CN105279455A - Security architecture of mobile device and running method of application - Google Patents
Security architecture of mobile device and running method of application Download PDFInfo
- Publication number
- CN105279455A CN105279455A CN201510611310.1A CN201510611310A CN105279455A CN 105279455 A CN105279455 A CN 105279455A CN 201510611310 A CN201510611310 A CN 201510611310A CN 105279455 A CN105279455 A CN 105279455A
- Authority
- CN
- China
- Prior art keywords
- hardware structure
- operating system
- application program
- applicable
- mobile device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Storage Device Security (AREA)
Abstract
This invention is applicable to the field of mobile devices, and provides a security architecture of the mobile device and a running method of an application. The security architecture of the mobile device comprises the steps of running a first operating system to identify and run a first hardware architecture applicable to the applications of the system and running a second operating system to identify and run a second hardware architecture applicable to the applications of the system; each of the first hardware architecture and the second hardware architecture at least comprises an application processor and a storage device connected with the application processor. The security architecture and the running method provided by this invention have at least two beneficial effects; firstly, the device is capable of using the application with two types of different operating environments; the applications with special security requirements can be run in the operating system environment which is completely separated from other applications; secondly, two operating environments of the operating system with physically separated hardwares are adopted, thus the malicious application of the open system cannot steal any privacy information of the other system in terms of the hardware architecture, and the safety and reliability of the mobile device are improved.
Description
Technical field
The invention belongs to field of mobile equipment, particularly relate to a kind of mobile device security architecture and application program operation method.
Background technology
Operating system (OperatingSystem is called for short OS) is the operating system for managing and control mobile device hardware and software resource.Wherein, open operating system, such as Android and Windows, can support install voluntarily and unload application program, and the application program that user can be liked by web download oneself is installed, and the intellectuality brought to enjoy smart mobile phone is experienced.
A usual mobile device only installs a wherein type operating system, run the application program meeting its running environment accordingly, this brings some inconvenience to the application programs use on the mobile apparatus of some proprietary system, sometimes use on same equipment to make it, hard mental and physical efforts are again developed and are applicable to development system version (as Android), but this makes again follow-up maintenance cost height enterprise; Or the virtual machine of another operating system of operation support in an operating system, and its application program is run on this virtual machine architecture, this can cause the Application sharing running environment of specific application and the latter and bring the misgivings of secure context.
In existing mobile device, the security breaches that may exist due to existing operating system cause being difficult to prevent malicious application from controlling the sensitive equipment in external unit and steal the confidential data of user.Its reason is, the security protection of existing mobile device, in fact belong to other protection of driving stage of application or operating system, the behavior that the malicious application thus security breaches utilizing operating system to exist having been stolen to the root authority of system steals privacy of user data is often helpless.Therefore must by means of new departure of richer technology content.
Summary of the invention
The object of the embodiment of the present invention is to provide a kind of mobile device security architecture and application program operation method; be intended to solve in existing mobile device operation system; other malicious application of operating system grade cannot be taken precautions against, be difficult to protect the important information of user and the problem being unfavorable for the security of raising system.
The embodiment of the present invention is achieved in that a kind of mobile device security architecture, comprising:
Run the first operating system, identify and run the first hardware structure being applicable to this systematic difference program;
Run the second operating system, identify and run the second hardware structure being applicable to the application program of described second operating system being applicable to this system;
Described first hardware structure and described second hardware structure self at least comprise an application processor, are connected in the memory device of described application processor;
Wherein, described first operating system and described second operating system are identical or different mobile device operation system, and described first operating system and described second operating system are run in same mobile device.
Further, described first hardware structure connects described second hardware structure by I/O port, and form internal data transfer passage, described I/O port comprises at least one in serial line interface, parallel interface.
Further, described first hardware structure offers the physical switch cutting off described internal data transfer passage.
Further, described first hardware structure and described second hardware structure comprise electric power management circuit and audio encoding/decoding apparatus respectively, or described first hardware structure and described second hardware structure share same electric power management circuit and same audio encoding/decoding apparatus.
Further, described first hardware structure also comprises:
To input data deciphering, to the data encrypting and deciphering equipment exporting data encryption.
Further, adopt principal and subordinate's hardware structure between described first hardware structure and described second hardware structure, described first hardware structure controls the opening and closing of described second hardware structure.
