CN112688953B - Data processing method and device, electronic equipment and computer readable storage medium - Google Patents
Data processing method and device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN112688953B CN112688953B CN202011581428.1A CN202011581428A CN112688953B CN 112688953 B CN112688953 B CN 112688953B CN 202011581428 A CN202011581428 A CN 202011581428A CN 112688953 B CN112688953 B CN 112688953B
- Authority
- CN
- China
- Prior art keywords
- data
- data packet
- processed
- address
- hypervisor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a data processing method, a data processing device, electronic equipment and a computer readable storage medium, and relates to the technical field of computers. The method comprises the following steps: when a data operation instruction is detected, acquiring data to be processed; packaging data to be processed into a data packet; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs; the data packet is transmitted to a password module so that the password module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet; detecting a processed data packet returned by the password module based on the address of the terminal equipment; and executing the operation indicated by the data operation instruction on the processed data packet. The application ensures that the data to be processed is also processed by the cryptographic module.
Description
Technical Field
The application provides a data processing method, a data processing device, electronic equipment and a computer readable storage medium, and relates to the technical field of computers.
Background
With the rapid development of mobile internet technology, applications covered by terminal devices have been extended from traditional ones that only support communication functions to those that support high security, high sensitivity, and the like, and ensuring the security of data communication between an Application Processor (AP) and a Communication Processor (CP) has been a great concern for both individuals and enterprises.
In the prior art, a cryptographic module can be arranged to encrypt or decrypt communication data, but in this way, the cryptographic module can only process the communication data, but cannot process other types of data in the terminal device, which results in inconsistent processing flows of the communication data and other types of data.
Disclosure of Invention
The application provides a data processing method, a data processing device, an electronic device and a computer readable storage medium, which can solve the problem that the processing flows of communication data and other data are inconsistent. The technical scheme is as follows:
a first aspect of the present application provides a data processing method, which may include:
when a data operation instruction is detected, acquiring data to be processed;
packaging data to be processed into a data packet; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the data packet is transmitted to a password module so that the password module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet;
detecting a processed data packet returned by the password module based on the address of the terminal equipment;
and executing the operation indicated by the data operation instruction on the processed data packet.
Optionally, the data to be processed is encapsulated into an initial data packet;
setting the address of the IP address field in the initial data packet as the IP address of the terminal equipment to which the hypervisor belongs
Setting a port number in the initial data packet;
taking the initial data packet with the set port number and IP address as a data packet;
the port number is used for indicating an application program port, and the port number is used for the hypervisor to send the data packet to an application program corresponding to the application program port.
Optionally, the transmitting the data packet to the cryptographic module so that the cryptographic module performs encryption or decryption processing on the data packet may include:
and transmitting the data packet to a cryptographic module so that the cryptographic module determines a key length and an encryption algorithm based on the port number and the IP address of the terminal equipment, and encrypts or decrypts the data packet based on the key length and the encryption algorithm to obtain a processed data packet.
Optionally, if the data operation instruction is a data write instruction, the performing, by the data operation instruction, the operation indicated by the data operation instruction on the processed data packet may include:
extracting data to be processed in the processed data packet;
and writing the data to be processed into a data storage device Flash.
Optionally, the terminal device includes an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected in series with the CP, and the method may further include:
if communication data from an application program in the AP are detected, the communication data are transmitted to a password module so that the password module can encrypt the communication data, and the processed communication data are transmitted to the CP;
if the decrypted communication data from the cryptographic module is detected, transmitting the decrypted communication data to an application program in the AP; the decrypted communication data is obtained by decrypting the communication data sent by the CP after the encryption module detects the communication data.
A second aspect of the present application provides a data processing method, which may include:
detecting a data packet from the hypervisor; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
encrypting or decrypting the data packet, and analyzing the address of the terminal equipment from the data packet;
and based on the address of the terminal equipment, transmitting the processed data packet to the hypervisor so that the hypervisor can conveniently execute the operation indicated by the data operation instruction on the processed data packet.
A third aspect of the present application provides a data processing apparatus, which may include:
the acquisition module is used for acquiring data to be processed when a data operation instruction is detected;
the data encapsulation module is used for encapsulating the data to be processed into a data packet; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the first data transmission module is used for transmitting the data packet to the password module so that the password module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet;
the first data detection module is used for detecting a processed data packet returned by the password module based on the address of the terminal equipment;
and the first data processing module is used for executing the operation indicated by the data operation instruction to the processed data packet.
Optionally, the data encapsulation module is particularly useful for
Packaging data to be processed into an initial data packet;
setting the address of the IP address field in the initial data packet as the IP address of the terminal equipment to which the hypervisor belongs
Setting a port number in the initial data packet;
taking the initial data packet with the set port number and IP address as a data packet;
the port number is used for indicating an application program port, and the port number is used for the hypervisor to send the data packet to an application program corresponding to the application program port.
Optionally, the first data transmission module is specifically configured to:
and transmitting the data packet to a cryptographic module so that the cryptographic module determines a key length and an encryption algorithm based on the port number and the IP address of the terminal equipment, and encrypting or decrypting the data packet based on the key length and the encryption algorithm to obtain a processed data packet.
Optionally, if the data operation instruction is a data writing instruction, the first data processing module is specifically configured to:
extracting data to be processed in the processed data packet;
and writing the data to be processed into a data storage device Flash.
Optionally, the terminal device includes an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected with the CP in series, and the device also comprises:
the second data transmission module is used for transmitting the communication data to the cryptographic module if the communication data from the application program in the AP is detected, so that the cryptographic module can encrypt the communication data and transmit the processed communication data to the CP;
the third data transmission module is used for transmitting the decrypted communication data to the application program in the AP if the decrypted communication data from the password module is detected; the decrypted communication data is obtained by decrypting the communication data sent by the CP after the encryption module detects the communication data.
A fourth aspect of the present application also provides a data processing apparatus, which may include:
the second data detection module is used for detecting a data packet from the hypervisor; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the second data processing module is used for encrypting or decrypting the data packet and analyzing the address of the terminal equipment from the data packet;
and the fourth data transmission module is used for transmitting the processed data packet to the hypervisor based on the address of the terminal device, so that the hypervisor can conveniently execute the operation indicated by the data operation instruction on the processed data packet.
In a fifth aspect of embodiments of the present application, there is provided an electronic device comprising a storage and a processor; the memory has a computer program stored therein; the processor is adapted to perform the method of any of the first aspect and its optional embodiments when running the computer program.
A sixth aspect of the embodiments of the present application provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the method of any one of the first aspect and its optional implementation manners.
The beneficial effect that technical scheme that this application provided brought is:
when a data operation instruction is detected, data to be processed can be obtained, the data to be processed is packaged into a data packet, the data packet can be transmitted to a cryptographic module for encryption or decryption, meanwhile, because the address of an IP address field in the data packet is the address of a terminal device to which the hypervisor belongs, the cryptographic module can also analyze the address of the terminal device from the data packet, the processed data packet is returned to the hypervisor based on the address of the terminal device, and the data processed by the cryptographic module can also be returned to the hypervisor, so that the hypervisor can execute the operation indicated by the data operation instruction on the processed data packet.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
FIG. 1 is a schematic flow chart of a data processing method according to the present application;
FIG. 2 is a schematic diagram illustrating a flow of writing data into Flash according to the present application;
FIG. 3 is a schematic view of a process of reading data from Flash according to the present application;
FIG. 4 is a flow chart illustrating the processing of communication data according to the present application;
FIG. 5 is another schematic flow chart of the data processing method of the present application;
FIG. 6 is another schematic flow chart of the data processing method of the present application;
FIG. 7 is a schematic diagram of a data processing apparatus according to the present application;
FIG. 8 is a schematic diagram of another embodiment of a data processing apparatus according to the present application;
fig. 9 is a schematic structural diagram of an electronic device according to the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative and are only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Several terms referred to in this application will first be introduced and explained:
terminal equipment such as cell-phone, computer generally include AP and CP, and the operating system of this application runs through AP, and CP generally refers to 3G communication chip, 4G communication chip or 5G communication chip.
The AP may adopt an Advanced RISC Machine (ARM) architecture, where the ARM architecture includes multiple permission levels (ELs), and specifically includes: the permission levels of EL0 to EL2 and EL0 to EL2 are sequentially increased, software modules running at different permission levels have different permissions, and the software modules can perform permission control according to the corresponding permission levels. For example, an application program runs through EL0, the kernel of the operating system runs through EL1, and EL2 is normally vacant, whereas the application can run hypervisor through EL 2.
The terminal device supports a multi-level multi-domain operating system, the hypervisor can manage a plurality of virtual machines, each virtual machine corresponds to one operating system, the multi-domain is the operating system corresponding to the plurality of virtual machines or the plurality of virtual machines, and the multi-level means that the cryptographic module can carry out multi-level encryption on data in the application.
The hypervisor can access all physical devices including a disk and a memory in the terminal device, has higher execution level, namely higher authority, and thus can send other types of data to the cryptographic module for processing through the hypervisor, and simultaneously sets the IP address of the data to receive the processed data returned by the cryptographic module based on the IP address through the hypervisor, so that the consistency of the processing flows of other types of data and communication data can be realized.
In the following, how to solve the above technical problem will be described, and referring to fig. 1, the present application provides a data processing method, which may include:
step S101, when a data operation instruction is detected, acquiring data to be processed;
the hypervisor can control writing in and writing out of the storage class data, when the hypervisor detects a data operation instruction, the data to be processed can be obtained, and the data to be processed can be the storage class data.
In this embodiment, the data operation command may be a data write command or a data read command;
if the data operation instruction is a data writing instruction, the data to be processed is data from a related program running on the AP; and if the data operation instruction is a data reading instruction, the data to be processed is data from Flash.
In this embodiment, flash may be an external device independent of the terminal device, or may be a hardware device included in the terminal device, and in either case, flash is connected to an AP included in the terminal device.
Step S102, packaging data to be processed into a data packet; the address of an Internet Protocol (IP) address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the terminal device may encapsulate data to be processed into a data packet, where the data packet includes a header and a data portion, the data to be processed is located in the data portion and exists in the data packet in a data load form, the header includes an Internet Protocol (IP) field, and an address of the IP field is an address of a terminal device to which the hypervisor belongs.
In this embodiment, the address of the terminal device refers to the IP address of the terminal device, and the IP address of the terminal device can be uniquely matched with one terminal device.
Step S103, the data packet is sent and transmitted to a password module so that the password module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet;
the hypervisor can transmit the data packet to the cryptographic module, so that the cryptographic module encrypts or decrypts the data packet based on the difference of the data operation instruction, specifically, if the data operation instruction is a data write instruction, the data packet is encrypted; and if the data operation instruction is a data reading instruction, decrypting the data packet.
Meanwhile, the cipher module can also analyze the address of the terminal equipment from the data packet.
Step S104, detecting a processed data packet returned by the password module based on the address of the terminal equipment;
step S105, an operation indicated by the data operation instruction is executed on the processed packet.
Because the IP address is the address of the terminal device, the cryptographic module will return the processed data packet to the hypervisor in the terminal device, and if the hypervisor detects the processed data packet returned by the cryptographic module, the hypervisor will perform the operation indicated by the data operation instruction on the processed data packet, which may specifically be: the hypervisor executes the operation of writing the data into Flash indicated by the data writing instruction for the processed data packet, or the hypervisor executes the operation of sending the data read from Flash to the relevant program for processing indicated by the data reading instruction for the processed data packet.
It can be seen that when a data operation instruction is detected, data to be processed can be obtained, and the data to be processed is encapsulated into a data packet, the data packet can be transmitted to a cryptographic module for encryption or decryption, meanwhile, because the address of an IP address field in the data packet is the address of a terminal device to which the hypervisor belongs, the cryptographic module can also analyze the address of the terminal device from the data packet, so that the processed data packet is returned to the hypervisor based on the address of the terminal device, and thus, the data processed by the cryptographic module can also be returned to the hypervisor, so that the hypervisor performs the operation indicated by the data operation instruction on the processed data packet.
Optionally, encapsulating the data to be processed into a data packet includes:
packaging data to be processed into an initial data packet;
and setting the address of the IP address field in the initial data packet as the IP address of the terminal equipment to which the hypervisor belongs to obtain the data packet.
In this embodiment, the hypervisor may encapsulate the data to be processed into an initial data packet, then set an address of an IP field in the initial data packet, set the address of the IP field as an IP address of the terminal device to which the hypervisor belongs, and use the initial data packet after setting the address as the data packet.
Therefore, the hypervisor can receive the processed data packet returned by the cryptographic module based on the address of the terminal device only by setting the IP address of the data packet as the address of the terminal device and sending the data packet to the cryptographic module for processing so as to ensure that the storage data is also processed by the cryptographic module.
Optionally, encapsulating the data to be processed into a data packet includes:
setting a port number in the initial data packet;
setting the address of the IP address field in the initial data packet as the IP address of the terminal device to which the hypervisor belongs to obtain a data packet, wherein the method comprises the following steps:
and taking the initial data packet after the port number and the IP address are set as a data packet.
In this embodiment, the hypervisor may set the port number in the initial packet in addition to the IP address of the initial packet, so that the initial packet with the set port number and IP address is used as the packet.
In this embodiment, the port number may be matched to a unique application port, and then the hypervisor may determine the service type based on the port, for example, if the port number is matched to an instant messaging application port, the service type is an instant messaging service; if the port number is matched with the game application program port, the service type is game service; and if the port number is matched with the port of the video application program, the service type is video service.
It can be seen that the application may further set a port number to indicate a service type, so that the hypervisor may determine a service corresponding to the data to be processed, and at the same time, the port number indicates an application port, and the hypervisor may also send the data read from the Flash to an application corresponding to the application port for processing, which is specifically implemented in the embodiments described later.
Optionally, the present application may further implement multi-stage encryption of a cryptographic module, specifically:
transmitting the data packet to the cryptographic module so that the cryptographic module can encrypt or decrypt the data packet, comprising:
and sending and transmitting the data packet to the cryptographic module so that the cryptographic module determines the key length and the encryption algorithm based on the port number and the IP address of the terminal equipment, and encrypts or decrypts the data packet based on the key length and the encryption algorithm to obtain the processed data packet.
After the hypervisor sends the data packet to the cryptographic module, the cryptographic module may determine a key length, that is, an encrypted bit number, based on the port number and the IP address of the terminal device, and may also determine an encryption algorithm based on the port number and the IP address, where the encryption algorithm includes at least one of a symmetric encryption algorithm, an asymmetric encryption algorithm, and a Hash algorithm.
The cryptographic module can encrypt or decrypt the data packet based on the key length and the encryption algorithm to realize multi-stage encryption of the data packet.
As described above, the data operation command includes a data writing command or a data reading command, and the following describes the execution flow of the data processing method according to the present application with respect to different data operation commands:
and (I) if the data operation command is a data writing command.
Optionally, if the data operation instruction is a data write instruction, the performing, by the data operation instruction, the operation indicated by the data operation instruction on the processed data packet includes:
extracting data to be processed in the processed data packet;
and writing the data to be processed into a data storage device Flash.
In this embodiment, referring to fig. 2, a schematic flow diagram of writing data into Flash according to the present application is shown:
for the data to be processed from the application program, after encapsulating the data to be processed into a data packet, the hypervisor may send the data packet to the cryptographic module for encryption, and then receive an encrypted data packet returned by the cryptographic module based on the IP address of the terminal device, the hypervisor extracts the data to be processed in the encrypted data packet, actually extracts the data load in the encrypted data packet, and writes the data load into Flash.
Therefore, when the data are written into the Flash, the data can also pass through the processing flow of the cryptographic module, and the consistency of the processing flow of the communication data and the storage data is ensured.
And (II) if the data operation instruction is a data reading instruction.
And executing the operation indicated by the data operation instruction on the processed data packet, wherein the operation comprises the following steps:
determining an application program port indicated by a port number in the processed data packet;
and transmitting the processed data packet to a corresponding application program based on the application program port.
In this embodiment, referring to fig. 3, a schematic flow diagram of reading data from Flash according to the present application is shown:
the hypervisor can read the data load from the Flash, encapsulate the data load into a data packet, send the data packet to the cryptographic module for decryption, receive the decrypted data packet returned by the cryptographic module based on the IP address of the terminal device in the data packet, and analyze the port number from the decrypted data packet, so as to send the decrypted data packet to the application program corresponding to the port number.
Therefore, when the data are read from the Flash, the data can also pass through the processing flow of the password module, and the consistency of the processing flow of the communication data and the processing flow of the storage data is ensured.
The above describes the data processing flow of the storage class data, and the following describes the processing flow of the communication data in the present application.
Optionally, the terminal device includes an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected with the CP in series, and the method further comprises:
if communication data from an application program in the AP are detected, the communication data are transmitted to the cryptographic module, so that the cryptographic module can encrypt the communication data, and the processed communication data are transmitted to the CP;
if the decrypted communication data from the cryptographic module is detected, transmitting the decrypted communication data to an application program in the AP; the decrypted communication data is obtained by decrypting the communication data sent by the CP after the encryption module detects the communication data.
In the existing scheme, actually, communication data can also bypass the encryption module to be directly sent to the AP or the CP, and the cryptographic module is connected in series with the AP and the CP in the present application, so that for the communication data between the AP and the CP, the communication data needs to be processed by the cryptographic module, and the encryption of the communication data cannot be bypassed, and the specific processing mode is as follows:
as shown in fig. 4, if the hypervisor detects communication data from an application program running on the AP, the communication data is transmitted to the cryptographic module, so that the cryptographic module can encrypt the communication data and transmit the encrypted communication data to the CP, and then the CP transmits the communication data to the network;
for the communication data in the opposite direction, the CP may send the communication data to the cryptographic module, and the cryptographic module decrypts the communication data and transfers the decrypted communication data to the hypervisor, so that if the hypervisor detects the decrypted communication data sent from the cryptographic module, the decrypted communication data is transferred to the application program running on the AP, so as to implement the application program function.
The above description has been made in terms of hypervisor, and the following description will explain the data processing method of the present application in terms of cryptographic modules with reference to fig. 5.
Step S501, detecting a data packet from a hypervisor of the virtual machine; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
step S502, encrypting or decrypting the data packet, and analyzing the address of the terminal equipment from the data packet;
step S503, based on the address of the terminal device, the processed data packet is transferred to the hypervisor, so that the hypervisor performs the operation indicated by the data operation instruction on the processed data packet.
The embodiment of the present invention is substantially the same as the embodiment of fig. 1, and the specific implementation manner and the beneficial effects thereof may refer to the related discussion of the embodiment of fig. 1, which is not described herein again.
In summary, the data processing method of the present application is substantially implemented by interaction between the hypervisor and the cryptographic module, and the following describes the scheme of the present application from the perspective of interaction between the hypervisor and the cryptographic module with reference to fig. 6.
Step S601, when the hypervisor detects a data operation instruction, acquiring data to be processed;
step S602, the hypervisor encapsulates the data to be processed into a data packet; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
step S603, the hypervisor sends and transmits the data packet to the cryptographic module;
step 604, the cryptographic module encrypts or decrypts the data packet, and analyzes the address of the terminal device from the data packet;
step S605, the cryptographic module transmits the processed data packet to the hypervisor;
in step S606, the hypervisor performs the operation indicated by the data operation instruction on the processed data packet.
The embodiment of the present invention is substantially the same as the embodiment of fig. 1 and fig. 5, and the specific implementation manner and the beneficial effects thereof may refer to the related discussion of the embodiment of fig. 1 and fig. 5, which is not described herein again.
In conclusion, the scheme of the application has the following advantages:
1. whether data is written into Flash or read from Flash, the hypervisor can encapsulate the data into a data packet, then sends the data packet to the cryptographic module for encryption or decryption and receives the processed data packet returned by the cryptographic module, so that the storage data is the same as the communication data and passes through the cryptographic module processing flow, and the consistency of the storage data and the communication data processing flow is ensured;
2. the cryptographic module can determine the length of a secret key and an encryption algorithm based on the port number and the IP address set by the hypervisor, so that the security encryption of the storage class data is carried out, and the security of the storage class data is ensured;
3. the cryptographic module is connected in series between the AP and the CP, and the encryption of communication data is ensured to be not able to bypass.
Referring to fig. 7, the present application further provides a data processing apparatus, including:
an obtaining module 701, configured to obtain data to be processed when a data operation instruction is detected;
a data encapsulation module 702, configured to encapsulate data to be processed into a data packet; the address of an Internet Protocol (IP) address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the first data transfer module 703 is configured to transfer the data packet to the cryptographic module, so that the cryptographic module performs encryption or decryption processing on the data packet, and analyzes an address of the terminal device from the data packet;
a first data detection module 704, configured to detect a processed data packet returned by the cryptographic module based on the address of the terminal device;
the first data processing module 705 is configured to perform an operation indicated by the data operation instruction on the processed data packet.
Optionally, the data encapsulation module 702 is specifically used for
Packaging data to be processed into an initial data packet;
setting the address of the IP address field in the initial data packet as the IP address of the terminal equipment to which the hypervisor belongs
Setting a port number in the initial data packet;
taking the initial data packet with the set port number and IP address as a data packet;
the port number is used for indicating an application program port, and the port number is used for the hypervisor to send the data packet to an application program corresponding to the application program port.
Optionally, the first data transmission module 703 is specifically configured to:
and transmitting the data packet to a cryptographic module so that the cryptographic module determines a key length and an encryption algorithm based on the port number and the IP address of the terminal equipment, and encrypts or decrypts the data packet based on the key length and the encryption algorithm to obtain a processed data packet.
Optionally, if the data operation instruction is a data writing instruction, the first data processing module 705 is specifically configured to:
extracting data to be processed in the processed data packet;
and writing the data to be processed into a data storage device Flash.
Optionally, the terminal device includes an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected with the CP in series, the device also includes:
the second data transmission module is used for transmitting the communication data to the cryptographic module if the communication data from the application program in the AP is detected, so that the cryptographic module can encrypt the communication data and transmit the processed communication data to the CP;
the third data transmission module is used for transmitting the decrypted communication data to the application program in the AP if the decrypted communication data from the password module is detected; the decrypted communication data is obtained by decrypting the communication data sent by the CP after the cryptographic module detects the communication data.
Referring to fig. 8, the present application further provides a data processing apparatus, including:
a second data detection module 801, configured to detect a data packet from the hypervisor; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the second data processing module 802 is configured to encrypt or decrypt the data packet, and analyze an address of the terminal device from the data packet;
a fourth data transfer module 803, configured to transfer the processed data packet to the hypervisor based on the address of the terminal device, so that the hypervisor performs the operation indicated by the data operation instruction on the processed data packet.
The data processing apparatus of this embodiment can execute the data processing method shown in any of the above embodiments of the present application, and the implementation principle is similar, which is not described herein again.
In an alternative embodiment, an electronic device is provided, as shown in fig. 9, an electronic device 4000 shown in fig. 9 comprising: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further comprise a transceiver 4004. It should be noted that the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
The Memory 4003 may be a ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, a RAM (Random Access Memory) or other types of dynamic storage devices that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in any of the foregoing method embodiments.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless otherwise indicated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and embellishments can be made without departing from the principle of the present invention, and these should also be construed as the scope of the present invention.
Claims (9)
1. A method of data processing, comprising:
when a data operation instruction is detected, acquiring data to be processed;
packaging the data to be processed into a data packet; the address of an Internet Protocol (IP) address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
transmitting the data packet to a cryptographic module so that the cryptographic module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet;
detecting a processed data packet returned by the password module based on the address of the terminal equipment;
executing the operation indicated by the data operation instruction on the processed data packet;
the terminal equipment comprises an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected in series with the CP, the method further comprising:
if communication data from an application program in the AP is detected, the communication data are transmitted to the cryptographic module, so that the cryptographic module can encrypt the communication data, and the processed communication data are transmitted to the CP;
if the decrypted communication data from the cryptographic module is detected, transmitting the decrypted communication data to an application program in the AP; and the decrypted communication data is obtained by decrypting the communication data sent by the CP after the cryptographic module detects the communication data.
2. The method of claim 1, wherein encapsulating the data to be processed into a data packet comprises:
packaging the data to be processed into an initial data packet;
setting the address of the IP address field in the initial data packet as the IP address of the terminal equipment to which the hypervisor belongs
Setting a port number in the initial data packet;
taking the initial data packet with the set port number and IP address as the data packet;
the port number is used for indicating an application program port, and the port number is used for the hypervisor to send the data packet to an application program corresponding to the application program port.
3. The method of claim 2, wherein said passing the data packet to a cryptographic module for the cryptographic module to encrypt or decrypt the data packet comprises:
and transmitting the data packet to the cryptographic module so that the cryptographic module determines a key length and an encryption algorithm based on the port number and the IP address of the terminal equipment, and encrypts or decrypts the data packet based on the key length and the encryption algorithm to obtain a processed data packet.
4. The method according to any one of claims 1 to 3, wherein if the data operation command is a data write command, the performing, on the processed packet, the operation indicated by the data operation command includes:
extracting the data to be processed in the processed data packet;
and writing the data to be processed into a data storage device Flash.
5. A data processing method, which is applied to a cryptographic module, includes:
detecting a data packet from the hypervisor; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
encrypting or decrypting the data packet, and analyzing the address of the terminal equipment from the data packet;
based on the address of the terminal device, transmitting the processed data packet to the hypervisor, so that the hypervisor executes the operation indicated by the data operation instruction on the processed data packet;
the terminal equipment comprises an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected in series with the CP, the method further comprising:
detecting communication data transmitted by the hypervisor from an application program in the AP, encrypting the communication data, and transmitting the processed data to the CP;
and detecting the communication data sent by the CP, decrypting the communication data sent by the CP to obtain decrypted communication data, and transmitting the decrypted communication data to the hypervisor, so that the hypervisor transmits the decrypted communication data to an application program in the AP.
6. A data processing apparatus, comprising:
the acquisition module is used for acquiring data to be processed when a data operation instruction is detected;
the data encapsulation module is used for encapsulating the data to be processed into a data packet; the address of an Internet Protocol (IP) address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the first data transmission module is used for transmitting the data packet to the password module so that the password module can encrypt or decrypt the data packet and analyze the address of the terminal equipment from the data packet;
the first data detection module is used for detecting a processed data packet returned by the password module based on the address of the terminal equipment;
the first data processing module is used for executing the operation indicated by the data operation instruction on the processed data packet;
the terminal equipment comprises an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the device further comprises:
the second data transmission module is used for transmitting the communication data to the cryptographic module if the communication data from the application program in the AP is detected, so that the cryptographic module can encrypt the communication data and transmit the processed communication data to the CP;
a third data transmission module, configured to transmit the decrypted communication data to the application program in the AP if the decrypted communication data from the cryptographic module is detected; and the decrypted communication data is obtained by decrypting the communication data sent by the CP after the cryptographic module detects the communication data.
7. A data processing apparatus, applied to a cryptographic module, comprising:
the second data detection module is used for detecting a data packet from the hypervisor; when the hypervisor detects a data operation instruction, the data packet is obtained by acquiring data to be processed and packaging the data to be processed; the address of an internet protocol IP address field included in the data packet is the address of the terminal equipment to which the hypervisor belongs;
the second data processing module is used for encrypting or decrypting the data packet and analyzing the address of the terminal equipment from the data packet;
a fourth data transfer module, configured to transfer the processed data packet to the hypervisor based on an address of the terminal device, so that the hypervisor performs an operation indicated by the data operation instruction on the processed data packet;
the terminal equipment comprises an application processor AP and a communication processor CP; the hypervisor and the application program run through the AP; the cryptographic module is connected in series with the CP, the apparatus further comprising:
a third data processing module, configured to detect communication data from an application in the AP, which is transmitted by the hypervisor, perform encryption processing on the communication data, and transmit the processed data to the CP;
a fourth data processing module, configured to detect the communication data sent by the CP, decrypt the communication data sent by the CP to obtain decrypted communication data, and transfer the decrypted communication data to the hypervisor, so that the hypervisor transfers the decrypted communication data to an application program in the AP.
8. An electronic device, wherein the electronic device comprises a memory and a processor;
the memory has stored therein a computer program;
the processor, when running the computer program, is configured to perform the method of any of claims 1-5.
9. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011581428.1A CN112688953B (en) | 2020-12-28 | 2020-12-28 | Data processing method and device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011581428.1A CN112688953B (en) | 2020-12-28 | 2020-12-28 | Data processing method and device, electronic equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112688953A CN112688953A (en) | 2021-04-20 |
| CN112688953B true CN112688953B (en) | 2022-12-13 |
Family
ID=75453658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011581428.1A Active CN112688953B (en) | 2020-12-28 | 2020-12-28 | Data processing method and device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112688953B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9432183B1 (en) * | 2015-12-08 | 2016-08-30 | International Business Machines Corporation | Encrypted data exchange between computer systems |
| CN111079159A (en) * | 2019-12-03 | 2020-04-28 | 北京元心科技有限公司 | Encrypted communication method and system for Hypervisor multi-domain architecture |
| CN111783164A (en) * | 2020-06-24 | 2020-10-16 | 中国人民解放军国防科技大学 | Mobile communication terminal architecture for secure encrypted communication |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8856550B2 (en) * | 2010-03-10 | 2014-10-07 | Dell Products L.P. | System and method for pre-operating system encryption and decryption of data |
| US9367370B2 (en) * | 2014-08-25 | 2016-06-14 | Empire Technology Development Llc | NOC loopback routing tables to reduce I/O loading and off-chip delays |
-
2020
- 2020-12-28 CN CN202011581428.1A patent/CN112688953B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9432183B1 (en) * | 2015-12-08 | 2016-08-30 | International Business Machines Corporation | Encrypted data exchange between computer systems |
| CN111079159A (en) * | 2019-12-03 | 2020-04-28 | 北京元心科技有限公司 | Encrypted communication method and system for Hypervisor multi-domain architecture |
| CN111783164A (en) * | 2020-06-24 | 2020-10-16 | 中国人民解放军国防科技大学 | Mobile communication terminal architecture for secure encrypted communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112688953A (en) | 2021-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7657754B2 (en) | Methods and apparatus for the secure handling of data in a microcontroller | |
| TWI740409B (en) | Verification of identity using a secret key | |
| US9537656B2 (en) | Systems and methods for managing cryptographic keys in a secure microcontroller | |
| US10110380B2 (en) | Secure dynamic on chip key programming | |
| CN100578473C (en) | Embedded system and method for increasing embedded system security | |
| CN209803788U (en) | PCIE credible password card | |
| US11722467B2 (en) | Secured communication from within non-volatile memory device | |
| US11481337B2 (en) | Securing data direct I/O for a secure accelerator interface | |
| CN114936373A (en) | Trusted security chip, trusted data processing system and method | |
| KR100972540B1 (en) | Secure memory card with life cycle phases | |
| CN105303093A (en) | Token verification method for cryptographic smart token | |
| CN112088376A (en) | File storage method and device and storage medium | |
| RU2009131703A (en) | SINGLE-CRYST COMPUTER AND TACHOGRAPH | |
| US11824977B2 (en) | Data processing system and method | |
| TWI249676B (en) | Method and system for initiating an event in a first device by a host | |
| US11797717B2 (en) | Bus encryption for non-volatile memories | |
| CN112688953B (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN116048716A (en) | Direct storage access method and device and related equipment | |
| CN113158203A (en) | SOC chip, circuit and external data reading and writing method of SOC chip | |
| US20190052610A1 (en) | Apparatus and method for encapsulation of profile certificate private keys or other data | |
| CN117113437B (en) | File tampering detection method and device, computer equipment and storage medium | |
| CN112395651A (en) | Memory device and method for operating memory device | |
| CN116860666A (en) | GPU memory protection method and device, chip and electronic equipment | |
| CN110990120A (en) | Inter-partition communication method and device for virtual machine monitor, storage medium and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |