CN106548077A - Communication system and electronic equipment - Google Patents
Communication system and electronic equipment Download PDFInfo
- Publication number
- CN106548077A CN106548077A CN201610910915.5A CN201610910915A CN106548077A CN 106548077 A CN106548077 A CN 106548077A CN 201610910915 A CN201610910915 A CN 201610910915A CN 106548077 A CN106548077 A CN 106548077A
- Authority
- CN
- China
- Prior art keywords
- driving
- performing environment
- passage
- credible
- common
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Abstract
The present invention relates to communication system and electronic equipment.More particularly to a kind of communication system of the communication between common performing environment and credible performing environment, wherein, communication system includes:Common performing environment and credible performing environment, wherein, credible performing environment is isolated with common performing environment;Operating system and application can have been run in credible performing environment and common performing environment, communication system also includes driving division unit, during its main driving is divided into credible performing environment or common performing environment according to the safety and availability for driving by the driving division unit respectively, and its virtual drive is correspondingly divided in another performing environment.
Description
Technical field
The present invention relates to a kind of communication system of communication between common performing environment and credible performing environment and
Using the electronic equipment of the communication system.
Background technology
Credible performing environment TEE (Trusted Execution Environment) secure runtime environment in other words
The basic thought of (safe runtime environment) is:In addition to normal operating system, there is provided one therewith every
From SOS, and operate on the hardware foundation of a set of isolation, this SOS is thus referred to as TEE.
It is known shielded region to be generated in microprocessor unit by ARM trusted domain (trust zone) technology and be used as
TEE.The TEE is used for running the application for referred to as trusting small routine (trustlet).ARM is propped up in the design of chip I P comprehensively
TEE, current high pass, Lian Fake, Samsung, Hai Si, spreadtrum etc. are held and TEE have all been supported on hardware.The X86 framves of Intel
The MIPS frameworks of structure and Imagination, are also all successively proposed similar solution.And these solutions are present jointly
Problem be that passage between common performing environment REE and credible performing environment TEE is realized with single channel so that passage
Design is complicated, and maintenance difficulties are larger and communication efficiency is low.
The content of the invention
The technical problem to be solved in the present invention be by drive division realize common performing environment and credible performing environment it
Between simplify and efficiency improve communication.
To solve the technical problem, the present invention proposes a kind of between common performing environment and credible performing environment
The communication system of communication, wherein, communication system includes:Common performing environment and credible performing environment, wherein, credible performing environment
Isolate with common performing environment;Operating system and application can be run in credible performing environment and common performing environment, led to
Letter system also includes driving division unit, and the driving division unit performs following steps:
The safety of the driving that will be run in communication system is assessed,
If the safety of the driving is more than the first safety threshold, the main driving of the driving is divided into into credible holding
Row environment, in the virtual drive of the common execution environment setting driving;
If the safety of the driving is below the second safety threshold, the main driving of the driving is divided into and is commonly held
Row environment, in the virtual drive of the credible execution environment setting driving;
If the safety for driving is located between the first safety threshold and the second safety threshold, the driving is checked
Availability and realizability;
If availability is below availability threshold value and realizability is more than realizability threshold value, the master that will be driven
Driving is divided into credible performing environment and the virtual drive in the common execution environment setting driving, otherwise divides the driving
To common performing environment and in the virtual drive of the credible execution environment setting driving.
In one embodiment of the invention, division unit is driven by DRM drivings, webcam driver, network-driven, GPS
Drive and the main driving of storage driving is divided into common performing environment;And/or
Main driving in iris-driven with regard to data transfer, the driving of data analysiss is divided into into credible performing environment, will
The main driving that other in iris-driven drive is divided into common performing environment;And/or
The main driving that NFC drives is divided into into common performing environment;And/or
Main driving during fingerprint is driven about data transfer, the driving of data analysiss is divided into credible performing environment, will
Fingerprint interrupts the main driving of the driving initiated and is divided into common performing environment about sharing periphery in driving;And/or
SE is driven and is divided into credible performing environment;And/or
The main driving for supporting the driving of trusted users interface is arranged on into common performing environment and credible performing environment.
In one embodiment of the invention, support trusted users interface driving include LCD drive, touch screen drive and
I2C drives.
In one embodiment of the invention, the safety of common performing environment is less than credible performing environment, common to perform
Environment includes the security arrangement Container of security arrangement Hypervisor and safety less than Hypervisor again, wherein,
Hypervisor is mutually isolated with Container, drives division unit to be respectively provided with the main driving for being divided into the driving of REE sides
To in Container or Hypervisor.
In one embodiment of the invention, it is initial in the environment of common performing environment, Container and Hypervisor
Change from credible performing environment to initiate and detect, wherein, credible performing environment guides and initializes Hypervisor,
Hypervisor is rebooted and is initialized Container.
In one embodiment of the invention, communication system also includes:Common performing environment is arranged in credible execution ring
Application passage between border, passage and scheduling and control passage are driven, wherein, using passage in common performing environment and can
Communication between the application program of letter performing environment;Passage is driven to be used to operate in common performing environment and credible performing environment
Communication between driving;And, scheduling is used for scheduling and control command in common performing environment and credible execution with control passage
Communication between environment.
In one embodiment of the invention, it is respectively arranged at control passage using passage, driving passage and scheduling general
Shared drive between logical performing environment and credible performing environment, it is separate between the shared drive for different passages.
In one embodiment of the invention, each include forward direction with control passage using passage, driving passage and scheduling
Passage and backward channel, wherein, forward channel is for the messaging in the transmit queue of common performing environment is held to credible
In the receiving queue of row environment, backward channel for by the messaging in the transmit queue of credible performing environment to common execution
In the receiving queue of environment.
In one embodiment of the invention, in common performing environment and the respective transmit queue of credible performing environment and connect
The type of message and message content of message that is to be sent or being received are preserved in receiving queue, so as to via meeting type of message
Passage sends or receives each message.
In one embodiment of the invention, client application, main driving, virtual can have been run in common performing environment
Drive and/or processor core, trusted application, main driving, virtual drive and/or process can have been run in credible performing environment
Device core.
In one embodiment of the invention, passage is driven to be configured to in common performing environment and credible performing environment
Between, communicate between virtual drive and main driving, to realize the driving between common performing environment and credible performing environment
It is shared.
In one embodiment of the invention, in the case where common performing environment calls specific driving, if can
There is the main driving of the driving and there is the virtual drive of the driving in common performing environment in letter performing environment, common performing environment
The virtual drive for being arranged on the common performing environment of the driving is called, so that the information relevant with the driving is triggered via driving
The forward channel of passage is sent to the corresponding main driving of credible performing environment, and then main the driving is called and by after process
The information of gained is back to the virtual drive of common performing environment via the backward channel for driving passage, and, in credible execution
In the case that environment calls specifically drive, if there is the virtual drive of the driving in credible performing environment and commonly performing
There is the main driving of the driving in environment, credible performing environment calls the virtual drive for being arranged on the credible performing environment of the driving
It is dynamic, common performing environment corresponding is sent to via the backward channel for driving passage so as to trigger the information relevant with the driving
Main driving, and then this main drives called and the information of gained after process is back to via the forward channel for driving passage can
The virtual drive of letter performing environment.
The invention allows for a kind of electronic equipment, it is characterised in that include:Communication system of the invention and net
Network interface and peripheral interface, wherein, user can be applied via network interface or peripheral interface and will
The application is installed on communication system, and user can also run different applications by communication system.
By the driving dividing mode of the present invention, which can be neatly placed according to the safety and availability that drive
In credible running environment or common running environment, to improve safety in operation and efficiency.
Description of the drawings
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be in embodiment or description of the prior art
The required accompanying drawing for using is briefly described, it should be apparent that, drawings in the following description are only some realities of the present invention
Example is applied, for those of ordinary skill in the art, on the premise of not paying creative work, can be with according to these accompanying drawings
Obtain other accompanying drawings.Wherein:
Fig. 1 schematically shows a kind of multi-channel communication systems of the communication between REE and TEE.
Fig. 2 schematically shows one embodiment for driving passage of the invention.
Fig. 3 schematically shows the workflow of the driving division unit.
Fig. 4 schematically shows the security arrangement of multi-channel communication systems of the invention.
Fig. 5 schematically shows the virtual docking mode between REE and TEE.
Fig. 6 schematically shows the schematic diagram of the working method of kernel scheduling unit of the invention.
Fig. 7 schematically shows the workflow for interrupting control unit of the invention.
Fig. 8 schematically shows electronic equipment of the invention.
For scanning property, it is that same or equivalent element is marked with identical reference through all accompanying drawings.Accompanying drawing is only
For schematic, element therein is without the need for perspec-tive.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than the embodiment of whole.
A kind of embodiments in accordance with the present invention, it is proposed that multi-channel communication systems of the communication between REE and TEE.
The TEE that the multi-channel communication systems are included REE and isolated with REE, in TEE and REE, operation has operating system and application, example
Such as, in REE sides, operation has client application, main driving, virtual drive and/or processor core, and in TEE sides, operation has credible answering
With, main driving, virtual drive and/or processor core;Also include the application passage being arranged between REE and TEE, drive passage
With scheduling and control passage.Wherein, the communication of the application program being configured to using passage between REE and TEE;Drive passage structure
Build be between REE and TEE for operation driving between communication;And, scheduling with control passage be configured to REE with
Between TEE for scheduling and control command communication.
Embodiments in accordance with the present invention, using passage, drive passage and scheduling mutually isolated and can with control passage
Parallel communicationss.Such that it is able to bio-identification, mobile payment, digital publishing rights guarantor are expeditiously solved on a mobile terminal simultaneously
The multiclass safety problems such as shield, secure localization, Internet of Things safety.
Conversely, the shortcoming of single-pass configuration is:
(1) complex structural designs of passage.Due to using single channel, TEE sides to need to parse the information of REE sides,
Communicated by the loader object that accesses corresponding with TEE sides., whereas if TEE sides have application that the journey of REE sides is called
Sequence, driving etc., also can only be communicated by this passage.For the data structure of the operations such as driving, application, scheduling will make
The passage is used, in a kind of communication, great difficulty is brought to design and realization comprising numerous types of data.
(2) software design idea of lower coupling is not met, and very big difficulty is there is for safeguarding and upgrading.Passage
Upgrading is likely to result in influencing each other for corresponding module, easily produces mistake.
(3) inefficiency.Single channel cannot realize the different types of concurrent processing such as concurrent processing data, driving.
Embodiments in accordance with the present invention, for using passage, passage and scheduling and control passage is driven, are separately positioned on
Shared drive between REE sides and TEE sides, it is separate between the shared drive for different passages.By shared drive,
Transmission of the different types of data in different passages is realized between REE and TEE.
In other words, REE sides the internal memory portion that can be shared with TEE are provided in for realizing the shared drive of different passages
Point, belong to untrusted internal memory (internal memory for being arranged on TEE sides is the credible internal memory of REE sides inaccessible), and can be by patrolling
Volume divide mode realize it is separate between the internal memory of different passages.For example, can be different passages divide it is fixed,
Separate region of memory, or the region of memory for distributing to each passage can be adjusted in each run as needed, every time
After adjustment, ensure each interchannel independence yet by logical partitioning.
For example, the data transfer of each passage is as follows:
First, load data into the shared drive of different passages;Then, data are read in REE or TEE sides;Next,
REE or TEE lateral roots are made to data and identify and be encapsulated into inside different data structures, then put data according to data type
In corresponding work queue, wait to be treated.
As the internal memory for different passages is separate, virtual " passage " is naturally also mutually isolated.By this side
Formula, different types of data are transmitted via designated lane, realize completely concurrency, and make it possible to support " many
TEE " frameworks, i.e. communicate while the multiple virtual machines virtually dissolved in TEE sides.
Embodiments in accordance with the present invention, using passage, drive passage and scheduling that either simplex can be respectively adopted with control passage
Mode, and each include forward channel and backward channel, wherein, forward channel is for by the transmit queue of REE sides
Messaging in the receiving queue of TEE sides, backward channel for by the messaging in the transmit queue of TEE sides to REE sides
Receiving queue in.Which further increases " concurrency ", and reduce the error probability in data transfer.Using logical
Road, driving passage and scheduling can also adopt the communication mode of half-duplex or duplex with control passage, correspondingly forward channel
Can also be tunnel with backward channel, can be realized by switching or competing conjunction.
Embodiments in accordance with the present invention, preserve pending in the respective transmit queue in REE sides and TEE sides and receiving queue
The type of message and message content of the message sent or received, so as to sending via the passage for meeting type of message or receiving each
Message.Simply can realize by this way for message to be sent being divided into correct passage.
Embodiments in accordance with the present invention, using the application protocol of passage carrying standard, as met 1 standard of GPTEE notes
Client API。
Embodiments in accordance with the present invention, drive passage to be configured to between REE and TEE, in virtual drive and main drive
Communicate between dynamic, shared with the driving realized between REE and TEE.
The scheme of the embodiment of the present invention with TEE technologies as core, towards but be not limited to support ARM Trustzone extension
Processor chips, by multi-level operational approach proposed by the invention, can on a mobile terminal simultaneously high efficiency
Ground solves the multiclass safety problems such as bio-identification, mobile payment, digital copyright protecting, secure localization, Internet of Things safety.
The framework of TEE can substantially be divided into three layers, include hardware layer, TEE OS (operating system) layer, and TA
(Trusted Application trusted applications) layer.Multi-channel communication systems according to embodiments of the present invention are in TEEOS layer realities
Existing.
Fig. 1 shows a kind of multi-channel communication systems of communication between REE and TEE according to embodiments of the present invention
100.As shown in figure 1, the TEE 102 that the multi-channel communication systems 100 are included REE 101 and isolated with REE 101, wherein,
In TEE 102 and REE 101, operation has operating system and application, and for example, the operation at 101 ends of REE has client application, master
Driving, virtual drive and/or processor core, the operation at 102 ends of TEE have trusted application, main driving, virtual drive and/or place
Reason device core.
TEE (trusted execution environment) is a secure execution environments, it and common performing environment
(REE) isolate between, and operating system and application can be separately operable in two performing environments.So as to need in TEE and REE
Between provide passage for data transfer.
Therefore, multi-channel communication systems 100 also include being arranged on application passage 103 between REE 101 and TEE 102,
Passage 104 and scheduling and control passage 105 are driven, wherein, answering in REE 101 and TEE 102 is configured to using passage 103
With the communication between program;Passage 104 is driven to be configured to logical between the driving in REE 101 and TEE 102 for operating in
Letter;And, scheduling and control passage 105 are configured to the leading between REE 101 and TEE 102 for scheduling and control command
Letter.
The interface specified can be provided for the APP of application vendor using passage 103, as long as following this interface, manufacturer all may be used
So that the APP of registration is applied in this platform, wherein, the APP with tight security can be placed on by TEE according to the present invention
Side.For the access of the APP for being placed in TEE sides, usually in factory's stage of equipment, by trusted application developer and setting
It is standby to consult between business, TEE providers, access is verified by signing.
Due to the difference for driving species, taking resource size, by driving passage 104, it is possible to achieve host driven and void
Communication between intending driving.Different drivings can be flexibly set and be stored in TEE sides or REE sides.For occupancy resource
It is more, and the larger driving of migration difficulty can be retained in REE sides.And resource is less and needs can to preserve occupancy in TEE sides
The other driving of higher security level.
With regard to phone channel, the scheduling not to resource of current credible performing environment.For example, in current TEE, one
As be all that the processor core specified of distribution is responsible for TEE related services and the operation of task (task), due to transporting in current TEE
Capable protection content is less, and the disposal ability of single core can also be tackled.But with the expansion to TEE demands, iris, DRM
Etc. the use of related application, the load of TEE sides can be caused greatly to increase.Therefore, for the rational management of resource is very must
Want.The TEE manufacturers being currently known all are not carried out the processor scheduling between REE and TEE.
In one embodiment of the invention, using passage 103, drive passage 104 and the scheduling can be with control passage 105
For same passage.In this embodiment, TEE adopts grand kernel or sandbox framework, and the characteristics of based on its own, i.e., kernel objects are only
One process of association, causes communicating between TEE and REE to be only capable of by single passage being communicated.Specifically,
Sandbox (sandbox technology) is a kind of security mechanism for separating operation program, is frequently used for performing the code do not tested or the
The untrusted program of tripartite.Sandbox typically user provides the resource collection of a set of tight control to ensure the fortune of program
OK, virtual system environment can be provided for user APP, even if mistake occurs in the program run in sandbox environment, is also
The modification local temporary resource of destruction is without causing the collapse of system.The work of sandbox was that synchronization can only be comprising one originally
Sandbox runs, under conditions of Intel Virtualization Technology is not supported, and the mechanism of sandbox, can only run simultaneously in TEE one it is credible
Using TA.
But the implementation of this single, shared passage has following features:(1) structure design of passage is multiple
It is miscellaneous.Due to using single channel, TEE sides to need to parse the information of REE sides, by loader access corresponding with TEE sides
Object is communicated., whereas if TEE sides have application that the program of REE sides, driving etc. is called, also can only by this passage come
Communicated.Comprising various in the passage, one kind will being used to communicate for the data structure of the operations such as driving, application, scheduling
Data type brings great difficulty to design and realization.(2) software design idea of lower coupling is not met, for maintenance and liter
Level has very big difficulty.The upgrading of passage is likely to result in influencing each other for corresponding module, easily produces mistake.(3) imitate
Rate is low.Single channel cannot realize the different types of concurrent processing such as concurrent processing data, driving.
According to still another embodiment of the invention, it is mutual with control passage 105 using passage 103, driving passage 104 and scheduling
Isolation and can be concurrent.Wherein, it is responsible for Client APP (Client application of REE sides) and Trusted APP using passage 103
Communication between (trusted application of TEE sides), (such as meets GPTEE notes 1 using the 103 main application protocol for carrying standard of passage
The Client API of standard);The communication for driving passage 104 to be responsible between the main driving of equipment between REE and TEE and virtual drive;Drive
Dynamic passage 104 carries the communication interface of all kinds of drivings, present invention employs and drives the virtual method docked to complete REE and TEE
Between driving share;Scheduling and control passage 105 carry the scheduling class between REE and TEE and control class order.
Mutually isolated passage is realized by Intel Virtualization Technology.Specifically, it is by for using passage 103, drive
Dynamic passage 104 and scheduling and control passage 105 are separately positioned on the shared drive between REE sides and TEE sides and realize, are used for
It is separate between the shared drive of different passages.Using passage 103, drive passage 104 and scheduling each with control passage 105
From including forward channel and backward channel, wherein, forward channel is for by the messaging in the transmit queue of REE sides to TEE
In the receiving queue of side, backward channel is for by the receiving queue of the messaging in the transmit queue of TEE sides to REE sides.
The type of message of message that is to be sent or being received is preserved in the respective transmit queue in REE sides and TEE sides and receiving queue
And message content, so as to sending via the passage for meeting type of message or receiving each message.So carried out by multichannel
During message transmission, could correctly by message according to type by different channel transfer to REE or TEE.To CA
The message queue of (Client Application, client application) and TA (Trusted Application, trusted application) is all
There is independent thread to be responsible for processing the content in queue.By the scheme of the present embodiment, can be simultaneously between different passages
Send out, in same passage CA and TA call without etc. result to be returned, be truly realized concurrent operations.
The mutually isolated multichannel of the present invention supports concurrent invocation.By using above-mentioned Intel Virtualization Technology, at one
TEE is upper can to virtualize multiple virtual machines, be that different TA create execution space.As multiple CA for being arranged on REE sides can be same
When call multiple TA for being arranged on TEE sides, multiple drivings mutually can be shared simultaneously etc..The characteristic of virtual machine be isolation and
Safety, while security isolation can also be realized.The scheme of the embodiment has been truly realized multichannel concurrent technology, in system
Performance and extensibility on all in leading position.The multi-level operational approach proposed by the embodiment, can be one
Bio-identification, mobile payment, digital copyright protecting, secure localization, Internet of Things peace are solved on platform mobile terminal simultaneously expeditiously
Congruent multiclass safety problem.
By the mutually isolated multichannel of the present invention also compared to not supporting virtualized technical scheme to realize more
Big safety.There will be obvious advantage than existing TEE software products on the protection level and rank of TEE sides.
Data exchange between TEE and REE can adopt various ways, for example, in the terminal, application data
(AD) from control data (MCP, NQ) via different Buffer transfers, but this data transfer based on buffer is for drive
Dynamic and scheduling cannot realize effectively control.The support of many TEE realized based on virtualization, is the mutual of the current present invention
The multichannel of the isolation advantage maximum compared to other TEE manufacturers.Other manufacturers do not support many TEE at present.
Fig. 2 shows driving passage according to an embodiment of the invention.As shown in Fig. 2 driving passage 104 to be configured to use
In between REE and TEE, communicate between virtual drive and main driving, shared with the driving realized between REE and TEE.
Calling for driving is realized by way of virtual docking.Can be according to the characteristics of driving itself by main driving
Distribute in different performing environments with virtual drive.That is, the main driving of driving is set in a performing environment,
The virtual drive of the driving is set in another performing environment.For example, file system driver is placed in REE, FP drives and is placed on TEE
In.The dividing mode of driving is being illustrated further below.
In the case where specific driving is called in REE sides, if REE sides only exist the virtual drive of the driving and
There is the main driving of the driving in TEE sides, REE calls the virtual drive of the driving for being arranged on REE sides, so as to trigger and the driving
Relevant information is sent to the corresponding main driving of TEE sides via the forward channel for driving passage, and then the main driving is adjusted
The virtual drive of REE side is back to via the backward channel for driving passage with by the information of gained after process.
In the case where specific driving is called in TEE sides, if TEE sides only exist the virtual drive of the driving and
There is the main driving of the driving in REE sides, TEE calls the virtual drive of the driving for being arranged on TEE sides, so as to trigger and the driving
Relevant information is sent to the corresponding main driving of REE sides via the backward channel for driving passage, and then the main driving is adjusted
The virtual drive of TEE side is back to via the forward channel for driving passage with by the information of gained after process.
In this way, application can call any driving in REE sides or TEE sides and it is imperceptible REE and TEE it
Between conversion.By taking fingerprint recognition application as an example, fingerprint is called to drive in REE sides, and the main driving of the driving, it is real in other words
Drive positioned at TEE sides.In other words, REE sides call fingerprint drive obtain finger print information, and REE sides do not exist it is real
Fingerprint drives, but defines the interface of operation fingerprint in REE sides by virtualized mode.
Multi-channel communication systems of the invention call the virtualized fingerprint interface of REE sides, really by driving
The forward channel of passage 104 by the information transmission of fingerprint interface in TEE, obtained by calling real fingerprint interface again by TEE sides
After fingerprint relevant information, information is sent to into REE sides by reverse drive passage, REE reentries fingerprint correlated results.REE
The switching that the calling of the imperceptible drivings of CA of side actually exists two performing environments.Here it is passing through virtualized side
Formula is combined and drives passage, realizes the communication of message.
Security service such as fingerprint recognition, iris identification, the DRM of the various types of hardware carried in terminal and its offer
(Digital Rights Management, digital copyright management), NFC etc., have the driver of itself, and which drives and divides
It is that current TEE software products do not provide clear and definite division methods and implementation method in REE sides or in TEE sides.This
Bright proposition is driven the method for division based on the desirability of safety and availability and using virtual docking mode
Implementation method.
According to one embodiment of present invention, multi-channel communication systems include driving division unit.Fig. 3 schematically shows
The workflow of the driving division unit.The driving division unit performs following steps:
In step 301, assessment stays in the safety of the driving run on multi-channel communication systems;In the safety of the driving
Under conditions of more than the first safety threshold, the main driving of the driving is divided into into TEE sides in step 302, is arranged in REE sides
The virtual drive of the driving;Under conditions of the safety of the driving is below the second safety threshold, this is driven in step 303
Dynamic main driving is divided into REE sides, arranges the virtual drive of the driving in TEE sides;Pacify positioned at first in the safety of the driving
It is complete between property threshold value and the second safety threshold under conditions of, check the availability and realizability of the driving in step 304, such as
Fruit availability is below availability threshold value and realizability is more than realizability threshold value, in step 305 by the master of the driving
Driving is divided into TEE sides and arranges the virtual drive of the driving in REE sides, otherwise in step 306 by the main driving of the driving
It is divided into REE sides and the virtual drive of the driving is set in TEE sides.
The dividing mode has taken into account safety, availability and realizability.Specifically:
- safety & availabilities consider:Divided in terms of the safety of resource is driven.The drive strong for demand for security
It is dynamic, tend to TEE sides and divide, wherein, safety is the first standard, is also for setting up the main purpose of single TEE, therefore, safety
Property should be divided into TEE sides higher than the driving of threshold value;Relative to its more situation of demand to availability of safety, tend to REE
Side divides, and ensures safety using REE and the virtual docking modes of TEE.For example the conventional fingerprint of terminal unit drives at present, its peace
Full demand is stronger, therefore the main driving (Host Driver) of fingerprint is divided in TEE, is left in REE virtual
(Virtualized) driving interface is used for REE;And such as store and network, its drive system is larger, and relative to safety, which is right
The demand of availability is more, therefore main driving is divided in REE sides, and TEE leaves side virtual drive interface.
- realizability:For some special drivings and the protection of operation are can not only to consider its safety, in addition it is also necessary to comprehensive
Close and consider technical realizability.As DRM (digital copyright management) drives, NFC (wireless near field communication) drives and rainbow
Film webcam driver, be characterized in drive system it is larger it is more difficult be completely migrating to TEE in and also it is a certain degree of safety need
Ask.For such driving, it is considered to technology realizability, REE sides can be divided into, the safety that such is driven, present invention utilizes
Such driving resource is protected by the Intel Virtualization Technology in REE with container technique.
According to one embodiment of present invention, division unit is driven by DRM drivings, webcam driver, network-driven, GPS
Drive and the main driving of storage driving is divided into REE sides;Part in iris-driven with regard to data transfer, data analysiss is driven
Main driving be divided into TEE sides, and the main driving that the other parts in iris-driven drive is divided into into REE sides;NFC is driven
Main driving be divided into REE sides;The main driving driven about the part of data transfer, data analysiss during fingerprint is driven is divided into
TEE sides, and during fingerprint is driven, the main driving of the part driving that relevant SPI interruptions (interrupting shared periphery) are initiated is divided into
REE sides;SE (safety element) is driven and is divided into TEE sides;And, the main drive of the driving of TUI (trusted users interface) will be supported
It is dynamic to be arranged on REE sides and TEE sides.The division considers the protection level of level of security demand and overall architecture.Support TUI
Driving include LCD drive, touch screen drive and I2C drive.
Fig. 4 schematically shows the security arrangement of multi-channel communication systems of the invention.The safety of REE is less than
TEE, REE include the security arrangement Container of security arrangement Hypervisor and safety less than Hypervisor again, its
In, Hypervisor is mutually isolated with Container, and REE is mutually isolated with TEE.
Container layers refer to the correlation technique similar with the container technique under (SuSE) Linux OS, and Hypervisor refers to
The virtual software layer set up by the virtualization extensions technology of hardware supported, TEE refer to that basis is not limited to ARM Trustzone
The processor chips of extension provide TEE technologies.
Embodiments in accordance with the present invention, drive division unit to be respectively provided to the main driving for being divided into the driving of REE sides
In Container or Hypervisor.
In one embodiment of the invention, multi-channel communication systems of the invention also include isolating with REE and TEE
SE running environment, the SE running environment can cover eSE in mobile terminal, and (embedded secure element are embedded in
Formula safe unit), SIM (Subscriber Identification Module client identification modules), SSD (secure
Storage device, safety storage apparatus) etc., possess highest safe class, but disposal ability is weaker.
If divide for these security arrangements according to the demand of the level of security and overall architecture safety for driving respectively driven,
Then have:
REE:Network-driven, GPS drive.Storage driving etc., it is not so high to their demand for security, but demand is non-
Chang Gao.Need frequently to use.If placed it in TEE, by the performance of serious impact system.So being placed in REE
It is not added with protection.
REE Container:For some special drivings and the protection of operation are can not only to consider its safety, also need
Consider technical realizability.As DRM drives, NFC drives and iris webcam driver, is characterized in drivetrain
System it is larger it is more difficult be completely migrating to TEE in and also a certain degree of demand for security.According to the present invention, such as by iris-driven
In be placed on safe end with regard to the driving of data transfer, data analysis component, other parts drive and are placed on REE Container
In.Because this two parts for driving are related to safeguard protection.But other parts security levels are relatively low, so being placed
In REE Container.
REE Hypervisoer:In REE, arm virtualizes the hardware virtualization that EL2 is supported in REE.Virtualization can
To improve level of security, but it is that, in REE, level of security is less than TEE after all.NFC is gradually applied at present, but mainly should
For non-security end, the market demand that NFC pays is smaller;Secondly, NFC device manufacturer seldom provides the transplanting generation in TEE
Code, transplanting are difficult quite big, can cause suitable impact to system stability.So, retain NFC drive in REE sides, but by its
It is placed in Hypervisor, improves level of security.
TEE:The use of fingerprint is relevant with payment, and paying needs to be perfectly safe, so fingerprint is driven being placed on
In TEE, the use of fingerprint equipment can be used only in safer world.SPI interruption initiations during fingerprint drives are sent out in REE
Rise, this part is not protected by TEE, other finger print data transmission, analysis etc. are placed in TEE.The level of security of SE is most
Height, SE drive and must necessarily be placed in TEE.
TUI:Refer to trusted users interface.The driving of screen will be placed in REE and TEE.The use of screen is most frequent
, need to drive comprising screen in REE sides.But in order to ensure in the case where secure interface is needed, being such as input into Bank Account Number
During with needing to perform in TEE during password, need to directly invoke screen driving in safe end.
Embodiments in accordance with the present invention, realize the virtual docking calculation between different security arrangements.Specifically, exist
The initialization of REE sides whether Container or the environment of Hypervisor initiated and detected from TEE sides, wherein,
TEE guides and initializes Hypervisor, and Hypervisor is rebooted and initialized Container.So as to TEE is used as safety
Believable basis, it is ensured that whole safety guiding will be set up on the basis of verity, completeness check.
Fig. 5 schematically shows the virtual docking mode between REE and TEE.REE sides whether Container or
The initialization of the environment of Hypervisor initiated and detected from TEE sides, wherein, TEE guides and initializes Hypervisor,
Hypervisor is rebooted and is initialized Container.TEE is used as safe and reliable basis, it is ensured that whole safety guiding will be built
Verity is stood in, on the basis of completeness check.
For DRM and iris, when DRM or iris TA carry out safety operation, which is by Container in REE
Drive module, after completing once to call, DRM is prohibited by Hypervisor immediately with the IO controls of iris webcam driver
Only, its by means of in processor chips similar to IOMMU or SMMU mechanism completing, it is ensured that in safety operation, driving
Control register REE OS can not be distorted.
For NFC drives, as a example by paying under line, NFC carry out in driving a virtual machine on Hypervisor every
From with protection, it is contemplated that the eSE of the key of cooperation drives and is protected in TEE completely, itself and that may be present, highest peace
The SE of holostrome time is directly interacted.
Other protections such as secure localization and Internet of Things safety-critical locating module and drive module can pass through class
As scheme realizing.
By the driving division methods and docking mode of the present invention, protected modes of the TEE to all kinds of drivings is solved conscientiously
With method problem.Other TEE manufacturers typically move to safe end or complete using whole to the processing mode of drive system at present
Portion is placed in REE.Although such design design is simple, safety is of a relatively high, the species and characteristic to driving does not have
Do corresponding analysis, to cause and there is serious defect in realization, it is known that famous TEE manufacturers in, having occurred as soon as will be all of
Driving moves to the way in TEE, but still no accomplished up till now, because driving closely related with system, although
Driving can be protected completely, but cannot realize being also undisputable fact.
Embodiments in accordance with the present invention, TEE encrypt the data of REE sides to be sent in cryptography mode, to ensure flow direction
The data of REE sides are all ciphertexts.The reception of REE sides is transferred to so as to TEE sides the safety such as can not be distorted, can not be intercepted
Side, it is ensured that the higher safety of TEE running environment and whole multi-channel communication systems.
Multi-channel communication systems can also include processor core scheduling unit.The processor core scheduling unit can be
The dispatch processor core inside TEE and between TEE and REE.The processor core scheduling unit is at set intervals (for example
The task load situation of each processor core in TEE sides 100ms) is checked, and is processed according to the result for checking:
- in the case where the processor core task load of TEE sides is too high, the task load for being crossed high part is transferred to
The too high TEE sides processor core of other non-task loads, the after the transfer overall still task load mistake of TEE sides processor core
In the case of height, the processor core of REE sides is moved to TEE via scheduling and control passage by processor core scheduling unit
Side, as TEE sides processor core processing the task of TEE sides;
- in the case where all tasks of TEE sides are in obstruction or suspended state, processor core scheduling unit is via tune
The processor core of all TEE sides is moved to REE sides with control passage by degree, performs REE using the processor core as REE sides
The task of side;
- in the case where the task of TEE sides is reduced and idle processor core occurs, processor core scheduling unit
The processor core that would sit idle for via scheduling and control passage moves to REE sides, is performed using the processor core as REE sides
The task of REE sides.
This mode can to the full extent using the processor resource of current system, it is ensured that processing routine in TEE and REE
Recycle mechanism.
According to one embodiment of present invention, in the case of the processor core overall tasks load too high of TEE sides, can be with
Request is sent to processor core scheduling unit from the processor core of the too high TEE sides of task load so that processor core
Scheduling unit checks the state of the processor core of REE sides and randomly chooses the processor core of suspended state and is transferred to TEE
Side, performs the task of TEE sides using the processor core as TEE sides, and processor core scheduling unit will send request
When the task to be distributed of processor core is according to specific Mission Rules Guidelines, for example according to prioritization ground or according to migration
Between sequencing be distributed to new transfer and carry out the processor core of TEE sides to be processed.
Fig. 6 schematically shows the schematic diagram of the working method of kernel scheduling unit of the invention.Such as Fig. 6 institutes
Show, processor core 2 processes safe task (Secure Task) as the special Core in TEE sides, period can be fixed by overall scheduling
Processor core 2 is returned REE by the phase, is mainly in response to internuclear scheduling and routine mission and interrupt schedule, the processor of REE OS
Core 3 is dynamically added in TEE running environment according to the loading condition of TEE, processes Secure Task, and this is present invention proposition
Basic overall scheduling method.
In another embodiment of the present invention, processor core scheduling unit is using the monokaryon dispatching algorithm based on timeslice
To be scheduled to the core of TEE sides.Wherein, each task is assigned priority.Multiple processes are by turns in same TEE
Execution is alternateed in core, there can be N number of process to perform in a period of time in office at the same time, but be only had at any one moment
One process is being performed.If certain process has used up the timeslice of oneself, but has not carried out and finish, then being accomplished by will be current
The core for using is switched to other processes and uses, and the mentioned process for being finished timeslice passes through Interruption in next round process
Between timeslice circulation in be switched back in core operation when one's own timeslice arrives again.It is a total of in TEE and REE
In the case of multiple cores, processor core scheduling unit can be finished the entering of timeslice to continue executing with by starting new core
The execution of journey, i.e., by enabling new core come the load of balanced core.The core that the new core is left unused in being preferably TEE,
Can be random choose and the core that comes from the migration of REE sides in the idle core from REE.To realize the embodiment, example
Such as can be using HEFT (Heterogeneous-Earliest-Finish-Time, isomery earliest finish time) or CPOP
(Critical-path-on-a-Processor, the critical path on processor) algorithm.
According to one embodiment of present invention, multi-channel communication systems include interrupting control unit, in the processor of TEE sides
In the case that core receives interruption:
- interruption control unit can only will be drawn as security interrupt by the interruption that the processor core of TEE sides is processed in interruption
Assign in first group, and other interruptions in interruption are divided in second group as non-security interruption.
Next, can be handled as follows:
Security interrupt in first group is transferred to the processor core of TEE sides to process by-interruption control unit, and
- interrupt the place that the non-security interruption in second group is transferred to control unit REE sides via scheduling and control passage
Reason device core processing.
Or be handled as follows:
Security interrupt in first group is transferred to the processor core of TEE sides to process by-interruption control unit, and
- interruption control unit judges that the non-security interruption in second group is SPI (Share Peripheral
Interrupt, share periphery interrupt), PPI (privately owned interruption) or SGI (traps), if SPI, then interrupt control unit
Indicate that the processor core of the TEE sides for receiving the interruption is abandoned, and it is logical with control via scheduling to interrupt control unit
The processor core that the SPI being dropped is transferred to REE sides is processed by road;If PPI or SGI, then interrupt control single
First notifier processes device kernel scheduling unit, processor core scheduling unit subsequently will be received in this via scheduling and control passage
The processor core of disconnected TEE sides is transferred to REE sides so as to become the processor core of REE sides, and by the task of the interruption
It is placed on inside corresponding work queue (working Queue) and queues up, afterwards, processor core scheduling unit will be received in this
The processor core of disconnected REE sides is transferred back to TEE sides again via scheduling and control passage, so which becomes TEE sides again
Processor core with etc. it is to be received other interruption.Alternatively, after interruption is placed into work queue, processor core scheduling is single
The processor core for receiving the REE sides of the interruption is transferred back to TEE sides via scheduling and control passage by unit at once again.The reality
Substantial amounts of SPI can be abandoned by the scheme for applying example, transfer to other REE processor cores to be processed, greatly reduce TEE processors
Core switches back into REE processor cores and carries out number of processing, so as to significantly improve the treatment effeciency of TEE.
Fig. 7 schematically shows the workflow of interruption control unit according to embodiments of the present invention.As shown in fig. 7,
Receive interruption in response to TEE processor cores, interrupt control unit judge the interruption for security interrupt FIQ or it is non-security in
Disconnected IRQ, and security interrupt FIQ is put in a group, other interruptions are put in another group.Based on security interrupt and Fei An
The full division interrupted, for security interrupt needs the interruption is processed in TEE, other interruptions must be in other REE processor cores
Process in the minds of the heart or this REE processor cores.
Due to the hardware resource of TEE sides it is limited, in order to improve the disposal ability of TEE processor cores, typically will be nonessential
The interruption processed in TEE sides is given REE processor cores to process, and mitigates TEE resource loads.Therefore, as above divide TEE
The interruption received by core makes it possible to be directed to the processor core of TEE sides.For the non-security interruption IRQ or peace that produce
The full FIQ that interrupts is scheduled, and avoids the load excessive of TEE sides processor core as far as possible.Security interrupt FIQ can be stayed by next step
The process of TEE processor cores is given, non-security interruption IRQ is moved to into REE sides by REE process via scheduling and control passage 105
Device core is adding work queue.Afterwards, the processor core is interrupted control unit and switches back into TEE sides, continues waiting for receiving
Other interruptions of the core.
In optional next step, it is that SPI, privately owned interruption are interrupted in shared periphery to further discriminate between non-security interruption IRQ
PPI or traps SGI.Wherein non-security SPI can be abandoned by TEE cores, by scheduling with control passage 105 by REE
Core is taken over and is processed.SPI can be taken over by any processor core, and interruption PPI and traps SGI currently can only be received
TEE processor cores to the interruption are processed, therefore for the optimal way of the process of this partial interruption is by the TEE processors
Core migration is used as REE processor cores to REE sides and processes interruption PPI and traps SGI.So as to will be in TEE processors
In core be not required to it is to be processed interruption assign to as far as possible REE processor cores go process.As TEE processor cores will be big
The SPI of amount is abandoned, and is transferred to other REE processor cores to be processed, is greatly reduced TEE processor cores and switch back at REE
Reason device core carries out number of processing, so as to significantly improve the treatment effeciency of TEE.
Fig. 8 schematically shows a kind of electronic equipment of the invention.The electronic equipment has of the invention
Multi-channel communication systems and network interface and peripheral interface, wherein, user can be set via network interface or periphery
Standby interface is applied and is arranged on multi-channel communication systems, and user can also run different applications.The electronic equipment
It can for example be any this area skill such as mobile phone, palm PC, notebook computer, desktop computer, wearable intelligent communication device
Art personnel think rational electronic equipment.
The invention further relates to a kind of multichannel communication method, its be designed as operation according to it is above-mentioned, according to the present invention
The multi-channel communication systems of embodiment.
The invention further relates to a kind of computer program, which has program code, to perform meter on computers
Cause the multichannel communication method performed according to the embodiment of the present invention during calculation machine program.
The invention further relates to a kind of data medium, which has the program code of computer program, so as to ought be on computers
Cause the multichannel communication method performed according to the embodiment of the present invention when performing computer program.
The invention further relates to a kind of electronic equipment, which has driving division unit according to embodiments of the present invention and network
Interface and peripheral interface, wherein, user can be driven via network interface or peripheral interface, and is driven
The main driving of the driving is divided into credible performing environment or common performing environment by division unit.
The invention further relates to a kind of electronic equipment, its there is processor core scheduling unit according to embodiments of the present invention with
And network interface and peripheral interface, wherein, user can be applied via network interface or peripheral interface,
On the electronic equipment during operation application, processor core scheduling unit is according to the processor core of credible performing environment in the heart negative
Load state and to the dispatch processor core inside credible performing environment and between credible performing environment and common performing environment
The heart.
The invention further relates to a kind of processor core dispatching method, which is designed as according to embodiments of the present invention for running
Processor core scheduling unit.
The invention further relates to a kind of computer program, which has program code, to perform meter on computers
Cause the processor core dispatching method performed according to the present invention during calculation machine program.
The invention further relates to a kind of data medium, which has the program code of computer program, so as to ought be on computers
Cause the processor core dispatching method performed according to the embodiment of the present invention when performing computer program.
The invention further relates to a kind of electronic equipment, which has interruption control unit according to embodiments of the present invention and network
Interface and peripheral interface, wherein, user can be applied via network interface or peripheral interface, in the electronics
On equipment during operation application, interrupt the interrupt type that receives according to the processor core of credible performing environment of control unit and
The interruption is dispatched between the processor core of the processor core and common performing environment of credible performing environment.
The invention further relates to a kind of interrupt control method, which is designed as running interruption control according to embodiments of the present invention
Unit processed.
The invention further relates to a kind of computer program, which has program code, to perform meter on computers
Cause execution interrupt control method of the invention during calculation machine program.
The invention further relates to a kind of data medium, which has the program code of computer program, so as to ought be on computers
Cause when performing computer program and perform interrupt control method according to embodiments of the present invention.
More than, the protection domain of the only specific embodiment of the disclosure, but the disclosure is not limited thereto, any to be familiar with
Those skilled in the art can readily occur in change or replacement in the technical scope that the disclosure is disclosed, and should all cover
Within the protection domain of the disclosure.Therefore, the protection domain of the disclosure should be defined by scope of the claims.
Reference numerals list
The common performing environments of REE
Performing environment that TEE is credible
SE safety elements
100 multi-channel communication systems
101 REE
102 TEE
103 apply passage
104 drive passage
105 scheduling and control passage
DRM digital copyright protectings
NFC wireless near field communications
The non-security interruptions of IRQ
FIQ security interrupts
SPI interrupts shared periphery
The privately owned interruptions of PPI
SGI traps
ESE embedded-type security units
Claims (13)
1. a kind of communication system of the communication between common performing environment and credible performing environment,
Characterized in that,
The communication system includes:Common performing environment and credible performing environment,
Wherein,
The credible performing environment is isolated with the common performing environment;
Operating system and application can have been run in the credible performing environment and the common performing environment,
The communication system also includes driving division unit,
The driving division unit performs following steps:
The safety of the driving that will be run in the communication system is assessed,
If the safety of the driving is more than the first safety threshold, the main driving of the driving is divided into into described credible hold
Row environment, in the virtual drive of the common execution environment setting driving;
If the safety of the driving is below the second safety threshold, the main driving of the driving is divided into and described is commonly held
Row environment, in the virtual drive of the credible execution environment setting driving;
If the safety of the driving is located between first safety threshold and second safety threshold, check
The availability and realizability of the driving;
If the availability is below availability threshold value and the realizability is more than realizability threshold value, will be described
The main driving for driving is divided into the credible performing environment and the virtual drive in the common execution environment setting driving,
The driving is divided into into the common performing environment and the virtual drive in the credible execution environment setting driving otherwise.
2. communication system according to claim 1, it is characterised in that
It is described to drive division unit to draw DRM drivings, webcam driver, network-driven, GPS drivings and the main driving of storage driving
Assign to the common performing environment;And/or
Main driving in iris-driven with regard to data transfer, the driving of data analysiss is divided into into the credible performing environment, will
The main driving that other in iris-driven drive is divided into the common performing environment;And/or
The main driving that NFC drives is divided into into the common performing environment;And/or
Main driving during fingerprint is driven about data transfer, the driving of data analysiss is divided into the credible performing environment, will
Fingerprint interrupts the main driving of the driving initiated and is divided into the common performing environment about sharing periphery in driving;And/or
SE is driven and is divided into the credible performing environment;And/or
The main driving for supporting the driving of trusted users interface is arranged on into the common performing environment and the credible execution ring
Border.
3. communication system according to claim 2, it is characterised in that support that the driving of trusted users interface includes that LCD drives
Dynamic, touch screen drives and I2C drives.
4. communication system according to claim 1, it is characterised in that the safety of the common performing environment is less than described
Credible performing environment, the common performing environment include security arrangement Hypervisor and safety less than Hypervisor's again
Security arrangement Container, wherein, Hypervisor is mutually isolated with Container, and the driving division unit will be divided into
The main driving of the driving of REE sides is respectively provided in Container or Hypervisor.
5. communication system according to claim 4, it is characterised in that in the common performing environment, the Container
With the context initialization of the Hypervisor from the credible performing environment initiating and detect, wherein, it is described credible to hold
Row environment guides and initializes Hypervisor, and Hypervisor is rebooted and initialized Container.
6. the communication system according to any one of claim 1-5, it is characterised in that
The communication system also includes:The application passage between common performing environment and credible performing environment is arranged in, is driven and is led to
Road and scheduling and control passage,
Wherein,
The application passage is for the communication between the application program of the common performing environment and the credible performing environment;
It is described to drive passage to be used to operate in the communication between the driving of the common performing environment and the credible performing environment;
And,
The scheduling is used for scheduling and control command in the common performing environment and the credible performing environment with control passage
Between communication.
7. communication system according to claim 6, it is characterised in that the application passage, the driving passage and described
Scheduling and control passage are respectively arranged at the shared drive between the common performing environment and the credible performing environment, are used for
It is separate between the shared drive of different passages.
8. communication system according to claim 6, it is characterised in that the application passage, the driving passage and described
Scheduling each includes forward channel and backward channel with control passage, wherein, the forward channel is used for the common execution
, in the receiving queue of the credible performing environment, the backward channel is for by institute for messaging in the transmit queue of environment
The messaging in the transmit queue of credible performing environment is stated in the receiving queue of the common performing environment.
9. communication system according to claim 8, it is characterised in that in the common performing environment and the credible execution
The type of message and message content of message that is to be sent or being received are preserved in the respective transmit queue of environment and receiving queue,
So as to sending via the passage for meeting type of message or receiving each message.
10. communication system according to claim 6, it is characterised in that visitor can have been run in the common performing environment
The application of family end, main driving, virtual drive and/or processor core, the credible performing environment can run trusted application,
Main driving, virtual drive and/or processor core.
11. communication systems according to claim 10, it is characterised in that drive passage to be configured to for commonly holding described
Between row environment and the credible performing environment, communicate between the virtual drive and the main driving, to realize described
Common driving between performing environment and the credible performing environment is shared.
12. communication systems according to claim 11, it is characterised in that
In the case where the common performing environment calls specific driving, if there is the driving in the credible performing environment
Main driving and there is the virtual drive of the driving in the common performing environment, the common performing environment calls the driving
The virtual drive of the common performing environment is arranged on, passage is being driven just via described so as to trigger the information relevant with the driving
The corresponding main driving of the credible performing environment, and then gained after the main driving is called and will process are sent to passage
Information be back to the virtual drive of the common performing environment via the backward channel for driving passage, and,
In the case where the credible performing environment calls specific driving, if there is the driving in the credible performing environment
Virtual drive and there is the main driving of the driving in the common performing environment, the credible performing environment calls the driving
The virtual drive of the credible performing environment is arranged on, passage anti-is driven via described so as to trigger the information relevant with the driving
The corresponding main driving of the common performing environment, and then gained after the main driving is called and will process are sent to passage
Information be back to the virtual drive of the credible performing environment via the forward channel for driving passage.
13. a kind of electronic equipment, it is characterised in that include:Communication system according to any one of claim 1 to 12 with
And network interface and peripheral interface, wherein, user can be answered via the network interface or peripheral interface
With and the application is installed on into the communication system, user can also run different applications by the communication system.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610910915.5A CN106548077B (en) | 2016-10-19 | 2016-10-19 | Communication system and electronic equipment |
PCT/CN2017/106722 WO2018072713A1 (en) | 2016-10-19 | 2017-10-18 | Communication system and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610910915.5A CN106548077B (en) | 2016-10-19 | 2016-10-19 | Communication system and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106548077A true CN106548077A (en) | 2017-03-29 |
CN106548077B CN106548077B (en) | 2019-03-15 |
Family
ID=58369171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610910915.5A Active CN106548077B (en) | 2016-10-19 | 2016-10-19 | Communication system and electronic equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106548077B (en) |
WO (1) | WO2018072713A1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106547633A (en) * | 2016-10-19 | 2017-03-29 | 沈阳微可信科技有限公司 | Multi-channel communication systems and electronic equipment |
CN107168747A (en) * | 2017-05-27 | 2017-09-15 | 努比亚技术有限公司 | Differentiating method, device and the computer-readable recording medium of mobile terminal configuration |
CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
WO2018072713A1 (en) * | 2016-10-19 | 2018-04-26 | 北京豆荚科技有限公司 | Communication system and electronic device |
CN108595928A (en) * | 2018-04-12 | 2018-09-28 | Oppo广东移动通信有限公司 | Information processing method, device and the terminal device of recognition of face |
CN109960582A (en) * | 2018-06-19 | 2019-07-02 | 华为技术有限公司 | The method, apparatus and system of multi-core parallel concurrent are realized in the side TEE |
WO2019196793A1 (en) * | 2018-04-12 | 2019-10-17 | Oppo广东移动通信有限公司 | Image processing method and apparatus, and electronic device and computer-readable storage medium |
CN110727966A (en) * | 2018-07-16 | 2020-01-24 | Oppo广东移动通信有限公司 | Image processing method and device, storage medium and electronic equipment |
CN110795385A (en) * | 2019-10-29 | 2020-02-14 | 天津飞腾信息技术有限公司 | Trusted core and computing core resource allocation method and device of system on chip |
WO2020088321A1 (en) * | 2018-11-01 | 2020-05-07 | 华为技术有限公司 | Interaction method and device |
CN111722894A (en) * | 2019-03-21 | 2020-09-29 | 成都鼎桥通信技术有限公司 | Application processing method and device and electronic equipment |
CN112953909A (en) * | 2021-01-28 | 2021-06-11 | 北京豆荚科技有限公司 | Method for realizing safety isolation of vehicle-mounted internal and external networks based on TEE |
WO2023109211A1 (en) * | 2021-12-14 | 2023-06-22 | 荣耀终端有限公司 | Service processing method and related apparatus |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019205887A1 (en) | 2018-04-28 | 2019-10-31 | Oppo广东移动通信有限公司 | Method and apparatus for controlling photographing, electronic device, and computer readable storage medium |
CN110728714B (en) * | 2018-07-16 | 2023-06-20 | Oppo广东移动通信有限公司 | Image processing method and device, storage medium and electronic equipment |
CN114600108A (en) * | 2019-08-16 | 2022-06-07 | 边信联科技股份有限公司 | System and method for performing trusted operation with remote authentication and information independence by heterogeneous processor through open connector |
CN111881459B (en) * | 2020-08-03 | 2024-04-05 | 沈阳谦川科技有限公司 | Equipment risk control system and detection method based on trusted computing environment |
CN112784265A (en) * | 2021-02-05 | 2021-05-11 | 北京火绒网络科技有限公司 | Optimization method of virtual sandbox for obfuscated codes |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1896903A (en) * | 2005-07-15 | 2007-01-17 | 联想(北京)有限公司 | Virtual-machine system for supporting trusted evaluation and method for realizing trusted evaluation |
CN104408371A (en) * | 2014-10-14 | 2015-03-11 | 中国科学院信息工程研究所 | Implementation method of high security application system based on trusted execution environment |
WO2016048177A1 (en) * | 2014-09-26 | 2016-03-31 | Intel Corporation | Securely exchanging vehicular sensor information |
CN105591672A (en) * | 2015-04-30 | 2016-05-18 | 中国银联股份有限公司 | NFC-based communication method and device |
CN105791284A (en) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | Secure data transmission device and method |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106547633B (en) * | 2016-10-19 | 2019-12-31 | 沈阳微可信科技有限公司 | Multi-channel communication system and electronic device |
CN106548077B (en) * | 2016-10-19 | 2019-03-15 | 沈阳微可信科技有限公司 | Communication system and electronic equipment |
CN106547618B (en) * | 2016-10-19 | 2019-10-29 | 沈阳微可信科技有限公司 | Communication system and electronic equipment |
-
2016
- 2016-10-19 CN CN201610910915.5A patent/CN106548077B/en active Active
-
2017
- 2017-10-18 WO PCT/CN2017/106722 patent/WO2018072713A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1896903A (en) * | 2005-07-15 | 2007-01-17 | 联想(北京)有限公司 | Virtual-machine system for supporting trusted evaluation and method for realizing trusted evaluation |
WO2016048177A1 (en) * | 2014-09-26 | 2016-03-31 | Intel Corporation | Securely exchanging vehicular sensor information |
CN104408371A (en) * | 2014-10-14 | 2015-03-11 | 中国科学院信息工程研究所 | Implementation method of high security application system based on trusted execution environment |
CN105591672A (en) * | 2015-04-30 | 2016-05-18 | 中国银联股份有限公司 | NFC-based communication method and device |
CN105791284A (en) * | 2016-02-29 | 2016-07-20 | 华为技术有限公司 | Secure data transmission device and method |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018072713A1 (en) * | 2016-10-19 | 2018-04-26 | 北京豆荚科技有限公司 | Communication system and electronic device |
WO2018072714A1 (en) * | 2016-10-19 | 2018-04-26 | 北京豆荚科技有限公司 | Multichannel communication system and electronic device |
CN106547633A (en) * | 2016-10-19 | 2017-03-29 | 沈阳微可信科技有限公司 | Multi-channel communication systems and electronic equipment |
CN106547633B (en) * | 2016-10-19 | 2019-12-31 | 沈阳微可信科技有限公司 | Multi-channel communication system and electronic device |
CN107168747A (en) * | 2017-05-27 | 2017-09-15 | 努比亚技术有限公司 | Differentiating method, device and the computer-readable recording medium of mobile terminal configuration |
CN107168747B (en) * | 2017-05-27 | 2020-12-29 | 努比亚技术有限公司 | Method and device for distinguishing mobile terminal configuration and computer readable storage medium |
CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
EP3633546A4 (en) * | 2018-04-12 | 2020-10-21 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Image processing method and apparatus, and electronic device and computer-readable storage medium |
CN108595928A (en) * | 2018-04-12 | 2018-09-28 | Oppo广东移动通信有限公司 | Information processing method, device and the terminal device of recognition of face |
WO2019196793A1 (en) * | 2018-04-12 | 2019-10-17 | Oppo广东移动通信有限公司 | Image processing method and apparatus, and electronic device and computer-readable storage medium |
US11170204B2 (en) | 2018-04-12 | 2021-11-09 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data processing method, electronic device and computer-readable storage medium |
CN109960582A (en) * | 2018-06-19 | 2019-07-02 | 华为技术有限公司 | The method, apparatus and system of multi-core parallel concurrent are realized in the side TEE |
KR20210014686A (en) * | 2018-06-19 | 2021-02-09 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Method, apparatus and system for implementing multi-core parallel to the TEE side |
KR102509384B1 (en) | 2018-06-19 | 2023-03-14 | 후아웨이 테크놀러지 컴퍼니 리미티드 | Method, apparatus and system for implementing multi-core parallel to TEE side |
US11461146B2 (en) | 2018-06-19 | 2022-10-04 | Huawei Technologies Co., Ltd. | Scheduling sub-thread on a core running a trusted execution environment |
WO2019242423A1 (en) * | 2018-06-19 | 2019-12-26 | 华为技术有限公司 | Method, apparatus and system for implementing multi-core parallel on tee side |
CN110727966A (en) * | 2018-07-16 | 2020-01-24 | Oppo广东移动通信有限公司 | Image processing method and device, storage medium and electronic equipment |
WO2020088321A1 (en) * | 2018-11-01 | 2020-05-07 | 华为技术有限公司 | Interaction method and device |
US11709929B2 (en) | 2018-11-01 | 2023-07-25 | Huawei Technologies Co., Ltd. | Interaction method and apparatus |
CN111722894A (en) * | 2019-03-21 | 2020-09-29 | 成都鼎桥通信技术有限公司 | Application processing method and device and electronic equipment |
CN111722894B (en) * | 2019-03-21 | 2023-04-18 | 成都鼎桥通信技术有限公司 | Application processing method and device and electronic equipment |
CN110795385A (en) * | 2019-10-29 | 2020-02-14 | 天津飞腾信息技术有限公司 | Trusted core and computing core resource allocation method and device of system on chip |
CN110795385B (en) * | 2019-10-29 | 2023-11-03 | 飞腾信息技术有限公司 | Trusted core and computing core resource allocation method and device of system on chip |
CN112953909A (en) * | 2021-01-28 | 2021-06-11 | 北京豆荚科技有限公司 | Method for realizing safety isolation of vehicle-mounted internal and external networks based on TEE |
CN112953909B (en) * | 2021-01-28 | 2023-03-14 | 北京豆荚科技有限公司 | Method for realizing vehicle-mounted internal and external network safety isolation based on TEE |
WO2023109211A1 (en) * | 2021-12-14 | 2023-06-22 | 荣耀终端有限公司 | Service processing method and related apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN106548077B (en) | 2019-03-15 |
WO2018072713A1 (en) | 2018-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106547618B (en) | Communication system and electronic equipment | |
CN106548077B (en) | Communication system and electronic equipment | |
CN106547633A (en) | Multi-channel communication systems and electronic equipment | |
US9619308B2 (en) | Executing a kernel device driver as a user space process | |
US8996864B2 (en) | System for enabling multiple execution environments to share a device | |
CN108475217B (en) | System and method for auditing virtual machines | |
EP2864869B1 (en) | Api redirection for limited capability operating systems | |
US6370606B1 (en) | System and method for simulating hardware interrupts in a multiprocessor computer system | |
WO2015090158A1 (en) | Method for interruption affinity binding of virtual network interface card, and computer device | |
EP3017396B1 (en) | System and method for providing secure access control to a graphics processing unit | |
EP2003554A1 (en) | Input/output control apparatus, input/output control system, and input/output control method | |
EP3436947B1 (en) | Secure driver platform | |
KR20080106908A (en) | Migrating a virtual machine that owns a resource such as a hardware device | |
EP3329374A1 (en) | System and method for trusted operability when moving between network functions virtualization states | |
CN116320469B (en) | Virtualized video encoding and decoding system and method, electronic equipment and storage medium | |
US20140351833A1 (en) | Multi-computing environment operating on a single native operating system | |
CN101369258B (en) | Input/output control system | |
US20140245291A1 (en) | Sharing devices assigned to virtual machines using runtime exclusion | |
CN104657225A (en) | OKL4 embedded virtual platform-based cross-Cell data transmission system | |
US11768696B2 (en) | Security for microengine access | |
US20200225965A1 (en) | Method to enable a full desktop experience based on a mobile device | |
CN117708855A (en) | Data encryption method, device, equipment and medium based on inter-core communication | |
CN117331878A (en) | Operating system processing method and device, electronic equipment and computer storage medium | |
CN114780209A (en) | Interrupt processing method and device based on virtual machine monitor, terminal equipment and chip |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |