The content of the invention
The present invention obtains the shortcoming of the method for checking information for said vesse system, it is proposed that handed between a kind of containment system
Needed in the method and device of mutual checking information, the method that checking information is obtained for solving said vesse system by switching two
The problem of containment system just can be achieved to obtain checking information.
The method that embodiments of the invention propose validation-cross information between a kind of containment system, including:
First containment system sends the request for obtaining checking information to originator;
Second container system receives the short message for the carrying checking information that originator is returned in response to request, and to short message
Breath is parsed to obtain checking information;
Second container system sends checking information to the first containment system.
Preferably, before the step of the first containment system sends the request for obtaining checking information to originator, this method
Also include:
The checking information of first containment system receives service and checking information is received into service registry to second container system
In short message monitoring service;
Wherein, when second container system receive originator in response to request return carrying checking information short message,
Including:
By the short message monitoring service monitoring of second container system to second container system receive originator in response to
Ask the short message of carrying checking information returned;
Wherein, second container system sends checking information to the first containment system, including:
According to log-on message, second container system sends checking information to corresponding first containment system.
Preferably, before the step of second container system sends checking information to the first containment system, this method is also
Including:
First containment system sends to master control system and passed for the message between the first containment system and second container system
The establishment channel request message of defeated passage;
Master control system is according to channel request message is created, for the first containment system and second container system creation two
Socket filec descriptors;
First containment system socket filec descriptors corresponding with the acquisition of second container system, and according to corresponding
Socket filec descriptors, carry out message transmission.
Preferably, before the step of second container system sends checking information to the first containment system, this method is also
Including:
Bridge is created in master control system, and is that the first containment system and second container system creation are corresponding virtual
Network interface, wherein, one end of each virtual network port is arranged in corresponding containment system, the other end and bridge of each virtual network port
It is connected;
Second container system passes through its corresponding virtual network port and bridge virtual net corresponding with the first containment system
Mouth sets up data path;
Mobile network of the second container system based on data path and the first containment system carries out data transmission.
Preferably, second container system sends checking information to the first containment system, including:
Second container system checking information is encrypted to generate the checking information after encryption, and by after encryption
Checking information is sent to the first containment system.
The embodiment of the present invention additionally provides a kind of device of validation-cross information between containment system, including:
First transmitting element, resolution unit and the second transmitting element, wherein:
First transmitting element, in the first containment system, the request of checking information is obtained for being sent to originator;
Resolution unit, in second container system, is verified for receiving originator in response to the carrying that request is returned
The short message of information, and short message is parsed to obtain checking information;
Second transmitting element, in second container system, for checking information to be sent to the first containment system.
Preferably, device also includes registering unit, and registering unit is located in the first containment system, specifically for:
Before the request that the first transmitting element sends acquisition checking information to originator, by the checking of the first containment system
Information receives service registry into the message monitoring service of second container system;
Wherein, resolution unit receives the short message for the carrying checking information that originator is returned in response to request, including:
By the short message monitoring service monitoring of second container system to second container system receive originator in response to
Ask the short message of carrying checking information returned;
Wherein, the second transmitting element sends checking information to the first containment system, including:
According to log-on message, the second transmitting element sends checking information to corresponding first containment system.
Preferably, the device also includes:
3rd transmitting element, the first creating unit, first acquisition unit, second acquisition unit and first message transmission are single
Member, wherein:
3rd transmitting element, in the first containment system, for sending checking information in the second transmitting element
Before one containment system, sent to master control system for the message transmission channel between the first containment system and second container system
Establishment channel request message;
First creating unit, in master control system, for according to channel request message is created, for the first containment system
With two socket filec descriptors of second container system creation;
First acquisition unit, in the first containment system, for obtaining corresponding socket filec descriptors;
Second acquisition unit, in second container system, for obtaining corresponding socket filec descriptors;
First transmission unit, for according to corresponding socket filec descriptors, carrying out message transmission.
Preferably, the device also includes:
Second creating unit, unit and the second transmission unit are set up, wherein:
Creating unit, in master control system, for sending checking information to the first container system in the second transmitting element
Before system, bridge is created, and for the first containment system and the corresponding virtual network port of second container system creation, wherein, respectively
One end of virtual network port is arranged in corresponding containment system, and the other end of each virtual network port is connected with bridge;
Unit is set up, in second container system, for passing through its corresponding virtual network port and bridge and first
The corresponding virtual network port of containment system sets up data path;
Second transmission unit, in second container system, for the movement based on data path and the first containment system
Network carries out data transmission.
Preferably, the second transmitting element sends checking information to the first containment system, including:
Checking information is encrypted to generate the checking information after encryption, and the checking information after encryption is sent
To the first containment system.
The method that the embodiment of the present invention provides validation-cross information between a kind of containment system, this method is specifically included:First,
First containment system sends the request for obtaining identifying code to originator, then, and second container system receives originator response
The short message of the carrying checking information returned in the request, finally, the second container system sends the checking information to the
One containment system.It is using the beneficial effect of the invention obtained:The intercommunication of first containment system and second container system,
The short message for the carrying checking information that originator is sent is received by second container system, and by extracting testing in the short message
Information is demonstrate,proved, most the checking information is sent to the first containment system at last, that is to say, that second container system is obtaining checking information
Afterwards, the checking information is sent to the first containment system automatically, without the frequency between the first containment system and second container system
Numerous switching can just obtain checking information, improve the efficiency that the first containment system obtains identifying code.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to there is the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or can also exist
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Taking leave "and/or" includes one or more associated wholes or any cell for listing item and all combines.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), with the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, it should be understood that with the context with prior art
The consistent meaning of meaning, and unless by specific definitions as here, otherwise will not use idealization or excessively formal implication
To explain.
The technical scheme of the embodiment of the present invention is specifically introduced below in conjunction with the accompanying drawings.
The embodiments of the invention provide a kind of method of validation-cross information between containment system, the schematic flow sheet of this method
As shown in figure 1, specifically including following steps:
S101:First containment system sends the request for obtaining checking information to originator;
S102:Second container system receives the short message for the carrying checking information that originator is returned in response to request, and
Short message is parsed to obtain checking information;
S103:Second container system sends checking information to the first containment system.
The method that the embodiment of the present invention provides validation-cross information between a kind of containment system, this method is specifically included:First,
First containment system sends the request for obtaining identifying code to originator, then, and second container system receives originator response
The short message of the carrying checking information returned in the request, finally, the second container system sends the checking information to the
One containment system.It is using the beneficial effect of the invention obtained:The intercommunication of first containment system and second container system,
The short message for the carrying checking information that originator is sent is received by second container system, and by extracting testing in the short message
Information is demonstrate,proved, most the checking information is sent to the first containment system at last, that is to say, that second container system is obtaining checking information
Afterwards, the checking information is sent to the first containment system automatically, without the frequency between the first containment system and second container system
Numerous switching can just obtain checking information, improve the efficiency that the first containment system obtains checking information.
Implementing for each step is described further below for more than:
S101:First containment system sends the request for obtaining checking information to originator.
In this step, the first containment system sends the request for obtaining checking information, specific sending method to originator
Can be:First, the application positioned at the first containment system receives service to corresponding checking information and sends acquisition checking information
Request, then, checking information receive service and apply corresponding server (i.e. to this:Originator) send asking for acquisition identifying code
Ask.The checking information can be identifying code, for example, numeral, letter or the combination of the two, can also be text information, etc..
As shown in Fig. 2 if certain shopping application in the containment system of User logs in first is paid, in order to ensure user
Safety of payment, it is necessary to the first input handset identifying code on " safety verification interface ", the side of specific input validation code before payment
Method is:User triggers the application and tested to corresponding by clicking on " click on and obtain identifying code " button on " safety verification interface "
Demonstrate,prove information receive service send obtain checking information request, checking information receive service receive after the request, to the application
Corresponding server (i.e. originator) sends the request for obtaining mobile phone identifying code, and the server upon receiving the request, will be with
The form of short message sends the short message for carrying identifying code to phone number as on the mobile phone of " 136****1234 ".
The application scenarios that Fig. 2 is provided are exemplary explanation, in actual applications, it is necessary to use the application of " identifying code "
Scene, except paying scene, can also be login scene etc..Moreover, user obtains the operation of identifying code, it is also not limited to above-mentioned
" click on and obtain identifying code " recorded, can also slide the corresponding button or interface etc., concrete operations mode is by practical application scene
Determine.
The method of validation-cross information also includes between the containment system that the present invention is provided:In the first containment system to originator
Before the step of sending the request for obtaining checking information, the checking information in the first containment system receives service by the checking information
Service registry is received into the short message monitoring service of second container system, checking information is received into service registry to second here
Purpose in the short message monitoring service of containment system is:Pass through the short message monitoring service monitoring of second container system to second
Containment system is received after the short message for carrying checking information, and second container system sends the checking information according to log-on message
To corresponding first containment system, wherein, the short message is originator in response to receiving the acquisition that the first containment system is sent
The request of checking information and send to second container system.Detailed process can be described in detail in following S102~S103.
It should be noted that:" the first containment system " in the present invention and " first " in " second container system " and "
Two ", it is intended merely to distinguish different containment systems, and not ordinal number.
S102:Second container system receives the short message for the carrying checking information that originator is returned in response to request, and
Short message is parsed to obtain checking information.
After the first containment system sends the request for obtaining checking information to originator, originator can be to second container system
The short message for carrying the checking information is sent, at this moment the SMS module in second container system receives the short message, same with this
When, the short message monitoring service monitoring in second container system is received after the short message to SMS module, and the short message is entered
Row parsing, so as to obtain the checking information in the short message.
The method for the short message that short message monitoring service monitoring second container system in second container system is received has
Many kinds, for example, short message detection service can be monitored to the short message received all the time, for another example in order to slow
The task amount of short message detection service is solved, the cycle that can set is monitored to the short message received, such as, every 1s docking
The short message received is monitored.
In actual applications, in second container system functional module except SMS module and short message monitoring service in addition to,
It is also possible to including many other functional modules, in order to ensure the safety of checking information, monitoring authority can be set, also
It is to say, only short message monitoring service can monitor the short message that SMS module is received.
In addition, in actual applications, the application positioned at the first containment system may have many kinds, and need from second container
The application of checking information is obtained in system also many kinds, therefore, in order that two containment systems effectively work, it is necessary to many to this
The application that individual needs obtain checking information from second container system is managed, and the present invention provides a kind of preferred manager
Formula, it is specific as follows:
First, the checking information in S101 receives in service and sets up list, for these checking informations to be obtained
Using being managed;Setting up the method for list has many kinds, for example, setting up the method for list can be:Before S101, checking
Information receives service and all records the information of the application of checking information to be obtained in lists.
The form of expression of list has many kinds, and a kind of simple list of form is exemplarily enumerated below, as shown in table 1,
" information of the application of checking information to be obtained " recorded in the list is specifically included:The name of the application of each checking information to be obtained
Title, the mark of the application of each checking information to be obtained and the mark with the originator of the application binding of each checking information to be obtained
Know, the mark of originator can be specifically the network address of the application corresponding server of each checking information to be obtained here, such as
URL, or also other modes for identifying the server, as long as can be with the unique mark server.
For example, the first row content representation is in table 1:The application 1 of checking information to be obtained is corresponding to be designated " adcd ",
The originator bound with the application is designated " B8y83ue9duwy8 ".
Table 1
For another example the method for setting up list can also be:Whenever user trigger be located at the first containment system in application to
Originator is sent after the request for obtaining checking information, and checking information receives service and will arrange this using corresponding information record
In table.
Application of the list to checking information to be obtained for convenience is managed, and list can be set to have " ageing ",
Specifically method to set up is:Preset time period is set, is preset when monitoring to current time to exceed from the information for recording the application
After period, the information of the application is removed from the list.Tested assuming that sending acquisition from the first containment system of triggering to originator
The request of information is demonstrate,proved, the time that checking information is returned to second container system is usually 5 minutes, at this moment can be by the default time
Section is set to 10 minutes, when monitoring to current time to pass by 10 minutes from the information for recording the application, it is possible to by this
The information of application is removed from the list, so, can not only reduce the memory space of list, can also improve the efficiency tabled look-up
(beneficial effect of this part can be described in detail in S103).
During the short message that the short message monitoring service monitoring second container system in second container system is received, first,
Whether whether be target originator send, secondly if checking the short message, check the particular content of the short message on " checking letter
Breath ".
For example, it is assumed that a short message receiving of second container system for " Uub2+Bxdeih82q73e+ you merchandise
Identifying code is 397875 ", first, extracts the mark and this applied in the short message using the mark of corresponding originator, extracts
Application be designated " Uub2 ", and this is designated " Bxdeih82q73e " using corresponding originator, then, it is determined that should
Identify whether as the mark of target originator, especially by identifying whether for the mark and corresponding originator for determining the application
Match somebody with somebody, and determine whether the application is in the state of identifying code to be obtained, if it is not, then illustrating that the originator is not that target is transmitted
Side, the at this moment discardable short message, or the short message is regarded as " junk information ";If it is, illustrating that the originator is target
Whether originator, continue checking for the particular content of the short message on " checking information ", specific verification method can be word
Matching, i.e.,:Each word in short message is matched with default text information, for example, default text information is " you hand over
Easy identifying code is ", then each word in the short message received is matched with the default text information, if matched into
Work(, it is determined that the short message is the short message for the carrying identifying code that target originator is sent.
Continue to use above-mentioned example, it is assumed that the short message that second container system is received is " Uub2+Bxdeih82q73e+
Wish your happy holiday ", first, the mark applied by extracting in the short message and this apply the mark of corresponding originator, really
The fixed originator is target originator, then, by the way that each word in the short message is matched with default fileinfo, i.e.,:
" wish your happy holiday " is matched with " identifying code that you merchandise is ", it is found that it fails to match, illustrates the short message with " verifying
Information " is unrelated, the at this moment discardable short message.
The mode of the application of preferred each checking information to be obtained of management of above-mentioned offer, and the mark respectively applied in table 1
Know, respectively apply the mark for the originator bound and form of expression of short message etc. to be exemplary explanation, not to this hair
Bright constitute limits.
When it is determined that the short message is the short message of carrying identifying code of target originator transmission, the short message is solved
Analysis, so as to obtain checking information.Specific analytic method also has many kinds, for example, above-mentioned example is continued to use, for example, default word
Information is " identifying code that you merchandise is ", and the information that at this moment can be extracted after the default text information is checking information, for example, short
The particular content of information is " identifying code that you merchandise is 397875 ", then the checking information extracted is " 397875 ".
S103:Second container system sends checking information to the first containment system.
Second container system after checking information is obtained, it is necessary to the checking information is sent to the first containment system, but
, it is necessary to set up message transmission channel between the first containment system and second container system before transmission, so that second holds
Checking information is sent to the first containment system by device system by the message transmission channel.
Illustrate two kinds in detail below and set up the method for message transmission channel between containment system, but saying of being also only exemplary
It is bright, the present invention is not constituted and limited.
The step of the first sets up the method for message transmission channel between two containment systems be:
First, the first containment system is sent for disappearing between the first containment system and second container system to master control system
Cease the establishment channel request message of transmission channel;
Secondly, master control system is according to channel request message is created, for the first containment system and second container system creation
Two socket filec descriptors;
Finally, the first containment system socket filec descriptors corresponding with the acquisition of second container system, and according to correspondence
Socket filec descriptors, carry out message transmission.
For example, in terminal device A, when the process in the first containment system needs to carry out with the process in second container system
Communication port service processes of the process into the first containment system in communication, the first containment system send establishment channel request and disappeared
Communication port service processes in breath, subsequent first containment system will receive establishment channel request message, and the request is disappeared
Breath is sent to the communication port service processes of master control system, wherein, carry the first containment system in the establishment channel request message
Identification information and second container system identification information, the communication port service processes of master control system are according to the first container system
System and the identification information of second container system create two socket files for the first containment system and second container system
Descriptor.
Virtual Domain Name NSS equipment of the communication port service processes of master control system into master control system sends registration request and disappeared
Breath, after succeeding in registration, the communication port service processes of master control system are to the containment system for sending request, such as the first container system
System, and need to carry out the containment system of communication service, such as second container system sends its each self-corresponding socket text respectively
The title of part descriptor, if the communication port service processes of master control system are by entitled " the first containment system-passage 1 "
Socket filec descriptors are sent to the first containment system, and " the socket files of second container system-passage 1 " are retouched by entitled
Symbol is stated to send to second container system.
Then, the first containment system and second container system are according to the name for receiving its respective socket filec descriptor
Claim, obtain corresponding socket filec descriptors, subsequent first containment system and second container system can be each right according to it
The socket filec descriptors answered carry out message transmission.
The step of setting up the method for message transmission channel between two containment systems for second be:
First, bridge is created in master control system, and it is corresponding with second container system creation for the first containment system
Virtual network port, wherein, one end of each virtual network port is arranged in corresponding containment system, the other end and net of each virtual network port
Bridge node is connected;
Secondly, second container system passes through its corresponding virtual network port and bridge void corresponding with the first containment system
Intend network interface and set up data path;
Finally, mobile network of the second container system based on data path and the first containment system carries out data transmission.
For example, multisystem mobile terminal includes the first containment system and second container system, wherein, what master control system was created
Bridge is br0, and master control system is that the virtual network port that the first containment system is created is veth-pair1, is second container system
The virtual network port of establishment is the virtual network port veth-pair1 and br0 in master control system in veth-pair2, the first containment system
It is connected, the veth-pair2 in second container system is connected with the br0 in master control system, so, passes through the net in master control system
Connection in bridge node and each containment system between virtual network port, sets up data and passes through (i.e.:Message transmission channel).
It should be noted that:Bridge is created in master control system, and creates corresponding virtual for each containment system
Network interface, also includes afterwards:Each virtual network port, bridge are distinguished the IP address in the corresponding network address and matched somebody with somebody by master control system
It is set in same LAN.
For example, the corresponding IP address of the virtual network port of the first containment system in mobile terminal A is configured to by master control system
172.29.52.60/24, the corresponding IP address of bridge is configured to 172.29.52.50/24, second container in master control system
The corresponding IP address of virtual network port of system is configured to 172.29.52.70/24, therefore, the virtual network port pair of the first containment system
The corresponding IP address of IP address, bridge and the corresponding network address of virtual network port of second container system answered are respectively positioned on
Same virtual network subnet network segment 172.29.52.0/24.
For the embodiment of the present invention, master control system by by each virtual network port, bridge with distinguishing corresponding network
Location is configured in same LAN, to enable each virtual network port, bridge to be mutually directly addressed, it is determined that
Next-hop virtual network port or the corresponding network address of bridge, carry out data transmission, so as to reduce the complexity of addressing
Degree, and then the feasibility of multisystem network connection can be improved.
Set up between the first containment system and second container system after message transmission channel, second container system will be verified
Information is sent to the first containment system.A kind of mode of preferred transmission identifying code is:Second container system is entered to checking information
Row encryption is sent the checking information after encrypting to the first container system with generating the checking information after encryption
After system, checking information after the first containment system receives the encryption, processing is decrypted to the checking information, obtains original
Checking information.
Above-mentioned second container system is to the beneficial effect of checking information encryption:Prevent second container system and first
During transmitting checking information between containment system, checking information meets with illegal kidnap.Specifically, because the checking information is passed through
Encryption is crossed, therefore, even if the checking information is kidnapped by illegal program, original checking information can not be also obtained, improve
The security of checking information.
Second container system has many kinds to the method that checking information is encrypted, and conventional method is:Second container system
The checking information is encrypted using public key for system, the checking information after being encrypted, then, and the first containment system is used
Checking information after the encryption is decrypted private key, obtains original checking information.Encryption method provided herein is to show
The explanation of example property, in actual applications, can use increasingly complex encryption and decryption approaches, obtained so as to increase illegal program
Checking information after must encrypting cracks difficulty, and then improves the security of checking information.
After the first containment system obtains checking information, the checking information can be automatically entered into checking information to be obtained
Using on corresponding safety verification interface, it is specific as shown in figure 4, the first containment system by the identifying code (checking information) of acquisition from
In the space of dynamic " the input validation code " being input on safety verification interface, finally, user by clicking on " it is determined that " button, to this
The instruction for verifying the checking information using sending, or user is by clicking on " cancellation " button, is sent to the application and cancels checking
The instruction of the checking information.
Foregoing teachings it has been mentioned that:In actual applications, the application positioned at the first containment system may have many kinds, and need
The application of checking information is obtained from second container also many kinds, therefore, when the first containment system receives checking information
Afterwards, it is necessary to which the checking information is distributed into corresponding application, at this moment need to use checking information in the first containment system and receive clothes
The list that business is set up, specifically, first, according to the mark of the originator carried in the checking information, finds this in lists
Originator identifies corresponding application identities, secondly, the application is found according to the application identities, so that checking information is distributed into this
Using.Here it is foregoing teachings record list is arranged to have " ageing " the reason for tabling look-up efficiency can be improved, i.e.,:It is fixed
When the information of the application of " expired " in delete list, so, can be quick after the first containment system receives checking information
Ground finds the corresponding application of the checking information from list, and this improves efficiency of tabling look-up.
In order to be better understood from the present invention, whole scheme is illustrated below by a complete example, but also only
It is exemplary explanation.The specific workflow of the example is as shown in figure 5, specifically include following steps:
S501:After the request to originator acquisition checking information is triggered in application of the user in identifying code to be obtained, treat
Identifying code is obtained to be registered in identifying code reception service using by the request;
S502:Identifying code receives service and adds the information of the application of the identifying code to be obtained in list;
S503:The short message that message monitoring service monitoring SMS module in second container system is received;
S504:The short message for carrying checking information is sent in SMS module by originator;
S505:SMS module sends the short message into message monitoring service;
S506:Message monitoring service parses the short message, extracts the checking information in the short message, i.e.,:Identifying code;
S507:The identifying code that the checking information is sent into the first containment system is received and serviced by message monitoring service;
S508:Identifying code receives service and distributes checking information to the application of identifying code to be obtained;
S509:The checking information received is automatically entered into " safety verification interface " by the application of identifying code to be obtained.
Although above method embodiment identifies each step in the form of step number (S501~S509),
This actual execution sequence not represented between each step deploys fully according to the step number.For example, S504 can be with
It is just to occur after S501, or occurs simultaneously with S502 also or after S502 occur.Therefore, in practical application sheet
Between invention execution containment system during validation-cross information, execution sequence depends on the order actually occurred between each step.
The present invention is described in detail below by Fig. 2, Fig. 3 and Fig. 4 to test compared to containment system acquisition in aforementioned background art
The beneficial effect that the method for card information is obtained, it is specific as follows:
Containment system is obtained in the method for checking information in the introduction, when certain in the containment system of User logs in first
Using before being paid, the first containment system can be switched to second container system, for example, from " safety verification circle in Fig. 2
Face " is switched to " short message interface " in Fig. 3, and checking information is obtained on " short message interface ", and at this moment user needs to remember the checking
Information, then " the safety verification interface " being switched in Fig. 2, are manually entered the checking information that user remembers.And carried using the present invention
The method of confession, as long as " safety verification interface " triggering of user in fig. 2 obtains the request of identifying code, will pass through the first container
Interaction between system and second container system so that second container information directly sends checking information to the first containment system
In, and the checking information of acquisition is input in " safety verification interface " (as shown in Figure 4) by the first containment system automatically, because
This, needs are solved by switching the problem of two containment systems just can be achieved to obtain checking information using the present invention.
The first containment system and second container system in the embodiment of the present invention are located at same terminal device, the terminal device
Internal structure block schematic illustration as shown in fig. 6, including:System kernel, master control system, the first containment system and second container
System, wherein, each system shares same system kernel.
Wherein, system kernel is Linux kernel, and system kernel is responsible for directly with the network hardware in terminal device entering
Row communication.
Master control system is the system that is safe, controllable, can matching somebody with somebody started by kernel, and master control system is responsible for first
Containment system and second container system, while the first containment system and second container system are entered by master control system with system kernel
Row communication.
First containment system and second container system are each android system run in multisystem terminal device,
Respective system includes Framework (system framework layer), is communicated by respective Framework with master control system.
Wherein, the first containment system and second container system in the embodiment of the present invention can be provided in Linux
Operating system in the container that container (container) virtualization technology is created.Operating system can be traditional
(SuSE) Linux OS or Unix operating systems or the android system being derived based on (SuSE) Linux OS,
Ubuntu systems or FireFox systems etc., can also be windows systems based on windows platform etc..It is actual
On, the subsystem in the present invention is not limited to the foregoing operating system enumerated, can cover all behaviour that can be run in a reservoir
Make system.
Preferably, master control system can be above-mentioned traditional operating system or traditional kernel is changed
Enter and/or outside kernel after (such as ccf layer and application layer) increase functional module, obtained operating system.
Master control system is mainly used in carrying out front and back management to each containment system, is interacted with each containment system, its
In, master control system can be communicated by predefined passage with each containment system.
The present invention also proposes a kind of device of validation-cross information between containment system, is equally used for solving to need by switching
The problem of two containment systems just can be achieved to obtain checking information.The device is included with lower unit:
First transmitting element 701, the transmitting element 703 of resolution unit 702 and second, wherein:
First transmitting element 701, in the first containment system, asking for checking information is obtained for being sent to originator
Ask;
Resolution unit 702, in second container system, is tested for receiving the carrying that originator is returned in response to request
The short message of information is demonstrate,proved, and short message is parsed to obtain checking information;
Second transmitting element 703, in second container system, for checking information to be sent to the first containment system.
The specific workflow of present apparatus embodiment is:First, the first transmitting element 701 in the first containment system
The request for obtaining checking information is sent to originator, secondly, the resolution unit 702 in second container system, which is received, to be transmitted
The short message for the carrying checking information that side is returned in response to the request, and the short message is parsed to obtain checking information,
Finally, the second transmitting element 703 in second container system sends the checking information to the first containment system.
Present apparatus embodiment realizes that the mode of validation-cross information between containment system has many kinds, for example, in one kind implementation
In mode, the device embodiment also includes registering unit, and registering unit is located in the first containment system, specifically for:
Before the request that the first transmitting element 701 sends acquisition checking information to originator, by the first containment system
Checking information receives service registry into the message monitoring service of second container system;
Wherein, resolution unit 702 receives the short message for the carrying checking information that originator is returned in response to request, bag
Include:
By the short message monitoring service monitoring of second container system to second container system receive originator in response to
Ask the short message of carrying checking information returned;
Wherein, the second transmitting element 703 sends checking information to the first containment system, including:
According to log-on message, second container system sends checking information to corresponding first containment system.
In another embodiment, the device also includes:
3rd transmitting element, the first creating unit, first acquisition unit, second acquisition unit and first message transmission are single
Member, wherein:
3rd transmitting element, in the first containment system, for the second transmitting element 703 by checking information send to
Before first containment system, send to transmit for the message between the first containment system and second container system to master control system and lead to
The establishment channel request message in road;
First creating unit, in master control system, for according to channel request message is created, for the first containment system
With two socket filec descriptors of second container system creation;
First acquisition unit, in the first containment system, for obtaining corresponding socket filec descriptors;
Second acquisition unit, in second container system, for obtaining corresponding socket filec descriptors;
First transmission unit, for according to corresponding socket filec descriptors, carrying out message transmission.
In another embodiment, the device also includes:
Second creating unit, unit and the second transmission unit are set up, wherein:
Creating unit, in master control system, for sending checking information to the first container in the second transmitting element 703
Before system, bridge is created, and for the first containment system and the corresponding virtual network port of second container system creation, wherein,
One end of each virtual network port is arranged in corresponding containment system, and the other end of each virtual network port is connected with bridge;
Unit is set up, in second container system, for passing through its corresponding virtual network port and bridge and first
The corresponding virtual network port of containment system sets up data path;
Second transmission unit, in second container system, for the movement based on data path and the first containment system
Network carries out data transmission.
In another embodiment, the second transmitting element 703 sends checking information to the first containment system, including:
Checking information is encrypted to generate the checking information after encryption, and the checking information after encryption is sent
To the first containment system.
Using present apparatus embodiment obtain beneficial effect be:Phase intercommunication between first containment system and second container system
Letter, the short message for the carrying checking information that originator is sent is received by second container system, and by extracting in the short message
Checking information, most the checking information is sent to the first containment system at last, that is to say, that second container system is being verified
After information, the checking information is sent to the first containment system automatically, without the first containment system and second container system it
Between frequent switching can just obtain checking information, improve the efficiency that the first containment system obtains checking information.
Those skilled in the art of the present technique are appreciated that the present invention includes being related to for performing in operation described herein
One or more of equipment.These equipment can be for needed for purpose and specially design and manufacture, or can also include general
Known device in computer.These equipment have the computer program being stored in it, and these computer programs are optionally
Activation is reconstructed.Such computer program can be stored in equipment (for example, computer) computer-readable recording medium or be stored in
E-command and it is coupled to respectively in any kind of medium of bus suitable for storage, the computer-readable medium is included but not
Be limited to any kind of disk (including floppy disk, hard disk, CD, CD-ROM and magneto-optic disk), ROM (Read-Only Memory, only
Read memory), RAM (Random Access Memory, immediately memory), EPROM (Erasable Programmable
Read-Only Memory, Erarable Programmable Read only Memory), EEPROM (Electrically Erasable
Programmable Read-Only Memory, EEPROM), flash memory, magnetic card or light card
Piece.It is, computer-readable recording medium includes storing or transmitting any Jie of information in the form of it can read by equipment (for example, computer)
Matter.
Those skilled in the art of the present technique be appreciated that can be realized with computer program instructions these structure charts and/or
The combination of each frame and these structure charts and/or the frame in block diagram and/or flow graph in block diagram and/or flow graph.This technology is led
Field technique personnel be appreciated that these computer program instructions can be supplied to all-purpose computer, special purpose computer or other
The processor of programmable data processing method is realized, so as to pass through the processing of computer or other programmable data processing methods
The scheme that device is specified in the frame or multiple frames to perform structure chart disclosed by the invention and/or block diagram and/or flow graph.
Those skilled in the art of the present technique are appreciated that in the various operations discussed in the present invention, method, flow
Step, measure, scheme can be replaced, changed, combined or deleted.Further, it is each with what is discussed in the present invention
Kind operation, method, other steps in flow, measure, scheme can also be replaced, changed, reset, decomposed, combined or deleted.
Further, it is of the prior art to have and the step in the various operations disclosed in the present invention, method, flow, measure, scheme
It can also be replaced, changed, reset, decomposed, combined or deleted.
Described above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.