Another object of the embodiment of the present invention is to provide a kind of application program operation method based on above-mentioned mobile device security architecture, comprising:
Described first hardware structure determines the identification parameter of the application program being applicable to described first operating system;
Described second hardware structure determines the identification parameter of the application program being applicable to described second operating system;
Described first hardware structure, according to the identification parameter of application program being applicable to described first operating system, identifies the application program being applicable to described first operating system, runs the application program being applicable to described first operating system;
Described second hardware structure, according to the identification parameter of application program being applicable to described second operating system, identifies the application program being applicable to described second operating system, runs the application program being applicable to described second operating system.
In the present invention; first hardware structure runs the application program being applicable to described first operating system; second hardware structure runs the application program being applicable to described second operating system; form two physically-isolated operating system environment of hardware; solve in existing mobile device operation system; other malicious application of operating system grade cannot be taken precautions against, be difficult to protect the important information of user and the problem being unfavorable for the security of raising system.Beneficial effect is two aspects, one is the program can running different operating system on the same device, widen the range of application of mobile device, make some specific applications can continue to run, also be conducive to having safely the application of particular/special requirement to customize to some, make it to operate in and apply in completely isolated operating system environment with open system; It two is the physically-isolated operating system environment of employing two hardware, ensure that the malicious application of open system cannot steal any privacy information of another system from hardware structure, also ensure that the malicious application of the root authority for the equipment that utilized Loopholes of OS to steal in open system can effectively be taken precautions against thoroughly, make sensitive equipment need could normally to run after described first hardware structure mandate, be conducive to the safety and reliability improving mobile device.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of the mobile device security architecture that the embodiment of the present invention provides;
Fig. 2 is the realization flow figure of the application program operation method based on mobile device security architecture that the embodiment of the present invention provides;
Fig. 3 is the status information of the transmission inside that the embodiment of the present invention provides and the implementing procedure figure of control information.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
embodiment one
With reference to the structured flowchart that figure 1, Fig. 1 is the mobile device security architecture that the embodiment of the present invention provides, details are as follows:
Run the first operating system, identification run and be applicable to the first hardware structure of the application program of described first operating system;
Run the second operating system, identification run and be applicable to the second hardware structure of the application program of described second operating system;
Described first hardware structure and described second hardware structure self at least comprise an application processor, are connected in the memory device of described application processor;
Wherein, described first operating system and described second operating system are identical or different mobile device operation system, and described first operating system and described second operating system are run in corresponding hardware structure in same mobile device.
Described mobile device, includes but not limited to:
Handheld intelligent terminal device, as smart mobile phone, Intelligent flat;
Wearable device, as intelligent watch;
Mobile office equipment, as notebook computer;
The intelligent control device of removable deployment, as Internet of Things control device, automobile middle control equipment, Intelligent household central control equipment etc.
Wherein, described in be applicable to the first operating system application program refer to based on the Framework of the first operating system and application interface design, operate in the program in the first operating system environment; The application program being applicable to the second operating system refers to based on the Framework of the second operating system and application interface design, operates in the program in the second operating system environment.
Wherein, described first hardware structure, specifically for according to the content of loading application programs and the identification parameter of application program being applicable to described first operating system, identifies and processes the application program being applicable to described first operating system;
Described second hardware structure, specifically for according to the content of loading application programs and the identification parameter of application program being applicable to described second operating system, identifies and processes the application program being applicable to described second operating system.
Wherein, described memory device comprises RAM equipment and ROM equipment.
Wherein, when described first hardware structure runs and is applicable to the application program of described first operating system, adopt the mode of ciphertext, the data of the application program being applicable to described first operating system are encrypted;
By the data of encryption, be kept in file or database.
Wherein, when described first hardware structure and external network carry out data interaction, adopt the mode of hardware encipher, by data encryption to be sent, by the data deciphering received.
Wherein, described first hardware structure and described second hardware structure can form a completely independently mobile device.
Wherein, the first operating system includes but not limited to Android, iOS and Windowsphone.
Second operating system includes but not limited to Android, iOS and Windowphone.
Preferably, the first operating system adopt special OS or through bottom reinforce, apply limited open OS, be mainly used in secure communication and business processing; Second operating system selects the operating system of exploitation.Both possess all functions of mobile device.
In the present embodiment, first operating system and the second operating system adopt hardware physical isolation, even if one of them operating system is attacked by virus or wooden horse etc. and is become dangerous, also can not affect the program in another one operating system and data, therefore stop the potential safety hazard that mobile device exists.
embodiment two
Fig. 2 is the realization flow figure of the application program operation method based on mobile device security architecture that the embodiment of the present invention provides, and details are as follows:
S201, described first hardware structure determines the identification parameter of the application program being applicable to described first operating system;
S202, described second hardware structure determines the identification parameter of the application program being applicable to described second operating system;
S203, described first hardware structure, according to the identification parameter of application program being applicable to described first operating system, identifies the application program being applicable to described first operating system, runs the application program being applicable to described first operating system;
S204, described second hardware structure, according to the identification parameter of application program being applicable to described second operating system, identifies the application program being applicable to described second operating system, runs the application program being applicable to described second operating system.
Described application program operation method, also comprises:
Described first hardware structure adopts password protection mechanism, verifies the identity of user.
In the present embodiment, it is hardware physical isolation between first operating system and the second operating system, two operating system is all independently systems, be independent of each other between system, even if one of them operating system is attacked by virus or wooden horse etc. and is become dangerous, also can not affect the program in another one operating system and data, therefore improve the security of system.
embodiment three
Fig. 3 is the status information of the transmission inside that the embodiment of the present invention provides and the implementing procedure figure of control information, and details are as follows:
S301, described first hardware structure sets up the internal data transfer passage be connected with described second hardware structure;
S302, described first hardware structure, by described internal data transfer passage, transmits inner status information and control information.
In the present embodiment, internal data transfer passage only transmits inner status information and control information, does not provide data, services to third party application, improves the security that mobile device internal information is transmitted.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required common hardware by software and realizes.Described program can be stored in read/write memory medium, described storage medium, as random access memory, flash memory, ROM (read-only memory), programmable read only memory, electrically erasable programmable storer, register etc.This storage medium is positioned at storer, and processor reads the information in storer, performs the method described in each embodiment of the present invention in conjunction with its hardware.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.
Claims (9)
1. a mobile device security architecture, is characterized in that, comprising:
Run the first operating system, identification run and be applicable to the first hardware structure of the application program of described first operating system;
Run the second operating system, identification run and be applicable to the second hardware structure of the application program of described second operating system;
Described first hardware structure and described second hardware structure self at least comprise an application processor, are connected in the memory device of described application processor;
Wherein, described first operating system and described second operating system are identical or different mobile device operation system, and described first operating system and described second operating system are run in corresponding hardware structure in same mobile device.
2. mobile device security architecture as claimed in claim 1, it is characterized in that, described first hardware structure connects described second hardware structure by I/O port, and form internal data transfer passage, described I/O port comprises at least one in serial line interface, parallel interface.
3. mobile device security architecture as claimed in claim 1, it is characterized in that, described first hardware structure offers the physical switch cutting off described internal data transfer passage.
4. mobile device security architecture as claimed in claim 1, it is characterized in that, described first hardware structure and described second hardware structure comprise electric power management circuit and audio encoding/decoding apparatus respectively, or described first hardware structure and described second hardware structure share same electric power management circuit and same audio encoding/decoding apparatus.
5. mobile device security architecture as claimed in claim 1, it is characterized in that, described first hardware structure also comprises:
To input data deciphering, to the data encrypting and deciphering equipment exporting data encryption.
6. mobile device security architecture as claimed in claim 1, is characterized in that, adopt principal and subordinate's hardware structure between described first hardware structure and described second hardware structure, and described first hardware structure controls the opening and closing of described second hardware structure.
7., based on an application program operation method for mobile device security architecture according to claim 1, it is characterized in that, comprising:
Described first hardware structure determines the identification parameter of the application program being applicable to described first operating system;
Described second hardware structure determines the identification parameter of the application program being applicable to described second operating system;
Described first hardware structure, according to the identification parameter of application program being applicable to described first operating system, identifies the application program being applicable to described first operating system, runs the application program being applicable to described first operating system;
Described second hardware structure, according to the identification parameter of application program being applicable to described second operating system, identifies the application program being applicable to described second operating system, runs the application program being applicable to described second operating system.
8. application program operation method as claimed in claim 7, it is characterized in that, described application program operation method, also comprises:
Described first hardware structure adopts password protection mechanism, verifies the identity of user.
9. application program operation method as claimed in claim 7, described application program operation method, also comprises:
Described first hardware structure sets up the internal data transfer passage be connected with described second hardware structure;
Described first hardware structure, by described internal data transfer passage, transmits inner status information and control information.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510611310.1A CN105279455A (en) | 2015-09-23 | 2015-09-23 | Security architecture of mobile device and running method of application |
| CN201610841885.7A CN106548095A (en) | 2015-09-23 | 2016-09-22 | External equipment connects control method and device |
| CN201610843244.5A CN106548096B (en) | 2015-09-23 | 2016-09-22 | Data transmission method and device |
| CN201610842243.9A CN106549934B (en) | 2015-09-23 | 2016-09-22 | Network equipment safety system |
| CN201610843589.0A CN106548097A (en) | 2015-09-23 | 2016-09-22 | The operation method and device of network device software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510611310.1A CN105279455A (en) | 2015-09-23 | 2015-09-23 | Security architecture of mobile device and running method of application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105279455A true CN105279455A (en) | 2016-01-27 |
Family
ID=55148444
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510611310.1A Withdrawn CN105279455A (en) | 2015-09-23 | 2015-09-23 | Security architecture of mobile device and running method of application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105279455A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812364A (en) * | 2016-03-11 | 2016-07-27 | 深圳市全智达科技有限公司 | Data transmission method and device |
| CN107077578A (en) * | 2016-12-28 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Processing method, device and the electronic equipment of robot instruction |
| WO2017185582A1 (en) * | 2016-04-28 | 2017-11-02 | 深圳市金立通信设备有限公司 | Data processing method, accessing method, and terminal |
-
2015
- 2015-09-23 CN CN201510611310.1A patent/CN105279455A/en not_active Withdrawn
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812364A (en) * | 2016-03-11 | 2016-07-27 | 深圳市全智达科技有限公司 | Data transmission method and device |
| WO2017185582A1 (en) * | 2016-04-28 | 2017-11-02 | 深圳市金立通信设备有限公司 | Data processing method, accessing method, and terminal |
| CN107077578A (en) * | 2016-12-28 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Processing method, device and the electronic equipment of robot instruction |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11509485B2 (en) | Identity authentication method and system, and computing device | |
| US10372919B1 (en) | Protecting virtual machine data in cloud environments | |
| US8819767B2 (en) | Method for securing data and/or applications in a cloud computing architecture | |
| US8977842B1 (en) | Hypervisor enabled secure inter-container communications | |
| US9775024B2 (en) | Method for changing MNO in embedded SIM on basis of dynamic key generation and embedded SIM and recording medium therefor | |
| Karnouskos | Stuxnet worm impact on industrial cyber-physical system security | |
| EP2909786B1 (en) | Controlling mobile device access to secure data | |
| US9218494B2 (en) | Secure client drive mapping and file storage system for mobile device management type security | |
| US11061832B2 (en) | Hacking-resistant computer design | |
| WO2018175352A1 (en) | Systems and methods for enforcing dynamic network security policies | |
| US20200104528A1 (en) | Data processing method, device and system | |
| CN111082940A (en) | Internet of things equipment control method and device, computing equipment and storage medium | |
| US20140331285A1 (en) | Mobile Device Locking with Context | |
| CN103843303A (en) | Management control method, device and system for virtual machine | |
| US10015173B1 (en) | Systems and methods for location-aware access to cloud data stores | |
| CN104904178A (en) | Providing virtualized private network tunnels | |
| US10523427B2 (en) | Systems and methods for management controller management of key encryption key | |
| CN109804598B (en) | Method, system and computer readable medium for information processing | |
| JP2023552421A (en) | Remote management of hardware security modules | |
| US20210021418A1 (en) | Centralized volume encryption key management for edge devices with trusted platform modules | |
| CN105279455A (en) | Security architecture of mobile device and running method of application | |
| CN105812364A (en) | Data transmission method and device | |
| CN105260678A (en) | Mobile equipment and equipment operating method | |
| KR20190054763A (en) | File leakage prevention based on security file system and commonly used file access interface | |
| CN104811446A (en) | Novel network safety protection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C04 | Withdrawal of patent application after publication (patent law 2001) | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160127 |