CN112231124A - Inter-application communication method and device based on privacy protection - Google Patents

Inter-application communication method and device based on privacy protection Download PDF

Info

Publication number
CN112231124A
CN112231124A CN202011468291.9A CN202011468291A CN112231124A CN 112231124 A CN112231124 A CN 112231124A CN 202011468291 A CN202011468291 A CN 202011468291A CN 112231124 A CN112231124 A CN 112231124A
Authority
CN
China
Prior art keywords
operating system
memory area
data
tee
parameter information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011468291.9A
Other languages
Chinese (zh)
Other versions
CN112231124B (en
Inventor
朱丙营
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202011468291.9A priority Critical patent/CN112231124B/en
Publication of CN112231124A publication Critical patent/CN112231124A/en
Application granted granted Critical
Publication of CN112231124B publication Critical patent/CN112231124B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/543User-generated data transfer, e.g. clipboards, dynamic data exchange [DDE], object linking and embedding [OLE]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification provides an inter-application communication method and device based on privacy protection. The method may be applied to a first operating system running in an REE, comprising: receiving parameter information from an application program, wherein the parameter information comprises physical addresses and lengths of a first memory area and a second memory area in an REE; sending the parameter information to a second operating system in the TEE through the environment switching unit, so that the second operating system responds to the parameter information and calls a trusted application in the TEE, the trusted application obtains first data from the first memory area, and a processing result of the first data is written into the second memory area; receiving a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived; and feeding back the notification message to the corresponding application program, so that the corresponding application program acquires the processing result from the second memory area.

Description

Inter-application communication method and device based on privacy protection
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a method and a device for communication between applications based on privacy protection.
Background
Currently, many terminal devices may be configured with an REE (normal Execution Environment) and a TEE (Trusted Execution Environment), in which operating systems are respectively run. The REE runs a first operating system common to the devices, for example, an operating system such as Android or IOS, and an application program may be installed in the first operating system. In practice, the first operating system is often referred to as the non-secure operating system and the second operating system running in the TEE is often referred to as the secure operating system. The second operating system has a trusted application installed therein, and the trusted application can provide security services to the application program in the REE.
As services (e.g., payment services, data management services, etc.) rely more and more on security functions and security service flows involving security operations increase, performance of communications between the first operating system and the second operating system applications becomes critical.
Therefore, a reasonable and reliable solution for realizing efficient communication between the first os and the second os is urgently needed.
Disclosure of Invention
The embodiment of the specification provides an inter-application communication method and device based on privacy protection.
In a first aspect, an embodiment of the present specification provides a privacy protection-based inter-application communication method, which is applied to a first operating system on a terminal device, where the terminal device is configured with a common execution environment REE, a trusted execution environment TEE and an environment switching unit, the first operating system runs in the REE, and a second operating system runs in the TEE, and the method includes: receiving parameter information from an application program, wherein the parameter information comprises physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for exporting the data; sending the parameter information to the second operating system through the environment switching unit, so that the second operating system calls a trusted application in the TEE in response to the parameter information, the trusted application acquires the first data from the first memory area, and writes a processing result of the first data into the second memory area; receiving a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived; and feeding back the notification message to the corresponding application program, so that the corresponding application program acquires the processing result from the second memory area.
In some embodiments, the terminal device adopts an ARM architecture, and the environment switching unit includes a security monitor.
In some embodiments, the first data comprises data processing instructions and data to be processed.
In some embodiments, the data processing instructions comprise encryption instructions and/or signature instructions.
In some embodiments, the notification message includes a physical address of the first memory region and/or the second memory region.
In a second aspect, an embodiment of the present specification provides a privacy protection-based inter-application communication method, which is applied to an environment switching unit on a terminal device, where the terminal device is configured with a normal execution environment REE and a trusted execution environment TEE, where a first operating system runs in the REE, and a second operating system runs in the TEE, and the method includes: receiving parameter information from the first operating system, wherein the parameter information is received by the first operating system from an application program, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export; switching a current execution environment of the terminal device from the REE to the TEE; sending the parameter information to the second operating system, so that the second operating system calls a trusted application in the TEE in response to the parameter information, the trusted application acquires the first data from the first memory area, and a processing result of the first data is written into the second memory area; switching the current execution environment from the TEE to the REE in response to receiving a notification message from the second operating system that the processing result was successfully derived; and sending the notification message to the first operating system so that the first operating system feeds the notification message back to the corresponding application program.
In some embodiments, the terminal device adopts an ARM architecture, and the environment switching unit includes a security monitor.
In a third aspect, an embodiment of the present specification provides a privacy protection-based inter-application communication method, which is applied to a second operating system on a terminal device, where the terminal device is configured with a normal execution environment REE, a trusted execution environment TEE, and an environment switching unit, the second operating system runs in the TEE, and a first operating system runs in the REE, and the method includes: receiving parameter information from the environment switching unit, where the parameter information is received by the first operating system from an application program and sent to the environment switching unit, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export; responding to the parameter information, calling a trusted application in the TEE, enabling the trusted application to acquire the first data from the first memory area, processing the first data to obtain a processing result, and writing the processing result into the second memory area; and sending a notification message of successful derivation of the processing result to the first operating system through the environment switching unit, so that the first operating system feeds the notification message back to the corresponding application program.
In some embodiments, the terminal device is further configured with a memory protection unit; and after the receiving parameter information from the context switching unit, the method further comprises: calling the memory protection unit, and setting target authority information, wherein the target authority information indicates that the REE is prohibited from performing read-write operation on the first memory area and the second memory area; and after the writing of the processing result to the second memory area, the method further comprises: and calling the memory protection unit, and canceling the setting of the target authority information.
In some embodiments, the invoking the trusted application in the TEE, so that the trusted application acquires the first data from the first memory area, processes the first data to obtain a processing result, and writes the processing result in the second memory area includes: mapping the physical address to a virtual address; and sending the virtual address and the length to the trusted application, so that the trusted application determines the physical address according to the virtual address, acquires the first data from the first memory area according to the physical address and the length, processes the first data to obtain the processing result, and writes the processing result into the second memory area.
In some embodiments, after the writing the processing result to the second memory region, the method further comprises: deleting address mapping data, the address mapping data being data yielded during the performing of the step of mapping the physical address to a virtual address.
In some embodiments, the first data comprises data processing instructions and data to be processed; and the processing the first data comprises: and processing the data to be processed according to the data processing instruction.
In a fourth aspect, an embodiment of the present specification provides an inter-application communication apparatus based on privacy protection, which is applied to a first operating system on a terminal device, where the terminal device is configured with a normal execution environment REE, a trusted execution environment TEE, and a context switching unit, the first operating system runs in the REE, and a second operating system runs in the TEE, and the apparatus includes: a first receiving module configured to receive parameter information from an application, where the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported to the TEE, and the second memory area is used for data export; a first sending module configured to send the parameter information to the second operating system via the environment switching unit, so that the second operating system invokes a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data in the second memory area; a second receiving module configured to receive a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived; a second sending module configured to feed back the notification message to a corresponding application program, so that the corresponding application program obtains the processing result from the second memory area.
In a fifth aspect, an embodiment of the present specification provides an inter-application communication apparatus based on privacy protection, which is applied to an environment switching unit on a terminal device, where the terminal device is configured with a normal execution environment REE and a trusted execution environment TEE, where a first operating system runs in the REE, and a second operating system runs in the TEE, and the apparatus includes: a receiving module configured to receive parameter information from the first operating system, where the parameter information is received by the first operating system from an application program, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export; a context switch module configured to switch a current execution context of the terminal device from the REE to the TEE; a first sending module configured to send the parameter information to the second operating system, so that the second operating system invokes a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data in the second memory area; the context switch module further configured to switch the current execution context from the TEE to the REE in response to receiving a notification message from the second operating system that the processing result was successfully derived; a second sending module configured to send the notification message to the first operating system, so that the first operating system feeds back the notification message to the corresponding application program.
In a sixth aspect, an embodiment of the present specification provides an inter-application communication apparatus based on privacy protection, which is applied to a second operating system on a terminal device, where the terminal device is configured with a normal execution environment REE, a trusted execution environment TEE, and an environment switching unit, the second operating system runs in the TEE, and the REE runs with a first operating system, and the apparatus includes: a receiving module configured to receive parameter information from the environment switching unit, where the parameter information is received by the first operating system from an application program and sent to the environment switching unit, and the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, where the first memory area stores first data to be imported to the TEE, and the second memory area is used for data export; a trusted application calling module configured to call a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, processes the first data to obtain a processing result, and writes the processing result into the second memory area; a sending module configured to send a notification message that the processing result is successfully derived to the first operating system via the environment switching unit, so that the first operating system feeds back the notification message to the corresponding application program.
In a seventh aspect, the present specification provides a computer-readable storage medium, on which a computer program is stored, wherein when the computer program is executed in a computer, the computer is caused to execute the method described in any implementation manner of the first, second, and third aspects.
In an eighth aspect, the present specification provides a computing device, including a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the method as described in any implementation manner of the first, second, and third aspects.
The inter-application communication method and apparatus based on privacy protection provided in the foregoing embodiments of this specification may enable applications in the first operating system and the second operating system to implement data import and data export only by using the first memory area and the second memory area in the REE, and do not need to additionally provide two memory areas in the TEE, so that a step of copying the first data to one of the two memory areas in a data import process and a step of storing a processing result of the first data to the other of the two memory areas in a data export process, and then copying the processing result from the other memory area to the second memory area may be omitted. Thus, efficient communication between the first operating system and the second operating system application may be achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments disclosed in the present specification, the drawings needed to be used in the description of the embodiments will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments disclosed in the present specification, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 is an exemplary system architecture diagram to which some embodiments of the present description may be applied;
FIG. 2 is a timing diagram for one embodiment of a privacy-based inter-application communication method in accordance with the present description;
FIG. 3 is a schematic diagram of an inter-application communication device based on privacy protection according to the present disclosure;
FIG. 4 is a schematic diagram of an inter-application communication device based on privacy protection according to the present disclosure;
fig. 5 is a schematic diagram of a configuration of an inter-application communication apparatus based on privacy protection according to the present specification.
Detailed Description
The present specification will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. The described embodiments are only a subset of the embodiments described herein and not all embodiments described herein. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step are within the scope of the present application.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present description may be combined with each other without conflict. In addition, the terms "first", "second", and the like in the present specification are used only for information distinction and do not play any limiting role.
As mentioned above, as services (e.g., payment services, data storage services, etc.) rely more and more on security functions, security service flows involving security operations increase, and communication performance between non-secure operating systems and secure operating system applications becomes critical.
Based on this, embodiments of the present specification provide an inter-application communication method based on privacy protection, by which efficient communication between a first operating system and a second operating system application can be achieved. In particular, FIG. 1 illustrates an exemplary system architecture diagram suitable for use with this embodiment.
As shown in fig. 1, it shows a REE, a TEE, and a context switching unit configured on a terminal device. The REE runs therein a first operating system, on which applications relying on security functions are installed, and the applications may include, for example, a payment-type application and/or a data management-type application, and the like, and are not limited in particular. In addition, a first memory area and a second memory area corresponding to the application program are set in the REE. The first memory area is used for data import, and the second memory area is used for data export. A second operating system runs in the TEE, and a trusted application is installed on the second operating system. The trusted application may provide security services to the application program, which may include, for example and without limitation, digital rights management, mobile payment, sensitive data protection, and the like.
The environment switching unit may be any software and hardware module having a function of performing environment switching. As an example, if the terminal device adopts an arm (advanced RISC machine) architecture, the environment switching unit may include a security Monitor (Secure Monitor). The RISC is a Reduced Instruction Set Computer (RISC) with a Chinese name of Reduced Instruction Set Computer (RISC) for short in English.
In practice, when the application program needs to communicate with the trusted application, so that the trusted application processes the first data, the first data may be written into the first memory area first, and then parameter information is sent to the first operating system, where the parameter information includes, but is not limited to, physical addresses and lengths of the first memory area and the second memory area. The first operating system may send the parameter information to the second operating system via the context switching unit. The second operating system may invoke the trusted application in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data into the second memory area. After the processing result is written into the second memory area, the second operating system may send a notification message that the processing result is successfully derived to the first operating system via the context switch unit. The first operating system may feed back the notification message to the corresponding application program, so that the corresponding application program obtains the processing result from the second memory area. It is noted that the respective application may comprise at least one of: an application program that transmits the parameter information, and another application program that is related to the application program and that requires the processing result.
The following describes specific implementation steps of the above method with reference to specific examples.
Referring to fig. 2, a timing diagram of one embodiment of a privacy protection based inter-application communication method is shown. The method comprises the following steps:
step 201, a first operating system receives parameter information from an application program, where the parameter information includes physical addresses and lengths of a first memory area and a second memory area in an REE, the first memory area stores first data to be imported with a TEE, and the second memory area is used for data export;
step 202, the first operating system sends the parameter information to the environment switching unit;
step 203, the environment switching unit switches the current execution environment of the terminal equipment from REE to TEE;
step 204, the environment switching unit sends the parameter information to a second operating system;
step 206, the second operating system responds to the parameter information, calls the trusted application in the TEE, so that the trusted application acquires the first data from the first memory area, processes the first data to obtain a processing result, and writes the processing result into the second memory area;
step 208, the second operating system sends a notification message that the processing result is successfully derived to the environment switching unit;
step 209, the environment switching unit switches the current execution environment of the terminal device from TEE to REE;
step 210, the context switching unit sends a notification message that the processing result is successfully derived to the first operating system;
in step 211, the first operating system feeds back a notification message indicating that the processing result is successfully derived to the corresponding application program, so that the corresponding application program obtains the processing result from the second memory area.
The above steps are further explained below.
In step 201, the first data may include, but is not limited to, data processing instructions and data to be processed. The data processing instructions may include, but are not limited to, encryption instructions and/or signature instructions. The data to be processed may be any kind of traffic data. It should be understood that the data to be processed is related to the service corresponding to the application program, and the data to be processed is not specifically limited in this specification.
In practice, the terminal device may further be configured with a Memory Protection Unit (MPU), and a processor in the terminal device may perform access right management on the Memory through the MPU. It should be noted that, when the memory protection unit performs memory protection, there may be a minimum physical range limitation, and therefore, the first memory area and the second memory area may be determined by adapting according to the requirement of the memory protection unit and the size of specific service data.
After the first operating system has executed step 201, the first operating system may send the parameter information to the second operating system via the context switching unit. Specifically, the first operating system may send the parameter information to the environment switching unit by executing step 202, so that the environment switching unit switches the current execution environment of the terminal device from REE to TEE by executing step 203, and sends the parameter information to the second operating system by executing step 204.
It is noted that, in step 203, the environment switching unit may switch the current execution environment of the terminal device from the REE to the TEE in response to the parameter information. Optionally, the first operating system may send the environment switching instruction while sending the parameter information to the environment switching unit. The environment switching instruction may be any instruction for instructing to switch the environment, and the content of the environment switching instruction is not specifically limited in this specification. The environment switching unit may switch the current execution environment of the terminal device from the REE to the TEE in response to the environment switching instruction. It should be noted that the method for switching between the REE and the TEE is a well-known technology widely studied and applied at present, and is not described herein again.
After receiving the parameter information, the second operating system may call the trusted application in the TEE by executing step 206, so that the trusted application acquires the first data from the first memory area, processes the first data to obtain a processing result, and writes the processing result in the second memory area. It should be appreciated that the trusted application has read and write permissions for the first memory region and the second memory region.
Typically, trusted applications cannot directly handle physical addresses. Therefore, in step 206, the second operating system may map the physical address in the parameter information to a virtual address, and send the virtual address and the length in the parameter information to the trusted application, so that the trusted application determines the physical address according to the virtual address, and obtains the first data from the first memory area according to the physical address and the length, processes the first data, obtains a processing result, and writes the processing result in the second memory area.
Optionally, after writing the processing result into the second memory area, the second operating system may delete the address mapping data. The address mapping data is data generated in the process of mapping the physical address in the parameter information into the virtual address.
Note that, when the first data is processed, various processing methods may be employed.
For example, the first data may include the data processing instruction and the data to be processed as described above, and the trusted application may process the data to be processed according to the data processing instruction to obtain a processing result. Further, if the data processing instruction includes an encryption instruction, the data to be processed may be encrypted according to the encryption instruction to obtain encrypted data, and the encrypted data is used as a processing result. If the data processing instruction comprises a signature instruction, a signature of the data to be processed can be generated according to the signature instruction, and the signature is used as a processing result. If the data processing instruction comprises an encryption instruction and a signature instruction, the data to be processed can be encrypted according to the encryption instruction to obtain encrypted data, then a signature of the encrypted data is generated according to the signature instruction, and the encrypted data and the signature are used as processing results.
For another example, the TEE may store a data processing policy of a service party corresponding to an application to which the parameter information belongs. The trusted application may process the first data according to the data processing policy to obtain a processing result.
It should be understood that the present specification does not specifically limit the processing method of the first data.
Optionally, after step 204, the second operating system may call the memory protection unit to set the target permission information by performing step 205, in order to ensure the security of the first memory region and the second memory region during the operation and implement the secure communication between the first operating system and the second operating system application. The target authority information indicates that REE is prohibited from performing read-write operation on the first memory area and the second memory area. Further, the second operating system performs step 205 after step 204 and before step 206. In addition, after step 206, the second operating system may cancel the setting of the target permission information by performing step 207, so that the application program in the REE performs read-write operations on the first memory area and the second memory area.
After writing the processing result into the second memory area, the second operating system may send a notification message that the processing result is successfully derived to the first operating system via the environment switching unit. Specifically, the second operating system may send the notification message to the context switching unit by executing step 208, so that the context switching unit switches the current execution context of the terminal device from TEE to REE by executing step 209, and sends the notification message to the first operating system by executing step 210.
It is noted that in step 208, the notification message may include any information item indicating that the processing result was successfully derived. Optionally, the notification message may include a physical address of the first memory region and/or the second memory region.
In step 211, the first operating system may feed back the notification message to the corresponding application program, so that the corresponding application program obtains the processing result from the second memory area. It is noted that the respective application may comprise at least one of: an application program that transmits the parameter information, and another application program that is related to the application program and that requires the processing result.
Optionally, in the execution process of step 202 and 211, if the first memory area and/or the second memory area are occupied by the Cache, a Cache Flush operation may be executed. For example, after receiving the parameter information, the first operating system may perform a cache refresh operation on the first memory region if it is detected that the first memory region is occupied by the cache. For another example, after the processing result is written into the second memory region, if the second operating system detects that the second memory region is occupied by the cache, the cache refresh operation may be performed on the second memory region. It should be noted that whether the cache refresh operation needs to be performed or not can be determined according to the chip design characteristics. In addition, the execution time of the cache refresh operation may be designed according to actual requirements, and is not specifically limited herein.
The inter-application communication method and apparatus based on privacy protection provided by this embodiment can enable applications in the first operating system and the second operating system to implement data import and data export only by using the first memory area and the second memory area in the REE, and do not need to additionally provide two memory areas in the TEE, so that a step of copying the first data to one of the two memory areas in a data import process and a step of storing a processing result of the first data to the other of the two memory areas in a data export process and then copying the processing result from the other memory area to the second memory area can be omitted. Therefore, high-efficiency communication between the first operating system and the second operating system can be achieved, and user experience is remarkably improved. In addition, because two additional memory areas are not needed to be arranged in the TEE, the consumption of additional memory can be reduced.
With further reference to fig. 3, the present specification provides one embodiment of a privacy protection based inter-application communication apparatus that may be applied to a first operating system on a terminal device (e.g., the first operating system shown in fig. 1). The terminal equipment is provided with an REE, a TEE and an environment switching unit, wherein a first operating system runs in the REE, and a second operating system runs in the TEE.
As shown in fig. 3, the inter-application communication apparatus 300 based on privacy protection of the present embodiment includes: a first receiving module 301, a first transmitting module 302, a second receiving module 303 and a second transmitting module 304. The first receiving module 301 is configured to receive parameter information from an application, where the parameter information includes physical addresses and lengths of a first memory area and a second memory area in an REE, the first memory area stores first data to be imported with a TEE, and the second memory area is used for data export; the first sending module 302 is configured to send the parameter information to the second operating system via the context switching unit, so that the second operating system invokes the trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data to the second memory area; the second receiving module 303 is configured to receive a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived; the second sending module 304 is configured to feed back the notification message to the corresponding application program, so that the corresponding application program obtains the processing result from the second memory area.
Alternatively, if the terminal device adopts the ARM architecture, the environment switching unit may include a security monitor.
Optionally, the first data may include, but is not limited to, data processing instructions and data to be processed. Further, the data processing instructions may include, but are not limited to, encryption instructions and/or signature instructions.
Optionally, the notification message may include, but is not limited to, a physical address of the first memory region and/or the second memory region.
With further reference to fig. 4, the present specification provides an embodiment of an inter-application communication apparatus based on privacy protection, which may be applied to an environment switching unit (e.g., the environment switching unit shown in fig. 1) on a terminal device. The terminal equipment is configured with an REE and a TEE, wherein a first operating system runs in the REE, and a second operating system runs in the TEE.
As shown in fig. 4, the inter-application communication apparatus 400 based on privacy protection of the present embodiment includes: a receiving module 401, a context switching module 402, a first transmitting module 403 and a second transmitting module 404. The receiving module 401 is configured to receive parameter information from a first operating system, where the parameter information is received by the first operating system from an application program, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in an REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export; the context switch module 402 is configured to switch the current execution context of the terminal device from REE to TEE; the first sending module 403 is configured to send the parameter information to the second operating system, so that the second operating system invokes the trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data into the second memory area; the context switch module 402 is further configured to switch the current execution context from the TEE to the REE in response to receiving a notification message from the second operating system that the processing result was successfully derived; the second sending module 404 is configured to send the notification message to the first operating system, so that the first operating system feeds back the notification message to the corresponding application program.
Alternatively, if the terminal device adopts the ARM architecture, the environment switching unit may include a security monitor.
Optionally, the first data may include, but is not limited to, data processing instructions and data to be processed. Further, the data processing instructions may include, but are not limited to, encryption instructions and/or signature instructions.
Optionally, the notification message may include, but is not limited to, a physical address of the first memory region and/or the second memory region.
With further reference to fig. 5, the present specification provides one embodiment of a privacy protection based inter-application communication apparatus that may be applied to a second operating system on a terminal device (e.g., the second operating system shown in fig. 1). The terminal equipment is provided with a REE, a TEE and an environment switching unit, the second operating system runs in the TEE, and the first operating system runs in the REE.
As shown in fig. 5, the inter-application communication apparatus 500 based on privacy protection of the present embodiment includes: a receiving module 501, a trusted application calling module 502 and a sending module 503. The receiving module 501 is configured to receive parameter information from the environment switching unit, where the parameter information is received by the first operating system from the application program and sent to the environment switching unit, and the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, where the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export; the trusted application calling module 502 is configured to call the trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, processes the first data, obtains a processing result, and writes the processing result into the second memory area; the sending module 503 is configured to send a notification message that the processing result is successfully derived to the first operating system via the context switching unit, so that the first operating system feeds back the notification message to the corresponding application program.
Optionally, the terminal device is further configured with a memory protection unit; and the apparatus 500 may further include: a first calling module (not shown in the figure), configured to, after the receiving module 501 receives the parameter information from the environment switching unit, call the memory protection unit, and set target permission information, where the target permission information indicates that the REEs are prohibited from performing read-write operations on the first memory region and the second memory region; and after the processing result is written into the second memory area, calling the memory protection unit to cancel the setting of the target permission information.
Optionally, the trusted application invocation module 502 may be further configured to: mapping the physical address into a virtual address; and sending the virtual address and the length to a trusted application, so that the trusted application determines the physical address according to the virtual address, acquires first data from the first memory area according to the physical address and the length, processes the first data to obtain a processing result, and writes the processing result into a second memory area.
Optionally, the trusted application invocation module 502 may be further configured to: after writing the processing result into the second memory area, deleting address mapping data, which is data generated during the step of mapping the physical address into the virtual address.
Optionally, the first data may include a data processing instruction and data to be processed, and the trusted application calling module 502 may be further configured to cause the trusted application to process the data to be processed according to the data processing instruction.
Optionally, the data processing instructions may include, but are not limited to, encryption instructions and/or signature instructions.
Alternatively, if the terminal device adopts the ARM architecture, the environment switching unit may include a security monitor.
Optionally, the notification message may include, but is not limited to, a physical address of the first memory region and/or the second memory region.
In the embodiments corresponding to fig. 3, fig. 4, and fig. 5, the detailed processing of each module and the technical effect thereof can refer to the related description in the embodiment corresponding to fig. 2, and are not repeated herein.
Embodiments of the present specification further provide a computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed in a computer, the computer is caused to execute the inter-application communication method based on privacy protection respectively shown in the above method embodiments.
The embodiment of the present specification further provides a computing device, which includes a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the inter-application communication method based on privacy protection, which is respectively shown in the above method embodiments.
The present specification also provides a computer program product, which when executed on a data processing device, causes the data processing device to implement the inter-application communication method based on privacy protection respectively shown in the above method embodiments.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments disclosed herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above-mentioned embodiments, objects, technical solutions and advantages of the embodiments disclosed in the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the embodiments disclosed in the present specification, and are not intended to limit the scope of the embodiments disclosed in the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the embodiments disclosed in the present specification should be included in the scope of the embodiments disclosed in the present specification.

Claims (17)

1. An inter-application communication method based on privacy protection is applied to a first operating system on a terminal device, the terminal device is configured with a common execution environment REE, a trusted execution environment TEE and an environment switching unit, the first operating system runs in the REE, and a second operating system runs in the TEE, the method comprises the following steps:
receiving parameter information from an application program, wherein the parameter information comprises physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for exporting the data;
sending the parameter information to the second operating system through the environment switching unit, so that the second operating system calls a trusted application in the TEE in response to the parameter information, the trusted application acquires the first data from the first memory area, and writes a processing result of the first data into the second memory area;
receiving a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived;
and feeding back the notification message to the corresponding application program, so that the corresponding application program acquires the processing result from the second memory area.
2. The method of claim 1, wherein the terminal device employs an ARM architecture and the context switching unit comprises a security monitor.
3. The method of claim 1, wherein the first data comprises data processing instructions and data to be processed.
4. A method according to claim 3, wherein the data processing instructions comprise encryption instructions and/or signature instructions.
5. The method of claim 1, wherein the notification message comprises a physical address of the first memory region and/or the second memory region.
6. An inter-application communication method based on privacy protection is applied to an environment switching unit on a terminal device, the terminal device is configured with a common execution environment REE and a trusted execution environment TEE, a first operating system runs in the REE, a second operating system runs in the TEE, and the method comprises the following steps:
receiving parameter information from the first operating system, wherein the parameter information is received by the first operating system from an application program, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export;
switching a current execution environment of the terminal device from the REE to the TEE;
sending the parameter information to the second operating system, so that the second operating system calls a trusted application in the TEE in response to the parameter information, the trusted application acquires the first data from the first memory area, and a processing result of the first data is written into the second memory area;
switching the current execution environment from the TEE to the REE in response to receiving a notification message from the second operating system that the processing result was successfully derived;
and sending the notification message to the first operating system so that the first operating system feeds the notification message back to the corresponding application program.
7. The method of claim 6, wherein the terminal device employs an ARM architecture and the context switching unit comprises a security monitor.
8. An inter-application communication method based on privacy protection is applied to a second operating system on a terminal device, the terminal device is configured with a common execution environment (REE), a Trusted Execution Environment (TEE) and an environment switching unit, the second operating system runs in the TEE, and a first operating system runs in the REE, and the method comprises the following steps:
receiving parameter information from the environment switching unit, where the parameter information is received by the first operating system from an application program and sent to the environment switching unit, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export;
responding to the parameter information, calling a trusted application in the TEE, enabling the trusted application to acquire the first data from the first memory area, processing the first data to obtain a processing result, and writing the processing result into the second memory area;
and sending a notification message of successful derivation of the processing result to the first operating system through the environment switching unit, so that the first operating system feeds the notification message back to the corresponding application program.
9. The method of claim 8, wherein the terminal device is further configured with a memory protection unit; and
after the receiving parameter information from the context switching unit, the method further comprises:
calling the memory protection unit, and setting target authority information, wherein the target authority information indicates that the REE is prohibited from performing read-write operation on the first memory area and the second memory area; and
after the writing the processing result to the second memory region, the method further includes:
and calling the memory protection unit, and canceling the setting of the target authority information.
10. The method of claim 8, wherein the invoking a trusted application in the TEE, such that the trusted application obtains the first data from the first memory region, processes the first data, obtains a processing result, and writes the processing result to the second memory region, comprises:
mapping the physical address to a virtual address;
and sending the virtual address and the length to the trusted application, so that the trusted application determines the physical address according to the virtual address, acquires the first data from the first memory area according to the physical address and the length, processes the first data to obtain the processing result, and writes the processing result into the second memory area.
11. The method of claim 10, wherein after said writing the processing result to the second memory region, the method further comprises:
deleting address mapping data, the address mapping data being data yielded during the performing of the step of mapping the physical address to a virtual address.
12. The method of one of claims 8-11, wherein the first data comprises data processing instructions and data to be processed; and
the processing the first data includes:
and processing the data to be processed according to the data processing instruction.
13. An inter-application communication apparatus based on privacy protection, applied to a first operating system on a terminal device, where the terminal device is configured with a common execution environment REE, a trusted execution environment TEE, and an environment switching unit, where the first operating system runs in the REE, and a second operating system runs in the TEE, the apparatus comprising:
a first receiving module configured to receive parameter information from an application, where the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported to the TEE, and the second memory area is used for data export;
a first sending module configured to send the parameter information to the second operating system via the environment switching unit, so that the second operating system invokes a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data in the second memory area;
a second receiving module configured to receive a notification message of the second operating system via the context switching unit, the notification message indicating that the processing result is successfully derived;
a second sending module configured to feed back the notification message to a corresponding application program, so that the corresponding application program obtains the processing result from the second memory area.
14. An inter-application communication apparatus based on privacy protection, applied to an environment switching unit on a terminal device, where the terminal device is configured with a common execution environment REE and a trusted execution environment TEE, where a first operating system runs in the REE and a second operating system runs in the TEE, the apparatus comprising:
a receiving module configured to receive parameter information from the first operating system, where the parameter information is received by the first operating system from an application program, the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, the first memory area stores first data to be imported into the TEE, and the second memory area is used for data export;
a context switch module configured to switch a current execution context of the terminal device from the REE to the TEE;
a first sending module configured to send the parameter information to the second operating system, so that the second operating system invokes a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, and writes a processing result of the first data in the second memory area;
the context switch module further configured to switch the current execution context from the TEE to the REE in response to receiving a notification message from the second operating system that the processing result was successfully derived;
a second sending module configured to send the notification message to the first operating system, so that the first operating system feeds back the notification message to the corresponding application program.
15. An inter-application communication apparatus based on privacy protection, applied to a second operating system on a terminal device, where the terminal device is configured with a normal execution environment REE, a trusted execution environment TEE, and an environment switching unit, the second operating system runs in the TEE, and a first operating system runs in the REE, the apparatus comprising:
a receiving module configured to receive parameter information from the environment switching unit, where the parameter information is received by the first operating system from an application program and sent to the environment switching unit, and the parameter information includes physical addresses and lengths of a first memory area and a second memory area in the REE, where the first memory area stores first data to be imported to the TEE, and the second memory area is used for data export;
a trusted application calling module configured to call a trusted application in the TEE in response to the parameter information, so that the trusted application acquires the first data from the first memory area, processes the first data to obtain a processing result, and writes the processing result into the second memory area;
a sending module configured to send a notification message that the processing result is successfully derived to the first operating system via the environment switching unit, so that the first operating system feeds back the notification message to the corresponding application program.
16. A computer-readable storage medium, on which a computer program is stored, wherein the computer program causes a computer to carry out the method of any one of claims 1-12 when the computer program is carried out in the computer.
17. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-12.
CN202011468291.9A 2020-12-14 2020-12-14 Inter-application communication method and device based on privacy protection Active CN112231124B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011468291.9A CN112231124B (en) 2020-12-14 2020-12-14 Inter-application communication method and device based on privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011468291.9A CN112231124B (en) 2020-12-14 2020-12-14 Inter-application communication method and device based on privacy protection

Publications (2)

Publication Number Publication Date
CN112231124A true CN112231124A (en) 2021-01-15
CN112231124B CN112231124B (en) 2021-03-19

Family

ID=74124080

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011468291.9A Active CN112231124B (en) 2020-12-14 2020-12-14 Inter-application communication method and device based on privacy protection

Country Status (1)

Country Link
CN (1) CN112231124B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112434326A (en) * 2021-01-27 2021-03-02 支付宝(杭州)信息技术有限公司 Trusted computing method and device based on data flow
CN112948824A (en) * 2021-03-31 2021-06-11 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN114115732A (en) * 2021-11-10 2022-03-01 深圳Tcl新技术有限公司 Data processing method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107220189A (en) * 2017-03-14 2017-09-29 晨星半导体股份有限公司 Memory headroom is managed and memory access control method and device
EP3379448A1 (en) * 2017-03-21 2018-09-26 Nxp B.V. Method and system for operating a cache in a trusted execution environment
CN110175450A (en) * 2019-05-30 2019-08-27 阿里巴巴集团控股有限公司 A kind of processing method of information, device and equipment
CN110348252A (en) * 2018-04-02 2019-10-18 华为技术有限公司 Operating system and method based on trusted domain
CN111124664A (en) * 2019-11-22 2020-05-08 华为技术有限公司 Method and device for accessing second operating system resource by first operating system
CN111859395A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 Communication optimization method and system on computing platform with TEE extension

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107220189A (en) * 2017-03-14 2017-09-29 晨星半导体股份有限公司 Memory headroom is managed and memory access control method and device
EP3379448A1 (en) * 2017-03-21 2018-09-26 Nxp B.V. Method and system for operating a cache in a trusted execution environment
CN110348252A (en) * 2018-04-02 2019-10-18 华为技术有限公司 Operating system and method based on trusted domain
CN110175450A (en) * 2019-05-30 2019-08-27 阿里巴巴集团控股有限公司 A kind of processing method of information, device and equipment
CN111124664A (en) * 2019-11-22 2020-05-08 华为技术有限公司 Method and device for accessing second operating system resource by first operating system
CN111859395A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 Communication optimization method and system on computing platform with TEE extension

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑显义等: "TrustZone技术的分析与研究", 《计 算 机 学 报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112434326A (en) * 2021-01-27 2021-03-02 支付宝(杭州)信息技术有限公司 Trusted computing method and device based on data flow
CN112434326B (en) * 2021-01-27 2021-05-07 支付宝(杭州)信息技术有限公司 Trusted computing method and device based on data flow
CN112948824A (en) * 2021-03-31 2021-06-11 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN114115732A (en) * 2021-11-10 2022-03-01 深圳Tcl新技术有限公司 Data processing method, device and system

Also Published As

Publication number Publication date
CN112231124B (en) 2021-03-19

Similar Documents

Publication Publication Date Title
CN112231124B (en) Inter-application communication method and device based on privacy protection
US10846117B1 (en) Technique for establishing secure communication between host and guest processes of a virtualization architecture
US8769305B2 (en) Secure execution of unsecured apps on a device
US11061710B2 (en) Virtual machine exit support by a virtual machine function
US10440111B2 (en) Application execution program, application execution method, and information processing terminal device that executes application
CN106997439B (en) TrustZone-based data encryption and decryption method and device and terminal equipment
US10255088B2 (en) Modification of write-protected memory using code patching
US8631482B2 (en) Method for managing computer resources accessed by a program operating in a restricted environment
US10068068B2 (en) Trusted timer service
CN109857571B (en) Clipboard control method and device
TW201627908A (en) System and method of rapid deployment trusted execution environment application
US20140281499A1 (en) Method and system for enabling communications between unrelated applications
CN110807191B (en) Safe operation method and device of application program
US9158690B2 (en) Performing zero-copy sends in a networked file system with cryptographic signing
CN111459673A (en) Secure memory expansion and release method and device and electronic equipment
CN112256460A (en) Inter-process communication method and device, electronic equipment and computer readable storage medium
CN114417362A (en) Data management method, device and system and storage medium
JP5575950B2 (en) Wireless terminal device and system protection method
WO2023103697A1 (en) Communication method in computer system, and related product
JP2008257715A (en) Wireless terminal device and system protection method
JP2009169868A (en) Storage area access device and method for accessing storage area
US20150356307A1 (en) Safe input method and system
CN110737910B (en) Android log decryption management method, device, equipment and medium
CN111460464B (en) Data encryption and decryption method and device, electronic equipment and computer storage medium
CN110765426A (en) Equipment permission setting method, device, equipment and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40044755

Country of ref document: HK