention;
Fig. 2 illustrates that the dual domain with shared storage and memory according to an aspect of the present invention sets Standby;
Fig. 3 illustrates that the equipment region network for 4G equipment according to an aspect of the present invention route Device;
Fig. 4 illustrates that the pattern for dual domain devices use rotation according to an aspect of the present invention is cut Change;
Fig. 5 illustrates the exemplary method steps for switch mode according to an aspect of the present invention Flow chart;
Fig. 6 illustrates example system according to an aspect of the present invention;
Fig. 7 illustrates that the pattern having between three calculating systems according to an aspect of the present invention is cut The example system changed;
Fig. 8 illustrates one or more aspects and/or the computer of element that may be used for realizing the present invention System;
Fig. 9 illustrates that the example hardware of uniprocessor equipment according to an aspect of the present invention is implemented Example;
Figure 10 illustrates that the example software of uniprocessor equipment according to an aspect of the present invention is implemented Example;
Figure 11 be illustrate according to an aspect of the present invention be provided for two or more every The schematic diagram of an embodiment from the data processor of computational entity;And
Figure 12 is the various aspects of the embodiment illustrating combination Figure 11 according to an aspect of the present invention The schematic diagram of data processor.
Detailed description of the invention
Due to current technology and the existence of security threat, single physical equipment can not be grasped in multiple territories Make and guarantee to isolate suitably, up hill and dale these territories simultaneously.If using current device design, then will be across Hardware and software resource is shared in territory.There are security breaches in this being shared in bottom hardware and OS platform, Malware can utilize these security breaches to obtain the access to equipment, jeopardizes security and steals Or damage data.This software such as can be at smart phone or the control of PC, Common operational environment In hide Malware Key Logger.Using the privileged operation state obtained subsequently, logger is permissible Access be considered the sharing of territory of isolation, common hardware and operating-system resources so as capture password item or Other data.It may obtain the hardware register comprising active state or the buffer of software management Directly access.
One or more embodiments provide a kind of system and method, and it allows single physical equipment the completeest Complete the most freely operate in each of multiple security domains, and safeguard the separation property in each territory and complete simultaneously Whole property.This equipment contributes to guaranteeing by using specific installation (the most mentioned above for each territory PC and smart phone) integrity protection of same levels that provides.It is therefoie, for example, one or Multiple embodiments allow to download and fortune for company or entity acts or with someone of company or entity associated Row is applied from any nonbusiness in any source, and the most potential jeopardizes the enterprise that equipment may interact The security of operation.Described equipment allows corporate information technology (IT) tissue to specify and management is used for looking forward to All softwares (from hardware) in industry territory, and allow for company or entity acts or with company or Someone of entity associated completely freely selects all these softwares for nonbusiness territory.If equipment is also Including the technology for user authentication etc., (such as, fingerprint recognition, speaker identification, keyboard key in joint Play or other living things feature recognition), the most possibly even realize more strong guarantee.At some example In, can according to one of these user authentication process, partly or entirely, develop confidence score.Can To arrange one or more threshold value.These values are determined for allowing which type of access and/or use In for certain form of visiting demand other inspection (such as, answer such as mother married woman's parents' home's name it The problem of class;It is submitted to iris recognition;Etc.).Such as, in individual and enterprise domain and nonbusiness territory In the case of Jiao Hu, the most one or more embodiments are useful;But, one or more embodiments Apply also for plural territory.Additionally, some embodiment provides complete nonbusiness equipment, it has For a territory of conventional activity, and it is that sensitive matter is (such as, including finance and/or health care Information) and second territory retaining.In this case, in some instances, can be as service Management and the security in sensitive territory are provided.
One or more embodiments are suitable for following mobile device: wherein size, weight and convenience have Significantly difference.It practice, the single mobile device solving the safety problem in multiple territory is considered to carry For particular utility.However, it is possible at bigger equipment (such as laptop computer and desktop computer) The technology that middle use is identical.
In one or more embodiments, independence and the calculating system isolated are encapsulated in single movement and set In Bei and be respectively used to each security domain.One or more embodiments advantageously reduce the equipment of repetition Resource.In one or more examples, single system need not to have consistent or compatible hardware and/ Or systems soft ware, and it practice, in one or more embodiments, prevented physically by hardware Only single system accesses or observes each other.
Now for the general case with a business system and nonbusiness's system describe one non- Limitative examples embodiment.Figure 1 illustrates this embodiment 100, and with reference to being somebody's turn to do in this section Figure.Use in this example and share equipment packages 106 and shared system plate 107.Design hardware so that Directly information can not be transmitted between the systems alternately by equipment.In order to ensure this point, equipment sets Count and meet following criterion:
● the processor of each system is only used for this system.Example embodiment 100 shown in Fig. 1 Two territories operate, and for each territory, there is single processor.They divide It not business system processor 102 and nonbusiness's system processor 104.
● the data storage elements of each system is physically isolated and is only used for this system.Right In business system, this includes the processor storage as shown in 134,136, storage dress Put, I/O buffer, and include the slot for may move flash memory alternatively;With And for nonbusiness's system, including the processor storage as shown in 138,140, deposit Storage device, I/O buffer, and include the slot for may move flash memory alternatively.
● all systems share the basic supporting element unrelated with information.They include such as Power supply 122, real-time clock 124, telephone subsystems 126, communication subsystem 144 with And the element of wireless module 146 etc.
● stateless I/O hardware element is shared, but only can be accessed by the system of current active. Stateless IO (input/output, also referred to as I/O) element does not safeguard they and system Mutual record, therefore cannot transmit information between the systems.They include loudspeaker (multiple) and/or headset connector (multiple) 114, accelerometer 116, switch, GPS system 120 and external switch 118.
● mode switch subsystem determines which system is activity system.As discussed below, may be used To use various methods to carry out this determining.In described non-restrictive illustrative embodiment In, mode switch 130 uses IO to control element 138 only to allow activity system to visit Ask stateless I/O hardware.Business system is shown as movable by this figure, and its I/O link is real Line, and nonbusiness's system is shown as inertia, it is linked to IO with dotted line.
● some has state I O hardware element to be also shared, but simply its status information is permissible Those hardware elements specific to activity system.State I O element is had to need access to have Close they mutual historical informations with each system or mutual state.Such as, Screen 108 must have it and be required the record of the image of display.For some this type of Element, this status information is saved in the buffer that memory maps, and by there being shape State I/O hardware element accesses this status information from this buffer.Mode switch is protected The status information that card I/O hardware is seen is only through the mutual establishment of it and activity system Information.By controlling, where group configuration register 112 can be used for I/O hardware is held for it This operation of row.In described exemplary embodiment, there are two this Parasites Fauna, One is used for business system (" E configuration register "), and one for nonbusiness is System (" P configuration register ").In the illustration being described, " E configuration register " It is movable, and video camera 110 and touch-screen 108 (two have state I O element) Status information be the information relevant to business system.
● not sharing its status information cannot have state I O hardware element specific to activity system. Some I/O hardware is realized, possibly cannot isolate the state letter belonging to separate payment Breath.Such as, it is used for passing throughCommunication (is positioned at State of Washington Ke's Crane China No. 350 suites in Sheng Dunhu main road 5209 (postcode is 98033) The registration mark of BLUETOOTH SIG, INC.) present practice that connects is to use Specific Embedded Processor.The memory of flush bonding processor is safeguarded and each company Connect all states of association.Therefore, simplest realization is for shown each process Device uses single bluetooth subsystem;That is, enterprise's bluetooth subsystem 132 and nonbusiness Bluetooth subsystem 142.
● communication subsystem guarantees to communicate only by this outside all equipment to and from given system System is visible.Each calculating system is uniquely identified to communication subsystem 144.These The function of communication device by which system activity is not determined.
● the processor in inertia system will continue to run with.But, when they attempt accessing altogether When enjoying I/O element, they may have to wait for.
Therefore, hardware prevents the direct communication on equipment between system.Any information between them passes Defeated all via the communication by servicing (such as Email) outside equipment.Then multiple internal meter is isolated Calculation system, as they are in single physical equipment.
The multiple possible amendment to described design can be used alone or in combination.
Sharing and storing device and memory: the first amendment can be shared by allowing multiple calculating systems Physics subsystem, contributes to reducing equipment cost.Figure 2 illustrates this of shared storage subsystem One example 200 of amendment.The element being similar to Fig. 1 has identical reference number and no longer retouches State.If hardware ensures individually to access region, then can the physical storage of safe shared system group. Such as, in an embodiment of dual system example, use the high-order position of storage address which indicates be System is accessing memory.Such as, for the access from business system processor, outside processor Hardware high-order position is forced to 1, for the access from nonbusiness's system processor, with similar side High-order position is forced to 0 by formula.For avoiding doubt, this is a limiting examples, acceptable any Suitably mechanism, this mechanism allows hardware, independent of software, memory is carried out Physical Extents.With this After mode carries out subregion to address space, add hardware to allow processor to access identical simultaneously Physical store subsystem.Specifically, in this embodiment, the storage of enterprise processor 102 accesses Passage/control (SAC) 251 controls the enterprise to shared storage and stores the access of part 234, non-enterprise The storage access path of industry processor 104/control (SAC) 261 controls the nonbusiness to shared storage The access of storage part 240.Additionally, the memory SAC253 of enterprise processor 102 controls altogether Enjoy enterprise's memory and the access of bumper portion 236 of memory and buffer, nonbusiness's processor The memory SAC259 of 104 controls the nonbusiness's memory to shared memory and buffer and buffering The access of device part 238.By similar fashion, can share among multiple processors and can pass through External hardware carries out safely any subsystem of subregion.Described subsystem should be ensured that can not subregion it Between leak condition information.Note, for the single flash slot of each system maintenance 255,257;That is, Flash slot 255 associates with processor 102, and flash slot 257 associates with processor 104.
Share bluetooth: some equipment (including Bluetooth communication subsystem) substantially hides its status information, So that they are difficult to share.However, it is possible to share single between multiple systems by a little change Individual bluetooth subsystem.Bluetooth is intended to replace the wired connection between computer and multiple ancillary equipment.Often Individual ancillary equipment and single computer association, and carry out only in response to the request from this computer Send.Computer transfers the packet to ancillary equipment, uses each packet of handles so that outside Biao Shi Peripheral equipment.Bluetooth subsystem generally uses flush bonding processor to perform the order from computer.With often The individual state connecting association is safeguarded and by its firmware management in the memory of flush bonding processor.For Making bluetooth to share, amendment firmware is to safeguard and organizing status information more, and inputs in response to hardware, Only use the one group of status information associated with activity system.For dual system example, it is possible to use single Input pin switches to perform this operation between the systems.Bluetooth firmware is it must also ensure that only set periphery Standby response is sent to the system of associated.Ancillary equipment only can be with the thing of single computer association Mean in fact each Bluetooth peripheral only with a system relationship.Therefore, if user needs to pass through The music in its nonbusiness's system listened to by the earphone that bluetooth connects, then he cannot the company of listening to broadcast the most simultaneously Visitor.
4G is utilized to communicate: the third amendment relates to communication subsystem.For 4G radio communication, voice Single IP traffic is shared with data-signal.In 4G smart phone, this is streamed to phone System and the system of calculating are (more more complicated than this on 4G communication system real, but provide retouching of this simplification State to be explicitly illustrated the present invention and not obscuring and unnecessary details).Should be with reference to Fig. 3 Exemplary embodiment 300.In this example, stream is sent to onboard from 4G communication system 344 " router " 365 (that is, perform router feature but there is the equipment of fixing function).As local Router in net (LAN), IP packet is only transmitted to only the destination system of addressing by " router " System, thus create equipment region network (DAN).Multiple calculating systems 102,104 and phone System 126 is respectively provided with single medium access control (MAC) address.4G communication system receives and goes Toward the packet of multiple MAC Address, and internal " router " is hard-wired to send out these packets Deliver to correct address.IP storehouse on each processor processes all packets of this processor.Use This method, it is not necessary to the systems soft ware of amendment calculating system.Fig. 3 illustrates and sets for exemplary dual domain Standby this method, and it is easy to be generalized to the method multiple domain equipment.It is similar to the element of Fig. 1 There is identical reference number and no longer describe.
The second communication means can be more directly to utilize 4G.This respect is that equipment distributes one MAC Address, and for each system and/or function (or function group) provide single IP address (or Port).Onboard router is hard-wired to route the packet to correct IP address.Calculating system pin Its 4G function had different IP addresses.In this respect, at least some of example, do not allow Its interface is placed in promiscuous mode by one end.
Asymmetric I/O equipment: mobile device operation system is in the support side that they are that ancillary equipment provides Face is varied from.Such as, many BlackBerry equipment have a mechanical keyboard, and iPhones and Android device is usually not.One or more embodiments are not necessary for each built-in system and provide phase One group of same I/O device.Therefore, support that the dual domain of BlackBerry system and android system sets Standby can have mechanical keyboard, and this keyboard is only by seen from BlackBerry system and use.
The summary of Fig. 1-3: by checking, in FIG, element 106 is to share equipment packages, unit Part 107 is shared system plate;Element 108,110 is the I/O device with state;Element 114, 116,118,120 is stateless I/O device;And element 122,124 is to share supporting element. Element 132,134,136 is the part using the first of processor 102 individually to calculate system.Unit Part 138,140,142 is the part using the second of processor 104 individually to calculate system.Element 112 is cushioning control module.Element 126 is cell phone controller.Element 144 is logical outside equipment The controller of letter.
Additionally, in fig. 2, element 106 is to share equipment packages, and element 107 is shared system plate; Element 108,110 is the I/O device with state;Element 114,116,118,120 is ill-mannered State I/O device;And element 122,124 is to share supporting element.Element 132,251,253, 255 is the part using the first of processor 102 individually to calculate system.Element 257,259,261, 142 is the part using the second of processor 104 individually to calculate system.Element 112 is buffering control Molding block.Element 126 is cell phone controller.Element 144 is the controller of communication outside equipment. Element 251,253,259,261 is the secure access controller of 236,238,240,234.
Further, in figure 3, element 106 is to share equipment packages, and element 107 is to share system System plate;Element 108,110 is the I/O device with state;Element 114,116,118,120 It it is stateless I/O device;And element 122,124 is to share supporting element.Element 112 is buffering Control module.Element 126 is cell phone controller.Element 344 is the controller of communication outside equipment. Element 365 is equipment region network router.Element 132,134,136 is to use processor 102 First part individually calculating system.Element 138,140,142 is to use processor 104 Second part individually calculating system.
The pattern switching that user drives: as it has been described above, one or more embodiment provides a kind of pattern to cut The system of changing planes, it reads user safely and changes the expectation of activity system, then performs switching.At one In embodiment, by one or more physical switch or by the Sofe Switch start-up mode on touch-screen Handoff functionality.For general dual domain devices, a solution is detection device orientation change, and And switching territory (and screen orientation) when user is by equipment rotation 180 degree, as shown in Figure 4. Use the symmetric design of external equipment element (touch-screen, microphone, loudspeaker etc.), the letter of equipment Single rotation and/or reversing cause equipment switch mode, thus change screen shows the most immediately.Such as figure Shown in 4, equipment is in non-traffic direction 402, and when rotating upwardly and downwardly, enters business side To 404.In this approach, can use be similar to on current device by screen orientation from Laterally change to change to horizontal sensor longitudinally or from longitudinal, in order to trigger switching;The most only Various alternative is discussed.
As shown in the flow chart 500 of Fig. 5, in one exemplary embodiment, control is provided below Device is in order to read user view and switching activity system and steps taken.502, execution activity system System (concrete condition is depended in limiting examples in enterprise or nonbusiness).
1. control module 128 reads or otherwise obtains user view from multiple possible sources:
A. accelerometer 116, it reads predetermined device orientation change
B. physical switch equipment 118 (such as slide switch), it is arranged in equipment box
C. Sofe Switch, it is programmed in the touch-screen 108 of equipment and shows thereon
D. other indicator
2. once it is determined that required activity system (that is, decision block 504 produces "Yes" otherwise, If "No", the most only continue executing with activity system), mode switch just suspends current active system. In the example of fig. 5, in step 506, mode switch reads activity system instruction, then in step 508, suspend preceding activity system.This includes that preserving and/or reset shared I/O assembly (such as buffers Register, touch screen controller, audio frequency and communications component etc. in device, video camera) in any have Status register or logic.Step 510 shows lives IO link to new from preceding activity system transfers Dynamic system, step 512 shows the state that the state having state element is switched to New activity system.
3. Initialize chosen is selected operator scheme is so that it can start operation, and according to step 514 Continue to operate in this domain, until the interruption for stopping or changing pattern being detected.
The geographical pattern switching driven: mobile device generally uses GPS subsystem to determine its geographical position Put.Therefore, it is possible to use position determine which calculating system can with can not be movable.Such as, Only when equipment belongs to the property right of enterprises, it is movable to prevent slave site for just can allowing business system Outer access sensitive information.Additionally, when equipment belongs to the property right of enterprises, can disable nonbusiness's system with Isolate sensitive information the most further.
The pattern switching that user drives: can the access of one or more calculating systems will be only limitted to The user of full certification.For example, it is possible to the many current devices accessing business system are accessing any function Password will be needed before (except emergency call).Use the present invention, the non-enterprise of free access can be allowed Any user of industry system, and need certification to access enterprise-specific system.Can also have individually System, its only function is possible to pass through biological characteristic and/or activity indicator, determines who is Use equipment.This system can periodically surveillance operation so that certification physical device user, and correspondingly Restriction system accesses.
Exemplary patterns switching details
The calculating system in combination that two or more are independent is become physics to seal by a preferred embodiment of the present invention Dress, this encapsulation is considered as individual equipment by its user.Isolate each body and calculate system so that any one system Can not observe or affect the operation of other system any physically.This isolation can make system tie up Protect its integrality.Equipment is considered as the complete entirety with multiple pattern by user.Any given time Between, which system activity is pattern specify, and equipment is for a user, as this system is to set Unique System in Bei.Inertia system such as can communicate at running background, but only when this Sample does the operation that will not change activity system.Equipment provides the user and switches with execution pattern someway So that it is movable for changing which system.
Activity system will control the user interface element of equipment completely.These elements are input and output group Part, user calculates system by they operant activities.One or more embodiments are distinguished two kinds of User interface element: its operation had been independent of previously and the mutual history (or state) of activity system User interface element, and the user interface element of its operation this information of dependence.The former is referred to here as nothing State, the latter is referred to as there is state.The scope of stateless element from simple mechanical switch to complicated son System, such as, follow the tracks of the subsystem of device orientation.In both cases, activity system is the most mutual The things that this system (or other system any) is seen time mutual will not be changed with element.This guarantees Activity system can not be turned on and off orientation system, this be considered current mobile device typical case have.
There is the state element can be simple as the lamp that activity system can be turned on and off;This lamp Necessarily be in the state set by the system of current active.Display screen is more complicated to have state element; Its state includes the image that the system of current active shows on screen.In a preferred embodiment, State group (each of this calculating system use has state element one state) is deposited by each calculating system Storage in memory, or represents each calculating system by state group storage in memory.This storage Mechanism referred to here as Interface status storage.
The system of current active is mutual with stateless user interface element by input/output (IO) transmission. System can use this type of transmission of accomplished in many ways, and wherein data are by referred to here as IO linkage dress The mechanism putting (linkage) flows between system and element.In one aspect, one is exemplary sets For preventing data from flowing between inertia system and stateless user interface element.As described below, In some cases, can be realized some between inertia system and stateless I/O user interface element The I/O transmission of form and do not affect isolation of system.When emergence pattern switches, stop to preceding activity System IO link, and set up to latest activities system IO link.
The pattern switching having state element is the most more complicated.Activity system can by I/O transmission and certain There is state element mutual.Such as, it can send " unlatching " order to lamp.Shape is had for other State element, it can the most more new state rather than use I/O transmission.Such as, it can update screen The storage state of curtain, thus change the image of display.For I/O transmission, when transmissions links is for nothing During state element, manage these transmissions links.State element is had (to include that activity system can the most more Change those elements of its state) will there is the storage state with each system relationship.When switch mode, Have a state I O element for each, use the storage state of the system relationship with latest activities replace with The state of the system relationship of preceding activity.
Figure 6 illustrates a simple embodiment of this pattern switching activity.This illustrates from square frame 615,623 to the I/O transmission dotted line of screen 601, because in some cases, screen can be complete Control without I/O transmission by changing its state.Additionally, status storage 613,621 It is shown in system frame 609,611, because it is logically a part for system, but at some In the case of, it can separate with system physically.
Therefore, Fig. 6 illustrates an exemplary computer device, and it includes comprising one or more user One set of pieces of interface element, each user interface element be have state interface element (screen 601, Lamp 603) or stateless interface element (switch 605, direction 607).Also include the first calculating system 609, it includes first group of IO linkage 615, for there being the state group of status user interface element First storage device 613, one or more first memory 617 and one or more first in Central Processing Unit (CPU) 619.Other elements include the second calculating system 611, and it includes second group Linkage 623, for have status user interface element state group second storage device 621, Individual or multiple second memories 625 and one or more second CPU 627.First deposits Reservoir is isolated with second memory, the first status storage and the second status storage isolation, the One CPU (multiple) and the 2nd CPU (multiple) isolation.Other elements include mode switch 130, It determines which group linkage is connected to user interface element, and the Interface status group of which storage can For there being status user interface element.In the first mode, the first calculating system 609 is filled by linkage Put 615 and be connected at least one user interface element.In a second mode, the second calculating system is passed through Linkage 623 is connected at least one user interface element.
Communication can perform to connect devices to various communication system in every way.These mode bags Include cellular communication, linking bluetooth and other networking technology, as described in this.Equipment is also described at this Upper communication, including the concept of equipment region network.
It is shared in some cases, only allows activity system access user interface element.But, certain A little elements (including power supply, real-time clock, system board, casing etc.) are not affected by calculating and can Freely shared.Additionally, some input equipment (such as, switch and button) can be by any system At any time " freely " share and access.If using equipment in the environment, wherein worry from The software of side carries out unauthorized observation to the activity of opposite side, the most do not share these equipment (otherwise it Can freely be shared).
Multiple systems for the sake of simplicity, the most only illustrate and two calculating systems are discussed.But It is that some embodiment includes the equipment with plural system.
The limiting examples of device instance stateless input equipment includes switch, button, GPS system System etc.;The limiting examples of stateless output equipment include loudspeaker, headset connector, flash lamp, Accelerometer etc.;The limiting examples having state input equipment includes bluetooth module, video camera, touches Touch screen etc.;And have the limiting examples of State-output equipment to include display, bluetooth module etc..
Shared main storage and storage device are as set forth above, it is possible to force, at list by use hardware Isolation needed for providing in individual Both primary storage devices and/or single storage device.
Pattern handover mechanism can use number of mechanisms start-up mode to switch.They include geographical position, Gesture on direction, accelerometer signal, touch-screen, mechanical switch, software command etc..Additionally, Pattern and pattern switching are also critically important in following equipment: this equipment do not use the physics of calculating system every From, but support multiple personal in another way.The reply of some embodiment is based on software multiple Property equipment.
Position relevant control is in some cases, it is allowed to or do not allow given calculating system in some position Becoming activity in putting can be critically important.For example, it may be desirable to only when equipment belongs to the property right of enterprises, Allow business system activity.Can also wish when equipment belongs to the property right of enterprises, not allow the non-of activity Business system.
In some cases, individually calculating system can be with entirely different different place for asymmetric system Reason device, operating system, user interface facilities etc..Such as, a calculating system can use secondary or physical bond Dish, and another None-identified keyboard concept.
User authentication is as it has been described above, in some cases, and equipment can include following ability: certification User (such as, when he or she uses this unit), and according to this certification, access is limited to one Individual or multiple calculating systems.
Nonbusiness's equipment as it has been described above, some embodiment includes complete nonbusiness equipment, one of them Territory is used for conventional activity, and one for needing the sensitive matter of Additional Protection.There is provided if sensitive territory The level of security of good definition, then can use the sensitive territory of trusted service management.
Advantageously, one or more embodiments provide the senior guarantee that the holding of independent territory is independent, because one The processor that individual or multiple embodiments use individually, are physically isolated.Additionally, one or more enforcements Example allows independent territory entirely different, because one or more embodiment uses individually, is physically isolated (system supervisor method based on software is generally of actual restriction to processor, and these limit requirement Individually virtual machine has identical processor architecture).
Although it is noted, however, that one or more embodiment is directed to use with multiple processor supports multiple The equipment of property, but these equipment are also designed to have single processor.Fig. 9 illustrate utilize right The change of processor internal structure carrys out the example hardware method of do so, and Figure 10 is shown with system pipes The Software for Design of reason program layer.
With reference now to Fig. 9, it is noted that there is shown and there are two kinds of personalized hardware based single process Device equipment.Fig. 9 illustrates uniprocessor equipment, and it uses storage subsystem and processor internal structure Amendment support two kinds of isolation, independent personalization.The device structure calculating its exterior is similar to Device structure in Fig. 6.
As previously mentioned, there are state (such as, screen 901 and lamp 903) and stateless is (such as, Switch 905 and direction 907) I/O element, and determine the mould of any activity in two kinds of personalizations Formula switch 130.The function of mode switch is identical with the equipment of Fig. 6.It is by controlling shown in figure Switch, determine in two state storage elements 994,992 which be assigned with state I O element 901, the state of 903.Additionally, mode switch 130 provides instruction which kind of personalized movable binary system Signal, calculating system uses this signal to perform two kinds of functions.
Noting, single calculating system 909 has the IO to interface element 901,903,905 and 907 Linkage 915.
In the embodiment in fig. 9, the lower half in system memory addresses space 994 is calculated only by first Propertyization accesses, and retains the first half 992 for second individual characterization.The part in every half portion is exclusively used in deposits Storage with associate personalized corresponding have state I O device Interface status.Address bus the highest effectively Position is controlled by mode switch 130, and is set to 0 when the first personalized activity, works as second individual character 1 (it is, of course, also possible to using contrary convention) it is set to during change activity.Therefore, processor 919 Can be personalized movable according to which kind of, only access corresponding half portion of memory.This be calculating system for It uses from the first in two kinds of functions of the binary signal of mode switch 130.
The second function is when there is active personalitiesization and changing, switching processor content of registers.? During transformation, stop processor 919, change the content of register 998,996, and restart place Reason device.When being converted to second individual character from the first personalization, actual registers content is stored in In one register storage 998, and from the second register storage 996, load new value; When transforming back into first and being personalized, this process of reverse execution.In this way, processing system is each Only with a kind of individual operation, and two kinds of personalizations are completely isolated.
Figure 10 illustrates have two kinds of personalized uniprocessor equipment based on software.List based on software Processor embodiment uses a kind of software engineering, referred to as system supervisor 1088 (or Virtual Machine Manager Device).System supervisor itself is well-known;After giving teachings herein provided, technical staff System supervisor can be used to realize one or more embodiment.System supervisor be multiple firmly One in part Intel Virtualization Technology, these technology allow multiple operating systems 1086,1084 independent and Run on single processor 1019 simultaneously.The operating system of system supervisor management is all seen individually Pseudo operation platform.Embodiment in Figure 10 illustrates Class1 system supervisor 1088, its Run on the processor 1019 of calculating system 1009, control hardware and manage two operating systems 1086、1084。
System supervisor 1088 guarantees the restriction region in each operating system only reference address space;? In the example of Figure 10, for upper memory 1092 and lower memory 1094.It is different from permission operating system The legacy system management program simultaneously run, in the exemplary embodiment of Figure 10, system supervisor 1088 the most only allow an operating system activity.It uses the letter from mode switch 130 Number determine which operating system will be run.Therefore, only activity operations system (it represents active personalities) Can be thus mutual with user with stateless and have state I O device mutual.Element 1001,1003, 1005, the element 901,903,905,907 and 915 that 1007 and 1015 are similar in Fig. 9.
In certain embodiments, inertia personalization can be mutual without this type of user at running background.
Hardware based uniprocessor equipment in the multiprocessor design of Fig. 6 and Fig. 9 is all in personalization Between provide the compulsory separation of hardware.This separation provides the most strong isolation to ensure, and at certain Can be more attractive for having the user of awareness of safety in the case of Xie.While it is true, in Figure 10 Method based on software also provides for good separation and ensures.
The multiprocessor design of Fig. 6 and the uniprocessor equipment based on software of Figure 10 can with currently Processor design is used together.After giving teaching herein, technical staff can realize the base of Fig. 9 Change needed for the method for hardware.
The multiprocessor method of Fig. 6 advantageously provides for different personalized use different processor framework Possibility.Additionally, in the case of having multiple processor, inertia personalization can be on backstage Run, and such as participate in communication.But, uniprocessor embodiment can advantageously reduce cost also And prolongation battery life.
After giving discussion up to the present, and with reference to Fig. 6, it should be appreciated that in general, (such as, exemplary means according to an aspect of the present invention includes at least one user interface element There are status user interface element, such as 601 and/or 603);(such as, first isolated computational entity First calculates system 609, and it includes first memory 617, is coupled to the first process of first memory Device 619, and include first interface state storage unit 613 alternatively, it associates with first processor And it is configured to store at few first state having status user interface element).Also include Two have isolated computational entity, and (such as, second calculates system 611, and it includes isolating with first memory Second memory 625, be coupled to second memory and with first processor isolation second process Device 627, and include the second Interface status memory cell 621 alternatively, itself and the second relational processor And isolate with first interface state storage unit, and it is configured to store at few one and has status user Second state of interface element).Further, described device includes switching device, and it is configured to:
● in the first mode, isolate computational entity by first and be connected at least one user and connect Mouth element (and alternatively, when at least one user interface element is for there being state, Make the first state can be used at least one and have status user interface element);And
● in a second mode, isolate computational entity by second and be connected at least one user and connect Mouth element (and alternatively, when at least one user interface element is for there being state, Make the second state can be used at least one and have status user interface element).
Finally, described device includes at least one user interface element, first to have isolated calculating real Body, the second shared housing having isolated computational entity and switching device, such as 106 in Fig. 1.
In some cases, first has isolated computational entity includes the first calculating system 609, and it includes First memory 617, and it is coupled to the first processor 619 of first memory;And second every Including the second calculating system 611 from computational entity, it includes the second storage with first memory isolation Device 625, and it is coupled to second memory the second processor 627 with first processor isolation.Place Reason device 619,627 can on single IC chip, or can be such as on same chip Independent core.
In a limiting examples, switching device includes that mode switch 130 and first calculates system First group of input-output linkage 615 of system association, and calculate the second of system relationship with second Group input-output linkage 623.
Some embodiment includes at least one stateless user interface element, such as switch 605 and/or side To sensor 607;In these cases, switching device can be further configured to:
● in the first mode, the first calculating system is connected at least one stateless user and connects Mouth element;And
● in a second mode, the second calculating system is connected at least one stateless user and connects Mouth element.
Some embodiment also includes the cellular phone subsystem shared by the first and second calculating systems 126。
Some embodiment also includes the first short-distance wireless personal area network being coupled to the first calculating system Network module (such as, bluetooth module 132), and it is coupled to the second short distance of the second calculating system Wireless personal domain network module (such as, bluetooth module 142).
With reference now to Fig. 3, in some cases, the first calculating system has first medium access control Address, the second calculating system has second medium accessing to control address, and described device also includes setting Territory, preparation area network router 365, it is hard-wired to receive packet and by the given packet in packet It is routed in first medium accessing to control address and second medium accessing to control address.
Again referring to Fig. 3, in some cases, described device has Media Access Control address, is One calculating system distributes the first internet protocol address, is that the second calculating system distributes the second Internet protocol ground Location, and described device also includes equipment region network router 365, it is hard-wired to receive point Group and will packet in given packet be routed to the first internet protocol address and the second internet protocol address In one.
In some cases, during the first and second calculating systems share power supply 122 and real-time clock 124 At least one.
With reference now to Fig. 7, wherein like obtains the reference character identical with other figure and not Describing, some embodiment also includes at least the 3rd calculating system 799, and the described 3rd calculates system 799 again Isolate including the 3rd memory and the first and second processors with the first and second memory isolation 3rd processor, and with first and second Interface status memory cell isolation the 3rd Interface status deposit Storage unit.Described 3rd Interface status memory cell is configured to store at few one has status user to connect The third state of mouth element.Described 3rd memory, the 3rd processor and the storage of the 3rd Interface status are single Unit is omitted to avoid confusion in the figure 7, and can represent in the way of identical with other figure. In the embodiment of Fig. 7, (pattern) switching device 730 is further configured in the 3rd pattern, 3rd calculating system 799 is connected at least one has status user interface element and at least one ill-mannered State user interface element (they are generally designated as 797), and make the third state can be used at least one Individual have status user interface element.
The limiting examples having status user interface element includes display, video camera 110, touches Screen 108 and short-distance wireless personal area network's module 132,142.
The limiting examples of stateless user interface element includes loudspeaker 114, headset connector 114, the flash lamp of video camera 110, accelerometer 116, switch 118, button and global location System receiver 120.
As it has been described above, in some cases (such as Fig. 1), second memory is by becoming and first Memory separate unit and with first memory isolate.On the other hand, in other cases (such as Fig. 2), the first and second memories realize in one single, but second memory is strong by hardware System is isolated with first memory.
In some cases, the first calculating system is to include the enterprise computing system of processor 102, the Two calculating systems are that the nonbusiness including processor 104 calculates system.
But, the example of a upper figure is the most nonrestrictive;In other cases, first system is calculated Being that the first nonbusiness calculates system, the second calculating system is that level of security is higher than the first calculating system of nonbusiness Second nonbusiness of system calculates system (such as, for bank or health care).
Pass again to Fig. 7, some embodiment include user authentication unit 795 (such as, fingerprint recognition, Speaker identification, other living things feature recognition, it is used for accepting customer identification number (such as, PIN) Routine, encrypting module etc.), described user authentication unit 795 provides authentication result and ties based on certification Really (such as, together with mode switch 730), limit at least in the first and second computing units Individual access.Described user authentication unit can be also used for drive pattern switch.Described equipment can be by It is configured to unless provided (such as, by fingerprint scanner 199) suitable biometric identification, no The most not switch mode.
Some embodiment includes position sensor, such as GPS system 120;In these cases, root According to the signal from position sensor, can control in the first and second calculating systems at least alternatively The use of one.
As it has been described above, the first and second calculating systems can be isomery.Such as, the first and second meter Calculation system can have different operating system and/or different equipment compatibilities;And/or first and Two processors can have different types.
As described in other parts, switching device can be in response to many different factors or factor group Close;Such as, one or more in following item: address location;Device direction;Accelerometer signal; Touch-screen gesture;Mechanical switch inputs;Biological characteristic inputs;And software command.
In yet another aspect, a kind of illustrative methods includes the device providing described type, at the first mould Formula operates described device, and described device is switched to the second pattern from first mode.At some In the case of this type of, the first calculating system has first medium accessing to control address, and second calculates system tool There is second medium accessing to control address, and further step is included in equipment region network router Place receives packet;And the given packet in packet is routed to first medium accessing to control address and the In second medium accessing to control address one.On the other hand, in the case of other this type of, described device There is Media Access Control address, be that the first calculating system distributes the first internet protocol address, be second Calculating system distributes the second internet protocol address, and further step is included in equipment region network Packet is received at router;And will packet in given packet be routed to the first internet protocol address and In second internet protocol address one.In some cases, described switch step farther includes to make Second state can be used at least one status user interface element.
As it has been described above, pattern switching is not limited to the situation with the calculating system being physically isolated.Cause This, in yet another aspect, a kind of exemplary means includes: memory;It is coupled to described memory Processor;The computer-readable recording medium of instruction is stored, when described instruction loads in non-momentary mode When to described memory and being performed by described processor, cause described device personalized with second with first One of personalization operation;And switching device.Described switching device and described relational processor, and Described device is caused to switch between the first personalization and second individual character.Described switching device such as may be used With in response at least one in following item: address location;The direction of described device;Accelerometer is believed Number;Touch-screen gesture;Mechanical switch inputs;And software command.
In yet another aspect, another exemplary method comprises the following steps: provides and deposits in non-momentary mode The computer-readable recording medium of storage instruction, when instruction is loaded into memory and by being coupled to described storage When the processor of device performs, cause described processor and described memory personalized and second with first Property one of operation;Thering is provided switching device, it causes described processor and described memory described the Switch between one personalized and described second individual character;And use described switching device described first Described processor and described memory is switched between personalized and described second individual character.Described switching dress Putting such as can be in response at least one in following item: address location;The direction of described device;Add Speedometer signal;Touch-screen gesture;Mechanical switch inputs;Biological characteristic inputs;And software command.
On the other hand, a kind of exemplary means includes processor and is coupled to the storage of described processor Device.In some cases, described memory stores instruction in non-momentary mode, when described instruction is by institute When stating processor execution, cause described device with the operation of one of the first personalization and second individual character.? In some cases, this function is realized by hardware.In one or more embodiments, in personalization Between exist isolation.One or more embodiments include one or more I/O device, and it can be to have shape State, stateless or both mixing.In some cases, single processor uses hardware technology switching Personalized (pattern or context).The serial number 13/408,170 submitted to reference on February 29th, 2012, Attorney docket is the entitled " A of YOR920120048US1, Richard H.Boivie et al. PROCESSOR AND DATA PROCESSING METHOD WITH NON-HIERARCHICAL COMPUTER SECURITY ENHANCEMENTS FOR CONTEXT STATES (has the non-layered computer security for context state to strengthen Processor and data processing method) " U.S. Patent application.The phase of this patent application is reappeared at this Close part;But, for considering with caution, all the elements of the complete disclosure of Boivie et al. are bright at this Really it is incorporated herein by reference for all purposes.Noting, as used herein, " context " is usual With " pattern " and " personalized " synonym.In some cases, by software (such as, system pipes Reason program) activate pattern switching.In some cases, activated by outside handover mechanism (hardware) Pattern switches.Note, it is however generally that, one or more processor and one or more can be there is Memory, but those embodiments shown in such as Fig. 9 and 10 do not rely on single processor so that Isolate between personalization, as in figure 6.
Therefore, one or more embodiments include switching device, such as another software program, individually Hardware switch, accelerometer, day time, system supervisor, multiprocessor layout etc..One or Multiple embodiments realize isolation between personalization.
Described switching device and described relational processor also cause described device personalized and second first Switch between personalization.As mentioned in other parts, this switching such as can be in response to following item In one or more: geographical position;The direction of described device;Accelerometer signal;Touch-screen hand Gesture;Mechanical switch inputs;And software command.
Such as, as shown in Figure 9, some realizes including that one is for informing that processor is only at memory The first half or lower half in run the mode of program.In some cases, the mechanism in hardware is permissible Switch over;Such as, trigger and interrupt, and store all contents and run other program.The most only Run a kind of personalized.
In Fig. 10, multiple personal is single virtual machine;Each virtual machine supports individual character thereon Change.When being switched to another I/O device from an I/O device, memory switches the most therewith.
At further aspect, a kind of illustrative methods includes providing the described device including switching device; And use described switching device first is personalized and switch between second individual character described processor and Memory.Described switching such as can be in response to one or more factors listed here.
Figure 11 illustrates a kind of exemplary data processor 1100 (that is, microprocessor, computer disposal Unit (CPU etc.)), it is from the U.S. Patent application of above-mentioned serial number 13/408,170, and this is special Profit application provides the non-layered computer security for context state to strengthen.Data processor 1100 At least one or more register 1101a-n, context control unit 1110 and memory can be included 1130.Each of these registers 1101a-n may adapt to store context and (that is, performs line Journey) contextual information (that is, context state).Generally, can use temporarily have fixing long The context identifier label (seeing label 1102a-n) of degree (such as, 8) marks these and deposits Each in device 1101a-n.Each context identifier label 1102a-n can be in context control With specific context (that is, spy in tabulation 1115 (such as, in context control unit 1110) Surely thread is performed) association, this specific context is currently in operation and uses this register.Mark Register such as can include program register (such as general register and flating point register) and/ Or branch registers (such as link register, counter register and PSW).But, should This attention, some register should keep unmarked.Unlabelled register such as can include for Timer/clock, debugging control, storage control and the register of Process flowchart.Context controls single Unit 1110 can be operatively connected to register, and can use (that is, right with corresponding context Thread should be performed) the context identifier label 1102a-n that associates (that is, performs to control context Thread) access to register (multiple) 1101a-n, thus control upper and lower to be included in The access of literary composition information (that is, performing the context state of thread).
Such as, in an embodiment of data processor 1100, context control unit 1110 can To receive from the first context (that is, performing thread from first), particular register (such as, is deposited Device 1101a) access request.As response, then context control unit 1110 can be determined that and is No use and first context-sensitive the first context identifier label mark particular register 1101a.That is, context control unit can be determined that the context identifier label in particular register 1102a be whether in context control table 1115 with first context-sensitive the first context identifier Label, thus indicate the content of particular register 1101a (that is, to be saved in particular register 1101a In state) whether had by the first context.When using the first context identifier label mark spy (that is, it is the first context identifier as context identifier label 1102a when determining register 1101a During label), context control unit 1110 can be that the first context provides particular register 1101a Reading and write-access.As used herein, reading and the write-access of register are anticipated by context Taste and is allowed context to check, revise and/or rewrite the state preserved in a register.
But, when using post specific with second context-sensitive the second context identifier label mark (that is, when context identifier label 1102a and the first context identifier label during storage 1101a Do not mate, but be the second context identifier label on the contrary, thus it is specific to indicate the second context to have During the content of register 1101a), context control unit 1110 can use the second Context identifier Symbol label, preserves from particular register in the context save area 1135 of memory 1130 All second contextual informations (that is, all second states of the second context) of 1101a.Should Note, context save area 1135 is used for the specific guarantor of the second contextual information of the second context Deposit position (that is, storage address) to specify (by about second in context control table 1115 Literary composition identifier index), and this specific save location only can be by being provided storage management control right Context the most franchise, believable address.Then context control unit 1110 can use One context identifier label is by the first contextual information (that is, of the first context being previously saved One state) another position from context save area 1135 is (such as context control table 1115 Specified by) return to particular register 1101a, and the first context identifier can be used Label re-flag particular register 1101a (i.e., it is possible to by context identifier label 1102a from It is switched to and the first context-sensitive with second context-sensitive the second context identifier label One context identifier label).Then context control unit 1110 can be just that the first context carries Supply the reading to particular register 1101a and write-access.
When using and second context-sensitive the second context identifier label mark particular register During 1101a (that is, when context identifier label 1102a and the first context identifier label not Join, but when being the second context identifier label on the contrary), context control unit 1110 can use Second context identifier label, preserves in the context save area 1135 of memory 1130 From all second contextual informations (that is, the second state of the second context) of particular register 1101a. All second contexts were preserved before providing the access to particular register 1101a for the first context Information can be the most time-consuming.Therefore, it is alternatively possible to " on-demand " is (i.e., only when the first context During with reference to those second states) preserve the second contextual information (that is, the second state of the second context), Or initially can preserve a part (such as, selected second state) for the second contextual information, and And " on-demand " remainder can be preserved.
In yet another aspect, data processor 1100 can include multiple copies (ginseng of particular register See copy (1) and (2) of particular register 1101b), and can be from the first Context Accept Access request to this particular register 1101b.In this case, context control unit 1110 Can be it is first determined whether use and first context-sensitive the first context identifier label mark spy Determine any one in the copy (1) of register 1101b or (2).That is, context control unit 1110 can be determined that respectively in any one of the copy (1) of particular register 1101b or (2) Context identifier label 1102b (1) or 1102b (2) whether be context control table 1115 In with first context-sensitive the first context identifier label.When using the first context identifier When label marks at least one copy of particular register, context control unit 1110 can select to make The first authentic copy (such as, the pair of particular register 1101b with the first context identifier label mark This (1)), and can be the first context offer reading to this first authentic copy 1101b (1) And write-access.
But, when the copy not using the first context identifier label mark particular register 1101b Or time (2), context control unit 1110 can select a copy (example of particular register (1) As, the triplicate (2) of particular register 1101 (b), it uses and the second context-sensitive Second context identifier label marks).Then, context control unit 1110 can use Two context identifier labels, preserve in the context save area 1135 of memory 1130 from All second contextual informations (that is, all second states of the second context) of triplicate.As In the embodiment previously described, for the second of the second context in context save area 1135 The specific save location (that is, storage address) of context information can be at context control table 1115 middle finger Fixed (being indexed by the second context identifier), and this specific save location only can be by being carried Context the most franchise, believable for storage management control right addresses.It follows that context control Unit 1110 processed can use the first context identifier label by the first contextual information (i.e., previously First state of the first context of storage) another position from context save area 1135 (as specified by context control table 1115) returns to the second pair of particular register 1101b These (2), and the first context identifier label can be used to re-flag particular register 1101b Triplicate (2) (i.e., it is possible to by context identifier label 1102b (2) from second The the second context identifier label hereafter associated is switched to and first context-sensitive the first context Identifier tags).Then context control unit 1110 can be just that the first context provides specific The reading of the triplicate (2) of register 1101b and write-access.
When using and second context-sensitive the second context identifier label mark particular register During triplicate (2) of 1101b, context control unit 1110 can use the second context mark Know symbol label, preserve from particular register in the context save area 1135 of memory 1130 All second contextual informations (that is, second shape of the second context of the triplicate (2) of 1101b State).Before providing access for the first context, preserve all second contextual informations can consume very much Time.Therefore, it is alternatively possible to " on-demand " is (i.e., only when those second shapes of the first context reference During state) preserve the second contextual information (that is, the second state of the second context), or just begin To preserve a part (such as, selected second state) for the second contextual information, and can " press Need " preserve remainder.
In yet another aspect, data processor 1100 can also include register pond 1150.This In the case of, the register that the register having in pond 1150 can need more than the operation of all contexts (that is, some register can be idle, or more specifically sky).Context control unit 1110 The access request of the first register title can be indicated from the first Context Accept.In this case, First context control unit 1110 can judge whether any register in pond 1150 has first Register title and use are marked with first context-sensitive the first context identifier label Note.When the first register (such as, register 1101a) in pond has the first register title also And (that is, as context identifier label 1102a when being used the first context identifier label to mark When mating with the first identifier tags of the first context), context control unit 1110 can be One context provides the reading to the first register 1101a and write-access.But, when pond 1150 In register all there is no the first register title and do not use the first context identifier label to carry out During mark, context control unit 1110 can select idle register (such as, 1101b) (as Fruit exists), it is possible to use the first contextual information is protected by the first context identifier label from context Deposit region 1135 and return to selected register 1101n, and can be that the first context provides this sky The access of not busy register 1101b.When the register in pond 1150 does not all have the first register title also And do not use the first context identifier label to be marked, and work as the register in pond 1150 the most not Time idle, context control unit 1110 can select selected register (such as, register from pond 1101n), specifically, there is different register title and use and the second context-sensitive The selected register of different context identifier label marks.Then, context control unit 1110 Different context identifier label can be used, in the context save area 1135 of memory 1130 Middle preservation is from any contextual information of selected register 1101n.It follows that context controls single Unit 1110 can use the first register name to weigh and name selected register 1101n, and can use First context identifier label re-flags selected register 1101n (i.e., it is possible to by context mark Know symbol label 1102n and never change to the first context identifier label with context identifier label). Then, context control unit 1110 can use the first context identifier label by the first context Information returns to selected register 1101n from context save area 1135, and can be on first Reading to selected register 1101n and write-access are provided below.
Figure 12 is the schematic diagram of the high level architecture illustrating microprocessor 1200, and microprocessor 1200 includes It is similar to the context control unit 1210 of unit 1110, is similar to the upper of context control table 1115 Hereafter control table 1215, it is similar to the memory 1230 of memory 1130, and is similar to context Preserve the context save area 1235 in region 1135.Processor 1200 may include that command unit 1201, it includes instruction buffer and assignment, and is received instruction, queues up and assigns;Make Register is safeguarded with counter and chained address;And conditional information (CR).Can by instruction suitably Be dispatched to performance element 1202 (such as, integer and floating-point), load/store unit 1203 and point Prop up processing unit 1204.(such as, the parameter of instruction and result can be stored in program register 1206 General register (GPR) and flating point register (FPR)) in.Load/store unit 1203 He Command unit 1201 can be retrieved data and be stored in main storage 1230.Can count According to MMU memory management unit (DATA MMU) 1241 and instruction MMU memory management unit (INST MMU) In 1251, mutual address is converted to physical address from logical address, and can be high in corresponding data Speed caching 1242 and instruction cache 1252 in data cached itself.
Register (such as, program register 1206 and branch registers 1205) and machine state can To use context identifier label (CID) to extend further.If register 1205 and/or 1206 can stacking, then can also add security domains identifiers (SDID) and context lamination rank mark Sign (LVL).Memory 1230 can be divided into security domain.SDID extended menory can be used 1230.Context control unit 1210 comprises provides the context control table 1215 that must map. DATA MMU1241 and INST MMU1251 can use context control unit 1210 to obtain The SDID that must quote is for confirmation quote legal.If it is legal to quote, then DATA MMU1251 Can be data high-speed caching 1242 offer physical address, and can be according to requests data reading (number According to or instruction) or write data (only data).
Data processor 1200 is additionally may included in the context save area in memory 1230 1235.This context save area 1235 only can be come by the hardware of context control unit 1210 Addressing.The context control unit 1210 communicated with each register 1205,1206 can also with heavily order Name unit communicates with dispatch unit.The dispatch unit of command unit 1201, specifically command unit, Context control unit 1210 can be used to obtain context identifier label, and if be suitable for, obtain The LVL of the instruction contexts that must assign.Request is dispatched to all post in program by command unit 1202 The load/store unit 1203 operated on storage 1206 and performance element 1202, and be dispatched to The Branch Processing Unit 1204 of operation on branch registers 1205.
Load/store unit 1203 can receive instruction from dispatch unit.Load/store unit 1203 May be used for addition.When for addition, its function is identical with performance element.For loading, add Load/memory cell 1203 receives instruction, the program register using register to load from renaming unit The title of 1206 (from instruction), CID and LVL (if being suitable for).It also will effectively Location and CID are delivered to data high-speed caching 1242, in order to it can retrieve data.When retrieval data Time, data are placed in the register 1206 of instruction, and load/store unit 1203 is ready to use In next instruction.For storage, load store unit 1203 retrieval comprises from renaming unit The title of the program register 1206 of data.It extracts data from this program register, and will effectively Address (EA), CID, LVL (if being suitable for) and data are delivered to data high-speed caching 1242 To write.After write data, load/store unit 1203 prepare for next instruction so that Storage data or retrieval data.
Performance element 1202 can perform arithmetical operation for program register 1206.Performance element 1202 use register title, CID and LVL (if being suitable for), receive it from renaming unit Title by the program register 1206 of operation.Then it ask the interior of these program registers 1206 Hold, perform the operation of instruction, and ask to be placed in indicated program register result.
After performance element 1202 processes, the CC condition code of any generation may be used for branch process list Unit 1204.Branch Processing Unit 1204 can be from command unit 1201, more specifically from instruction sheet The dispatch unit of unit 1201, receives instruction, CID and LVL (if being suitable for).Branch process list Unit 1204 can also comprise the association CID of program counter and current context.Branch Processing Unit 1204 can use described request, CID and LVL (if being suitable for), heavily order from branch registers Name unit receives its title by the branch registers 1205 of needs.Then it can receive branch and deposit The content of device 1206, and it is appropriately performed branch.After completing, Branch Processing Unit 1204 to Command M MU1251 and command unit 1201 notify next instruction to be performed and with this instruction The CID of association.If branch is to step up hereafter to call, then it uses the CID mark of new context to want It is delivered to the branch registers 1205 of new context, and current CID is changed to new context CID.It should be noted that for the sake of simplicity, Figure 12 illustrates two renaming unit.But, affiliated skill Art field it is to be understood by the skilled artisans that can have one or more heavy in data processor 1200 Name unit, each renaming unit may adapt to provide consistent any between renaming unit The correct name of register.
Although it should therefore be understood that the limiting examples of Fig. 1-3 and 6 is shown through independent hardware Computational entity has been isolated in supply first and second, it is also possible to such as use shown in Fig. 9 and/or 10 Technology and/or by the context identifier stamp methods of Figure 11 and 12, real in single processor Existing.
Therefore, in some cases, at least one user interface element includes status user interface unit Part 901,903,1001,1003;First has isolated computational entity includes that the storage of first interface state is single Unit 994,1094, they are configured to store at few first shape having status user interface element State;Second has isolated computational entity includes the second Interface status memory cell 992,1092, they with First interface state storage unit is isolated, and is configured to store at few one and has status user interface Second state of element;And switching device is further configured to: in the first mode, make first State can be used at least one status user interface element;And in a second mode, make the second shape State can be used at least one status user interface element.
As shown in Figure 9, in some cases, there are the first and second register storages of isolation 998, the single processing unit 919 of 996 realizes first and second and isolated computational entity.
As shown in Figure 10, in some cases, under the management of system supervisor 1088, The single processing unit 1019 of first and second operating systems 1086,1084 with isolation realizes First and second have isolated computational entity.
As illustrated in figs. 11 and 12, in some cases, there is multiple register 1150 with upper and lower The single processing unit of literary composition control unit 1110 realizes first and second and has isolated computational entity, described Context control unit 1110 uses and at least the first and second context-sensitive context identifiers Label 1102 controls the access to multiple registers of at least the first and second contexts.Described first He Second context corresponds to the first and second patterns.
In yet another aspect, a kind of exemplary means includes at least one user interface element, such as 601,603,605,607,901,903,905,907,1001,1003,1005,1007 etc.. Described device also includes at least one processor, such as 619,627,802,919,1019,1200 Deng, it is coupled to described user interface element and runs one of in the following manner: (i) first individual character Change, there is the first individuation data associated with it and one or more first personalization program;And (ii) second individual character, has second individual character data associated with it and one or more second Property program.Also include the switching device with at least one relational processor, such as 130 etc., it is led Cause described device to switch between described first personalized and described second individual character.At at least one When reason device is with the first personalized operation, the user of described device can not use user interface element (multiple) In any one observe or affect operation and the second individual character of one or more second individual character program Change data (second individual character program can perform for second individual character data alternatively) on backstage. When at least one processor runs with second individual characterization, the user of described device can not use user to connect Any one in mouth element (multiple) is observed or affects one or more first personalization program Operation and the first individuation data (the first personalization program can alternatively on backstage for the first individual character Change data to perform).Additionally, in this, in uniprocessor equipment, one is used for safeguarding safety The method of isolation is only to allow one of virtual machine managed by system supervisor to run every time.Alternatively, If the manager of the owner of equipment or second individual character less pays close attention to security, then can allow it Its personalization is in consistency operation, until the resource being had by the first personalization stops.
If it is required, then this method can expand to other personalization.
In yet another aspect, service provider can be that equipment manufacturers provide herein one or more The assembly of system;Such as, processor 104, switch 130 and I/O control 128, they are configured For docking with other assembly.Service provider can collect the charges can not also collect to equipment manufacturers. Service provider can collect for supporting processor 104 and correlation function to enterprise and/or user Expense.
Example system and manufacture details
Person of ordinary skill in the field knows, various aspects of the invention can be implemented as system, Method or computer program.Therefore, various aspects of the invention can be implemented as following shape Formula, it may be assumed that hardware embodiment, completely Software Implementation (include firmware, resident soft completely Part, microcode etc.), or the embodiment that hardware and software aspect combines, may be collectively referred to as " electricity here Road ", " module " or " system ".Additionally, various aspects of the invention are also implemented as one The form of the computer program in individual or multiple computer-readable medium, this computer-readable medium In comprise computer-readable program code.
One or more embodiments of the invention or its element can realize with the form of device, described dress Putting and include memory and at least one processor, at least one processor described is coupled to described memory And it is operable to perform exemplary method steps.
One or more embodiments can use at mobile device (such as smart phone or tablet PC) The software of upper operation.With reference to Fig. 8, this realization such as can use processor 802, memory 804 (such as, display 806 and keyboard 808 (such as may combination touch with input/output interface In screen) formed).Term " processor " is as used herein, it is intended to include any processing equipment, Such as include CPU (CPU) and/or the processing equipment of other formal layout circuit.Enter One step, term " processor " can refer to multiple single processor.Term " memory " is intended to bag Include the memory associated with processor or CPU, such as RAM (random access memory), ROM (read-only storage), fixed storage device (such as, hard disk drive), removable memory part (such as, floppy disk), flash memory etc..Additionally, phrase " input/output interface " is as used herein, Be intended to include the most one or more mechanism for entering data into processing unit (such as, mouse, Touch-screen), and one or more for providing the mechanism of the result associated with processing unit (such as, Display).Processor 802, memory 804 and input/output interface such as can pass through bus 810 Interconnection, as a part for mobile device 812.Some mobile device can include suitably interconnecting, Such as by bus 810, (such as network interface card, it may be used for and computer network with network interface 814 Docking) and Media Interface Connector 816 (it may be used for docking with medium 818) interconnection.
Therefore, as described in this, including for perform present invention method in terms of some instruction or The computer software of code can be stored in one or more association memory device (such as, ROM, Fixed or movable memory) in, and when ready for use, partly or entirely loaded (such as, It is loaded in RAM) and realized by CPU.This software can include but not limited to firmware, resident Software, microcode etc..
The mobile device being suitable for storage and/or execution program code will include that at least one passes through system Bus 810 etc. is directly or indirectly connected to the processor 802 of memory element 804.Memory element is permissible The local storage that uses the term of execution of being included in program code actual, mass storage device and There is provided the interim storage of at least some of program code with reduce must the term of execution fill from massive store Put the cache memory of the number of times of retrieval coding.
Input/output or I/O equipment (include but not limited to that keyboard 808, display 806, indication set Standby wait (may combination in touch-screen)) directly (can such as pass through bus 810) or pass through Between I/O controller (being for clarity sake omitted) be connected with system.
Network adapter (such as network interface 814) can be optionally coupled to equipment so that equipment Can be become and other data handling system or remote printer or deposit by intermediate dedicated or public network Memory device is connected.These connections can be such as wireless connection.
As noted, various aspects of the invention can use the form of computer program, described Computer program is included in one or more calculating thereon with computer readable program code In machine computer-readable recording medium.Any combination of one or more computer-readable medium can be used.Computer Computer-readable recording medium can be computer-readable signal media or computer-readable recording medium.Computer can Read storage medium to be such as but not limited to electricity, magnetic, optical, electromagnetic, infrared ray or partly lead The system of body, device or device, or the combination of above-mentioned any appropriate.Medium square frame 818 is one Individual limiting examples.The more specifically example (non exhaustive list) of computer-readable recording medium Including: there is the electrical connection of one or more wire, portable computer diskette, hard disk, arbitrary access Memory (RAM), read-only storage (ROM), erasable type programmable read only memory (EPROM Or flash memory), optical fiber, portable compact disc read-only storage (CD-ROM), light storage device, Magnetic memory device or the combination of above-mentioned any appropriate.In this document, computer-readable storage Medium can be any tangible medium comprised or store program, this program can be commanded execution system, Device or device use or in connection.
Computer-readable signal media can include the most in a base band or pass as a carrier wave part The data-signal broadcast, wherein carries computer-readable program code.The data-signal of this propagation Can take various forms, include but not limited to electromagnetic signal, optical signal or above-mentioned any conjunction Suitable combination.Computer-readable signal media can be any beyond computer-readable recording medium Computer-readable medium, this computer-readable medium can send, propagate or transmit for by instructing Execution system, device or device use or program in connection.
The program code comprised on computer-readable medium can with any suitable medium transmission, including But be not limited to wireless, wired, optical cable, RF etc., or the combination of above-mentioned any appropriate.
Can write for performing the present invention's with any combination of one or more programming languages The computer program code of the operation of various aspects, described programming language includes OO journey Sequence design language such as Java, Smalltalk, C++ etc., also include that the process type program of routine sets Meter language such as " C " language or similar programming language.Program code can fully exist Perform on subscriber computer, perform the most on the user computer, as an independent software kit Perform, part part on the user computer performs or on the remote computer completely at remotely meter Perform on calculation machine or server.In the situation relating to remote computer, remote computer can pass through The network of any kind includes that LAN (LAN) or wide area network (WAN) are connected to user Computer, or, it may be connected to outer computer (such as utilizes ISP to lead to Cross Internet connection).
At this by with reference to method, device (system) and computer program product according to embodiments of the present invention Flow chart and/or the block diagram of product describe various aspects of the invention.Should be appreciated that flow chart and/or frame The combination of each square frame in each square frame of figure and flow chart and/or block diagram, can be by computer program Instruction realizes.These computer program instructions can be supplied to all-purpose computer, special-purpose computer or its The processor of its programmable data processing means, thus produce a kind of machine so that these instructions exist When being performed by the processor of computer or other programmable data processing means, create and realize flow process The device of the function/action of regulation in one or more square frames in figure and/or block diagram.
These computer program instructions can also be stored in computer-readable medium, these instructions make Obtain computer, other programmable data processing means or miscellaneous equipment to work in a specific way, thus, The instruction being stored in computer-readable medium just produces and includes in flowchart and/or block diagram Manufacture (the article of of the instruction of the function/action of regulation in one or more square frames manufacture)。
Can also computer program instructions be loaded into computer, other programmable data processing means, Or on miscellaneous equipment so that perform a series of on computer, other programmable device or miscellaneous equipment Operating procedure, to produce computer implemented process, so that at computer or other dress able to programme The instruction putting execution provides regulation in the one or more square frames in flowchart and/or block diagram The process of function/action.
Flow chart and block diagram in accompanying drawing show the system of different embodiment according to the subject invention, method Architectural framework in the cards, function and operation with computer program.In this, flow process Each square frame in figure or block diagram can represent a module, program segment or a part for code, described A part for module, program segment or code comprises one or more logic function for realizing regulation Executable instruction.It should also be noted that some as replace realization in, the merit marked in square frame Can occur to be different from the order marked in accompanying drawing.Such as, two continuous print square frames are actually Can perform substantially in parallel, they can also perform sometimes in the opposite order, and this is according to involved Depending on function.It is also noted that each square frame in block diagram and/or flow chart and block diagram and/ Or the combination of the square frame in flow chart, can be with performing the function of regulation or the special based on firmly of action The system of part realizes, or can realize with the combination of specialized hardware with computer instruction.
It should be noted that, any method described here can include the additional step providing a kind of system, Described system includes the different software module comprised in a computer-readable storage medium;Described module example The element realized such as any or all of software that can be included in shown in block diagram and/or be described herein as; Unrestricted as an example, first operating system module the 1086, second operating system module 1084 with And hypervisor module 1088.Then can use described system different software module and/or Submodule (as it has been described above, performing on one or more hardware processors 802) performs described method Step.Further, computer program can include computer-readable recording medium, and it has suitable Together in the code being performed to perform one or more method step described here, including for described System supplies described different software module.
Under any circumstance, it will be appreciated that the assembly being shown in which can hardware in a variety of manners, Software or combinations thereof realize;Such as, special IC (multiple) (ASIC), function Circuit, there are the one or more through properly programmed general purpose digital computer etc. of associative storage. Giving provided herein after the teachings of the present invention, the those of ordinary skill of correlative technology field can Other embodiment of the assembly of the conception present invention.
Term as used herein is intended merely to describe specific embodiment and be not intended as the present invention Restriction.As used herein, singulative " ", " one " and " being somebody's turn to do " are intended to wrap equally Include plural form, unless the context clearly dictates otherwise.It will also be understood that ought make in this description Used time, term " include " and/or " comprising " specify the characteristic of statement, integer, step, operation, Element and/or the existence of assembly, but it is not excluded that other characteristic one or more, integer, step, The existence of operation, element, assembly and/or a combination thereof or increase.
Counter structure, material, operation and the device of all function limitations in claim below Or the equivalent of step, it is intended to include any for other yuan specifically noted in the claims Part performs the structure of this function, material or operation combinedly.Give for example and illustration purpose The description of this invention, but described description is not intended to exhaustive or limit the invention to disclosed Form.In the case of without departing from scope and spirit of the present invention, general for art For logical technical staff, many modifications and variations all will be apparent from.Selection and description of the embodiments It is to most preferably explain the principle of the present invention and actual application, and specific when be suitable for being conceived During use so that other those of ordinary skill of art is it will be appreciated that having of the present invention is each Plant the various embodiments of amendment.

Claims (27)

1. there is a device for multiple security domain, including:
At least one user interface element;
First has isolated computational entity;
Second has isolated computational entity;
Switching device, it is configured to:
In the first mode, isolated described first computational entity be connected to described at least one User interface element;And
In a second mode, isolated described second computational entity be connected to described at least one User interface element;And
Share housing, its at least one user interface element described, described first isolated calculating Entity, described second isolate computational entity and described switching device, wherein:
Described first has isolated computational entity includes that the first calculating system, described first calculating system include First memory, and it is coupled to the first processor of described first memory;
Described second has isolated computational entity includes that the second calculating system, described second calculating system include The second memory isolated with described first memory, and be coupled to described second memory and with institute State the second processor of first processor isolation, wherein:
At least one user interface element described includes status user interface element;
Described first calculating system farther includes first interface state storage unit, described first interface State storage unit associates with described first processor, and be configured to storage described at least one have shape First state of state user interface element;
Described second calculating system farther includes the second Interface status memory cell, described second interface State storage unit and described second relational processor and with described first interface state storage unit every From, and be configured to storage described at least one have the second state of status user interface element;And
Described switching device is further configured to:
In described first mode, described first calculating system is connected to described at least one have Status user interface element, and make described first state can be used for described at least one have status user Interface element;And
In described second pattern, described second calculating system is connected to described at least one have Status user interface element, and make described second state can be used for described at least one have status user Interface element.
Device the most according to claim 1, wherein said switching device includes that mode switch is with described The first first group of input-output linkage calculating system relationship, and calculate system with described second Second group of input-output linkage of association.
Device the most according to claim 2, also includes at least one stateless user interface element, its Described in switching device be further configured to:
In described first mode, described first calculating system is connected at least one nothing described Status user interface element;And
In described second pattern, described second calculating system is connected at least one nothing described Status user interface element.
Device the most according to claim 3, also include by described first and second calculating systems share Cellular phone subsystem.
Device the most according to claim 3, also includes:
First short-distance wireless personal area network's module, it is coupled to described first calculating system;With And
Second short-distance wireless personal area network's module, it is coupled to described second calculating system.
Device the most according to claim 3, wherein said first calculating system has first medium and accesses Controlling address and described second calculating system has second medium accessing to control address, described device is also Including equipment region network router, described equipment region network router is hard-wired to receive packet And the given packet in described packet is routed to described first medium accessing to control address and described second In Media Access Control address one.
Device the most according to claim 3, wherein said device has Media Access Control address, for Described first calculating system distributes the first internet protocol address and for described second calculating system distribution the Two internet protocol addresses, described device also includes equipment region network router, described equipment region net Network router is hard-wired to receive packet and the given packet in described packet is routed to described first In internet protocol address and described second internet protocol address one.
Device the most according to claim 3, also includes at least one in following item: by described first With second calculate system share power supply, and by described first and second calculate systems share real-time Clock.
Device the most according to claim 3, also includes at least the 3rd calculating system, and the described 3rd calculates System includes and the 3rd memory and described first and second of described first and second memory isolation 3rd processor of processor isolation, and isolate with described first and second Interface status memory cell The 3rd Interface status memory cell, it is described that described 3rd Interface status memory cell is configured to storage At least one has the third state of status user interface element, wherein said switching device to be joined further It is set to:
In the 3rd pattern, described 3rd calculating system is connected to described at least one have status user Interface element and at least one stateless user interface element described, and make the described third state to use In described at least one have status user interface element.
Device the most according to claim 3, wherein said to have status user interface element to include following At least one in Xiang: display, video camera, touch-screen, and short-distance wireless personal area network Network module.
11. devices according to claim 3, wherein said stateless user interface element includes following At least one in Xiang: loudspeaker, headset connector, flash lamp, accelerometer, switch, button And GPS receiver.
12. devices according to claim 3, wherein said second memory is by becoming and described the One memory separate unit and isolate with described first memory.
13. devices according to claim 3, realize described first and second the most in one single Memory, but force to isolate described second memory with described first memory by hardware.
14. devices according to claim 3, wherein said first calculating system includes enterprise calculation system Unite, and wherein said second calculating system includes that nonbusiness calculates system.
15. devices according to claim 3, wherein said first calculating system includes the first nonbusiness Calculating system, and wherein said second calculating system includes that level of security is higher than described first nonbusiness Second nonbusiness of calculating system calculates system.
16. devices according to claim 3, also include user authentication unit, described user authentication list Unit provides authentication result and limits in described first and second calculating systems based on described authentication result The access of at least one.
17. devices according to claim 3, also include position sensor, wherein according to from described The signal of position sensor and control making at least one in described first and second calculating systems With.
18. devices according to claim 3, wherein said first and second calculating systems have following At least one in Xiang:
Different operating system;And
Different equipment compatibilities.
19. devices according to claim 3, wherein said first and second processors are different classes Type.
20. devices according to claim 1, wherein said switching device in response in following item extremely Few one:
Geographical position;
The direction of described device;
Accelerometer signal;
Touch-screen gesture;
Mechanical switch inputs;
Biological characteristic inputs;And
Software command.
21. devices according to claim 1, wherein:
At least one user interface element described includes status user interface element;
Described first has isolated computational entity includes first interface state storage unit, described first interface State storage unit be configured to storage described at least one have the first shape of status user interface element State;
Described second has isolated computational entity includes the second Interface status memory cell, described second interface State storage unit and described first interface state storage unit isolate and described in being configured to store at least One the second state having status user interface element;And
Described switching device is further configured to:
In described first mode, make described first state can be used for described at least one have state User interface element;And
In described second pattern, make described second state can be used for described at least one have state User interface element.
22. devices according to claim 21, wherein have the first and second registers isolated The single processing unit of storage realizes described first and second and has isolated computational entity.
23. devices according to claim 21, wherein under the management of system supervisor, have The single processing unit of the first and second operating systems of isolation realizes described first and second isolate Computational entity.
24. devices according to claim 21, wherein have multiple register and context control list The single processing unit of unit realizes described first and second and has isolated computational entity, described context control Unit processed uses and controls to pass through with at least the first and second context-sensitive context identifier marks The access to the plurality of register of described at least the first and second contexts, on described first and second Hereafter corresponding to described first and second patterns.
25. 1 kinds of methods with multiple security domain, including:
Thering is provided device, described device includes:
At least one user interface element;
First has isolated computational entity;
Second has isolated computational entity;
Switching device, it is configured to:
In the first mode, isolated described first computational entity be connected to described at least One user interface element;And
In a second mode, isolated described second computational entity be connected to described at least One user interface element;And
Share housing, its at least one user interface element described, described first isolate Computational entity, described second computational entity and described switching device are isolated;
Described device is operated in described first mode;And
Described device is switched to described second pattern from described first mode, wherein:
Described first has isolated computational entity includes that the first calculating system, described first calculating system include First memory, and it is coupled to the first processor of described first memory;
Described second has isolated computational entity includes that the second calculating system, described second calculating system include The second memory isolated with described first memory, and be coupled to described second memory and with institute State the second processor of first processor isolation,
Wherein:
In described offer step:
At least one user interface element described includes status user interface element;
Described first calculating system farther includes first interface state storage unit, and described first Interface status memory cell associate with described first processor and be configured to storage described at least one have First state of status user interface element;
Described second calculating system farther includes the second Interface status memory cell, and described second Interface status memory cell and described second relational processor and with described first interface state storage unit Isolation, and be configured to storage described at least one have the second state of status user interface element;With And
Described switching device is further configured to:
In described first mode, described first calculating system is connected to described at least one Individual have a status user interface element, and make described first state can be used for described at least one have state User interface element;And
In described second pattern, described second calculating system is connected to described at least one Individual have a status user interface element, and make described second state can be used for described at least one have state User interface element;
Described switch step farther include to make described second state can be used for described at least one have state User interface element.
26. methods according to claim 25, wherein said first calculating system has first medium and visits Ask that control address and described second calculating system have second medium accessing to control address, described method Also include:
Packet is received at equipment region network router;And
Given packet in described packet is routed to described first medium accessing to control address and described In second medium accessing to control address one.
27. methods according to claim 25, wherein said device has Media Access Control address, Distribute the first internet protocol address for described first calculating system and distribute for described second calculating system Second internet protocol address, described method also includes:
Packet is received at equipment region network router;And
Given packet in described packet is routed to described first internet protocol address and described second net In internet protocol address one.
CN201280053497.2A 2011-11-04 2012-11-02 There is the mobile device of multiple security domain Active CN103959203B (en)

Applications Claiming Priority (9)

Application Number Priority Date Filing Date Title
US201161555673P 2011-11-04 2011-11-04
US61/555,673 2011-11-04
US201261596492P 2012-02-08 2012-02-08
US61/596,492 2012-02-08
US13/408,170 2012-02-29
US13/408,170 US8850557B2 (en) 2012-02-29 2012-02-29 Processor and data processing method with non-hierarchical computer security enhancements for context states
US201261611352P 2012-03-15 2012-03-15
US61/611,352 2012-03-15
PCT/US2012/063144 WO2013067243A1 (en) 2011-11-04 2012-11-02 Mobile device with multiple security domains

Publications (2)

Publication Number Publication Date
CN103959203A CN103959203A (en) 2014-07-30
CN103959203B true CN103959203B (en) 2016-09-07

Family

ID=48192786

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201280053497.2A Active CN103959203B (en) 2011-11-04 2012-11-02 There is the mobile device of multiple security domain

Country Status (2)

Country Link
CN (1) CN103959203B (en)
WO (1) WO2013067243A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2931289C (en) * 2013-11-21 2023-10-17 Graphite Software Corporation Managed domains for remote content and configuration control on mobile information devices
BR112017019778B1 (en) 2015-03-31 2022-05-10 Dow Global Technologies Llc Binder composition and ink formulation
CN105138320B (en) * 2015-07-30 2018-09-04 广东欧珀移动通信有限公司 Control the method and relevant device of screen display direction
CN105653317A (en) * 2015-12-24 2016-06-08 宇龙计算机通信科技(深圳)有限公司 Application downloading and installing method and terminal device
JP6964658B2 (en) * 2016-08-25 2021-11-10 ジョン,ジェ ラク Data processing terminals that can operate in a variety of modes and related methods
CN110781528B (en) * 2019-09-26 2022-03-22 深圳金澜汉源科技有限公司 Collaborative secure operating system and electronic device
US20220197110A1 (en) * 2020-12-21 2022-06-23 Lenovo (Singapore) Pte. Ltd. Electrically controlled privacy shutter
CN113050801A (en) * 2021-03-31 2021-06-29 联想(北京)有限公司 Control method and electronic device
CN115657879B (en) * 2022-12-09 2023-04-07 北京小米移动软件有限公司 Input control method, device, equipment and medium based on heterogeneous operating system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101274498A (en) * 2007-03-30 2008-10-01 深圳富泰宏精密工业有限公司 Case of electronic device and manufacturing method therefor
CN102150409A (en) * 2008-07-09 2011-08-10 波音公司 Secure high performance multi-level security database systems and methods

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7860974B2 (en) * 2002-05-31 2010-12-28 Sap Ag Providing stateful favorites
US7278116B2 (en) * 2003-04-03 2007-10-02 International Business Machines Corporation Mode switching for ad hoc checkbox selection
US7707399B2 (en) * 2004-04-23 2010-04-27 Intel Corporation Adjusting depiction of user interface based upon state
US20100037204A1 (en) * 2008-08-07 2010-02-11 Google Inc. Content Distribution for Mobile Device
US8019837B2 (en) * 2009-01-14 2011-09-13 International Business Machines Corporation Providing network identity for virtual machines
US8499304B2 (en) * 2009-12-15 2013-07-30 At&T Mobility Ii Llc Multiple mode mobile device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101274498A (en) * 2007-03-30 2008-10-01 深圳富泰宏精密工业有限公司 Case of electronic device and manufacturing method therefor
CN102150409A (en) * 2008-07-09 2011-08-10 波音公司 Secure high performance multi-level security database systems and methods

Also Published As

Publication number Publication date
CN103959203A (en) 2014-07-30
WO2013067243A1 (en) 2013-05-10

Similar Documents

Publication Publication Date Title
CN103959203B (en) There is the mobile device of multiple security domain
US9842207B2 (en) Mobile device with multiple security domains
US8438256B2 (en) Migrating functionality in virtualized mobile devices
US8233882B2 (en) Providing security in mobile devices via a virtualization software layer
US8219063B2 (en) Controlling usage in mobile devices via a virtualization software layer
EP3235165B1 (en) Trusted computing base evidence binding for a migratable virtual machine
US8302094B2 (en) Routing a physical device request using transformer stack to an equivalent physical device in a virtualized mobile device
US8341749B2 (en) Preventing malware attacks in virtualized mobile devices
CN104584024B (en) The various equipment of the unlocking mechanism based on different stage is allowed to access
CN104838388B (en) Secure local web application data management system
US9667703B1 (en) System, method and computer program product for generating remote views in a virtual mobile device platform
US9239934B2 (en) Mobile computing system for providing high-security execution environment
CN109587106A (en) Cross-domain safety in the cloud of password subregion
CN105849697A (en) Method and apparatus for upgrading operating system of electronic device
US20170286320A1 (en) Avoiding redundant memory encryption in a cryptographic protection system
JP2013254304A (en) Information processing apparatus, information processing method, and program
CN110457935A (en) A kind of authority configuring method and terminal device
TW200417216A (en) Control of access to a memory by a device
CN104657225A (en) OKL4 embedded virtual platform-based cross-Cell data transmission system
CN110084004A (en) A kind of authority configuring method and terminal device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant