CN117033019A - Method and device for sharing data among multiple systems, electronic equipment and storage medium - Google Patents

Method and device for sharing data among multiple systems, electronic equipment and storage medium Download PDF

Info

Publication number
CN117033019A
CN117033019A CN202310987614.2A CN202310987614A CN117033019A CN 117033019 A CN117033019 A CN 117033019A CN 202310987614 A CN202310987614 A CN 202310987614A CN 117033019 A CN117033019 A CN 117033019A
Authority
CN
China
Prior art keywords
data
sharing
data sharing
session identifier
shared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310987614.2A
Other languages
Chinese (zh)
Inventor
曹竞铨
周宏斌
赵海春
张炯明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanxin Information Technology Group Co ltd
Original Assignee
Yuanxin Information Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanxin Information Technology Group Co ltd filed Critical Yuanxin Information Technology Group Co ltd
Priority to CN202310987614.2A priority Critical patent/CN117033019A/en
Publication of CN117033019A publication Critical patent/CN117033019A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The embodiment of the application provides a method and a device for sharing data among multiple systems, electronic equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: receiving a data sharing request sent by a first process, and respectively sending the data sharing request to each second process according to the identification information of each second process; for each second process, if the second process agrees to perform data sharing, generating a corresponding session identifier and a key, and generating a data sharing area; the session identification and the secret key are respectively sent to a first process and a second process, so that the first process encrypts the first shared data to obtain second shared data; and receiving the second shared data and sharing the second shared data with the second process through the data sharing area. By generating the session identifier and the key corresponding to the process needing to share the data, the process needing to share the data can share the data according to the unique session identifier and the key, so that the security in the process of sharing the data is ensured.

Description

Method and device for sharing data among multiple systems, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and apparatus for sharing data between multiple systems, an electronic device, and a storage medium.
Background
Currently, it is very common to run multiple operating systems on a hardware device such as a terminal to meet different demands of work and life. In a development environment such as a programmer, the terminal needs to run both the Windows (microsoft Windows) operating system installed by the terminal itself and other operating systems running in the virtual machine. Because of the diversity of service requirements, data such as files often need to be shared among processes of different operating systems, but a plurality of operating systems are usually isolated from each other, and frames and process communication systems of different operating systems are generally different, so that processes of different operating systems cannot directly access or share data with each other. How to realize that multiple operating systems in the same terminal can directly share data is a technical problem that needs to be solved urgently.
In the prior art, a shared partition is mainly established, the shared partition can receive data shared by different operating systems, and each process in each operating system can read the data shared by other operating systems through the shared partition so as to realize the process of sharing the data by multiple operating systems in the same terminal.
However, the shared data is often only specific to certain processes (i.e. only partial processes are expected to participate in data sharing), and in the prior art scheme, almost all processes in each operating system can access the shared data in the shared partition, so that the security risk exists in adopting the prior art scheme.
Disclosure of Invention
The application aims to at least solve one of the technical defects, and the technical scheme provided by the embodiment of the application is as follows:
in a first aspect, an embodiment of the present application provides a method for sharing data between multiple systems, including:
receiving a data sharing request sent by a first process in a first system, and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
for each second process, if the second process agrees to perform data sharing, generating a corresponding session identifier and a corresponding secret key, and generating a data sharing area according to the session identifier;
the session identification and the secret key are respectively sent to a first process and a second process, so that the first process encrypts the first shared data according to the session identification and the secret key to obtain second shared data;
And receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area.
In an optional embodiment of the present application, the data sharing request further includes identification information of the first process and a data sharing policy;
the method for generating the corresponding session identifier and the key specifically comprises the following steps:
and generating a session identifier based on the identification information of the first process and the identification information of the second process, and generating a key according to the session identifier and the data sharing strategy.
In an optional embodiment of the present application, receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area, specifically includes:
receiving a data writing request sent by a first process, wherein the data writing request comprises a session identifier and second shared data, writing the second shared data into a data sharing area according to the session identifier, and sending a data writing completion message to the second process;
and receiving a data reading request sent by the second process, wherein the data reading request comprises a session identifier, and reading second shared data from the data sharing area according to the session identifier and sending the second shared data to the second process.
In an optional embodiment of the present application, if a policy for deleting shared data exists in the data sharing policies, the method specifically may further include:
receiving data reading completion information sent by a second process, deleting second shared data stored in a data sharing area, and destroying a session identifier and a secret key;
and sending data sharing completion information to the first process and the second process so that the first process and the second process destroy the respective stored keys respectively.
In an optional embodiment of the present application, if there is a modification authority of the second process to the second shared data in the data sharing policy, the method specifically may further include:
receiving a data modification request sent by a second process, and modifying second shared data stored in the data sharing area according to the data modification request to obtain third shared data;
and storing the third shared data as the second shared data.
In a second aspect, an embodiment of the present application provides a method for sharing data between multiple systems, including:
receiving a data sharing request sent by a Sharing Management Service (SMS), wherein the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
If the second process agrees to carry out data sharing, receiving a session identifier and a secret key sent by the SMS, and sharing second shared data with the SMS through a data sharing area; wherein the session identification and the key are SMS generated; the data sharing area is generated by SMS according to session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
In an alternative embodiment of the present application, the sharing of the second shared data with the SMS through the data sharing area specifically includes:
transmitting a data reading request to the SMS, wherein the data reading request comprises a session identifier and receives second shared data transmitted by the SMS; wherein the second shared data is read by the SMS from the corresponding data storage area according to the session identification;
and decrypting the second shared data according to the session identifier and the secret key to obtain the first shared data.
In a third aspect, an embodiment of the present application provides an inter-multisystem data sharing apparatus, including:
the sharing request sending module is used for receiving a data sharing request sent by a first process in the first system and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
The key generation module is used for generating a corresponding session identifier and a key for each second process if the second process agrees to perform data sharing, and generating a data sharing area according to the session identifier;
the key sending module is used for respectively sending the session identifier and the key to the first process and the second process, and encrypting the first shared data by the first process according to the session identifier and the key to obtain second shared data;
the first data sharing module is used for receiving second shared data sent by the first process and sharing the second shared data with the second process through the data sharing area.
In an optional embodiment of the present application, the data sharing request further includes identification information of the first process and a data sharing policy;
the key generation module is specifically used for:
and generating a session identifier based on the identification information of the first process and the identification information of the second process, and generating a key according to the session identifier and the data sharing strategy.
In an alternative embodiment of the present application, the first data sharing module is specifically configured to:
receiving a data writing request sent by a first process, wherein the data writing request comprises a session identifier and second shared data, writing the second shared data into a data sharing area according to the session identifier, and sending a data writing completion message to the second process;
And receiving a data reading request sent by the second process, wherein the data reading request comprises a session identifier, and reading second shared data from the data sharing area according to the session identifier and sending the second shared data to the second process.
In an alternative embodiment of the present application, the apparatus may further include a data destruction module for:
receiving data reading completion information sent by a second process, deleting second shared data stored in a data sharing area, and destroying a session identifier and a secret key;
and sending data sharing completion information to the first process and the second process so that the first process and the second process destroy the respective stored keys respectively.
In an alternative embodiment of the present application, the apparatus may further comprise a data modification module for:
receiving a data modification request sent by a second process, and modifying second shared data stored in the data sharing area according to the data modification request to obtain third shared data;
and storing the third shared data as the second shared data.
In a fourth aspect, an embodiment of the present application provides a device for sharing data between multiple systems, including:
the sharing request receiving module is used for receiving a data sharing request sent by a Sharing Management Service (SMS), wherein the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
The second data sharing module is used for receiving the session identifier and the secret key sent by the SMS if the second process agrees to carry out data sharing, and sharing second shared data with the SMS through the data sharing area; wherein the session identification and the key are SMS generated; the data sharing area is generated by SMS according to session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
In an alternative embodiment of the application, the second data sharing module is specifically configured to:
transmitting a data reading request to the SMS, wherein the data reading request comprises a session identifier and receives second shared data transmitted by the SMS; wherein the second shared data is read by the SMS from the corresponding data storage area according to the session identification;
and decrypting the second shared data according to the session identifier and the secret key to obtain the first shared data.
In a fifth aspect, an embodiment of the present application provides an electronic device including a memory, a processor, and a computer program stored on the memory;
the processor executes a computer program to implement the method provided in the first aspect embodiment or any alternative embodiment of the first aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored thereon, which when executed by a processor implements the method provided in the embodiment of the first aspect or any of the alternative embodiments of the first aspect.
The technical scheme provided by the embodiment of the application has the beneficial effects that:
the process which needs to share the data can share the data according to the unique session identification and the key, and other processes cannot read the shared data without the session identification and the key, so that the safety in the data sharing process is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that are required to be used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a flow chart of a method for sharing data between multiple systems according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a multi-system data sharing method according to an embodiment of the present application;
fig. 3 is a flow chart of a method for sharing data between multiple systems according to an embodiment of the present application;
FIG. 4 is a block diagram illustrating a configuration of a data sharing device between multiple systems according to an embodiment of the present application;
FIG. 5 is a block diagram illustrating a configuration of a data sharing device between multiple systems according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described below with reference to the drawings in the present application. It should be understood that the embodiments described below with reference to the drawings are exemplary descriptions for explaining the technical solutions of the embodiments of the present application, and the technical solutions of the embodiments of the present application are not limited.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and "comprising," when used in this specification, specify the presence of stated features, information, data, steps, operations, elements, and/or components, but do not preclude the presence or addition of other features, information, data, steps, operations, elements, components, and/or groups thereof, all of which may be included in the present specification. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein indicates that at least one of the items defined by the term, e.g., "a and/or B" may be implemented as "a", or as "B", or as "a and B".
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
The technical solutions of the embodiments of the present application and technical effects produced by the technical solutions of the present application are described below by describing several exemplary embodiments. It should be noted that the following embodiments may be referred to, or combined with each other, and the description will not be repeated for the same terms, similar features, similar implementation steps, and the like in different embodiments.
In the embodiment of the application, the operating system is simply called a system on the premise of not causing ambiguity.
Fig. 1 is a flowchart of a method for sharing data between multiple systems according to an embodiment of the present application, where an execution subject of the method may be SMS (shared management service). In general, when a plurality of operating systems are run on a hardware device such as a terminal, the operating systems are managed by a kernel or a virtual machine monitor, and SMS may be installed in the kernel or the virtual machine monitor. As shown in fig. 1, the method may include:
step S101, receiving a data sharing request sent by a first process in a first system, and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system.
The method comprises the steps that a first system shares data of the system to other systems in a terminal; the second system receives the data shared by the first system, and the second system can be any system except the first system in the terminal; the first process is a process for providing shared data in a first system; the second process is a process for receiving shared data in the second system, namely a data sharing member. The identification information of each process may be the ID (Identity document, number) of the process itself, or may be other identification defined in advance for the process for implementing the present application, which is not limited herein.
Specifically, when data of a certain first process in a certain first system in the terminal needs to be shared to second processes in other second systems, the first process may send a data sharing request for all the second processes needing to perform data sharing to the SMS, where the data sharing request includes identification information of each second process that is a member of the data sharing, and the SMS may send the data sharing request to each second process according to the identification information of each second process.
Step S102, for each second process, if the second process agrees to perform data sharing, generating a corresponding session identifier and a key, and generating a data sharing area according to the session identifier.
When the second process agrees to share data with the first process, the first process and the second process establish a corresponding data sharing session, and the session identifier can be used for marking the data sharing session; the key can be used for encrypting or decrypting the data to be shared subsequently; the data sharing area may be used to store the shared data to be shared sent by the first process, and may enable the second process to read the shared data stored therein to realize data sharing between the first process and the second process. The generation and mounting modes of the data sharing area can refer to the following codes:
creating a new user by using the add-m security;
usermod-g root secure modifies user secure into a root (root user) group;
chgrp root/secure_shares changes the group ownership of the new directory;
chmod 770/secure_shares prohibit access by non-group members;
chmod g+s, o+t/security_shares sets the SGID (Set Group ID) attribute, and sets the sticky attribute (so as not to delete the file by others than the owner).
Specifically, after the SMS sends the data sharing request to the second process, it needs to be confirmed whether the second process agrees to perform data sharing, and the second process may return a corresponding response result to the SMS with respect to the data sharing request, if so, whether to agree to perform data sharing. If the second process returns a response result agreeing to perform data sharing, the SMS can generate a session identifier and a secret key corresponding to the first process and the second process, and can generate a corresponding data sharing area according to the session identifier; if the second process returns a response result that does not agree to the data sharing, the SMS may inform the first process of the result and end the flow of the data sharing.
It should be noted that, because the data sharing area is generated according to the session identifier, the first process and each different second process will share data through different data sharing areas, specifically, each data sharing area is only accessible by the first process and the second process corresponding to the session identifier.
Step S103, the session identifier and the secret key are respectively sent to the first process and the second process, so that the first process encrypts the first shared data according to the session identifier and the secret key to obtain second shared data.
Wherein the first shared data is unencrypted original shared data provided by the first process. The second shared data is encrypted shared data obtained by encrypting the first shared data according to the session identifier and the secret key by the first process.
Specifically, after the SMS generates the session identifier and the key, the session identifier and the key need to be sent to the first process and the second process respectively, and after the first process receives the session identifier and the key, the first process can encrypt the first shared data to be shared according to the session identifier and the key to obtain the second shared data, and send the second shared data to the SMS.
Step S104, receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area.
Specifically, after the SMS receives the second shared data sent by the first process, the second shared data needs to be shared with the second process. Specifically, the second shared data sent by the first process may be written into the corresponding data sharing area, and then the second shared data is shared by the data sharing area to the second process, and after the second process obtains the second shared data through the data sharing area, the second shared data may be decrypted according to the received session identifier and the key, so as to obtain the original shared data (i.e. the first shared data) shared by the first process.
According to the scheme provided by the application, the corresponding unique session identifier and the key are generated by the process which performs data sharing according to the requirement, so that the process which performs data sharing can perform data sharing according to the unique session identifier and the key, and other processes cannot read shared data due to the fact that the session identifier and the key are not available, and the safety in the data sharing process is ensured.
In an optional embodiment of the present application, the data sharing request further includes identification information of the first process and a data sharing policy;
the method for generating the corresponding session identifier and the key specifically comprises the following steps:
And generating a session identifier based on the identification information of the first process and the identification information of the second process, and generating a key according to the session identifier and the data sharing strategy.
The data sharing policy may be used to provide policy configuration for transmitting shared data in a data sharing process, specifically, the data sharing policy includes configuration items of specific policies, and a value corresponding to each configuration item in different data sharing policies may be different, where table 1 below is an example of one data sharing policy:
TABLE 1
In table 1, the data sharing policy may include a target process, encryption configuration, write authority configuration, and whether to delete four configuration items after reading, and a specific policy in the current data sharing process may be determined according to a value corresponding to each configuration item.
Specifically, for session identification, SMS may be generated based on identification information of a first process that transmits a data sharing request and identification information of a second process that is a member of the data sharing; for the key, the SMS service may be generated based on the session identification and the data sharing policy configuration.
The following briefly describes the architecture of the solution provided by the present application. As shown in fig. 2, a first system and a second system are simultaneously operated in a certain terminal, the first process is in the first system, and the second process is in the second system. The first system and the second system are respectively provided with an IPC (Inter-Process Communication ) adaptation unit, and the IPC adaptation unit may be jointly composed of an interface layer, an IPC adaptation layer and a communication protocol layer. The interface layer can be used for providing a data transmission sharing interface for the process of the system, and the interfaces comprise a request, a response, an event, process information registration, key negotiation and the like; the IPC adaptation layer can be used for carrying out inter-process communication according to an IPC communication mechanism of the system, such as that a plurality of domestic operating systems use D-Bus (Desktop Bus) for carrying out inter-process communication, and an android system uses a Binder (a specific inter-process communication mode of the android system) or broadcast events and the like for carrying out inter-process communication, so that localized adaptation is realized; the communication protocol layer may implement communication with sharermanagerservice based on a standard communication protocol, such as communication using a Socket (a communication mode) communication protocol, etc.
The sharermanagerservice (i.e. SMS) may be composed of a multi-system process data sharing transmission negotiation unit, a transmission sharing data management unit, and a data sharing policy management unit. The multi-system process data sharing transmission negotiation unit can be used for executing the tasks of registration, communication, cooperation, key management, data processing after communication and the like of processes needing to share data among the multiple systems; the transmission data sharing management unit can be used for realizing the generation of a data sharing area, the safe writing of data in the data sharing process and the like; the data sharing policy management unit may be configured to store all data sharing policies and provide configuration items of specific policies in a data sharing process. The data sharing area may be generated by SMS for storing shared data in the data sharing process.
In an optional embodiment of the present application, receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area, specifically includes:
receiving a data writing request sent by a first process, wherein the data writing request comprises a session identifier and second shared data, writing the second shared data into a data sharing area according to the session identifier, and sending a data writing completion message to the second process;
And receiving a data reading request sent by the second process, wherein the data reading request comprises a session identifier, and reading second shared data from the data sharing area according to the session identifier and sending the second shared data to the second process.
The data writing request can be sent by the first process, and when the first process and the data sharing area need to be written with shared data, the data writing request can be sent to the SMS. The data writing completion message is sent by SMS to the second process for informing the second process that the shared data has been stored in the data sharing area entirely, and data reading can be started. The data read request is sent by the second process, and when the second process needs to read the shared data, the data read request may be sent to the SMS to cause the SMS to send the shared data to the second process.
Specifically, after receiving a data writing request, the SMS finds a data sharing area generated according to a session identifier included in the data writing request, and then writes second sharing data included in the data writing request into the data sharing area; and after the second shared data is written, sending a data writing completion message to the second process corresponding to the session identifier, and informing the second process that the data can be read from the data sharing area. When the second process needs to read the shared data, a data reading request is sent to the SMS, the SMS finds out the corresponding data sharing area according to the session identifier contained in the request after receiving the data reading request, and then the second shared data in the data sharing area is read and forwarded to the second process.
It should be noted that, in the embodiment of the present application, each first process may establish a data sharing session with a plurality of second processes at the same time, and each second process may also establish a data sharing session with a plurality of first processes at the same time, so each time the first process sends a data writing request or the second process sends a data reading request, a session identifier of the corresponding data sharing session needs to be sent to the SMS at the same time, and the SMS needs to determine a corresponding data sharing area according to different session identifiers.
In an optional embodiment of the present application, if a policy for deleting shared data exists in the data sharing policies, the method specifically may further include:
receiving data reading completion information sent by a second process, deleting second shared data stored in a data sharing area, and destroying a session identifier and a secret key;
and sending data sharing completion information to the first process and the second process so that the first process and the second process destroy the respective stored keys respectively.
Wherein the data reading completion information is sent to the SMS by the second process for informing the SMS that the shared data has been read.
Specifically, after the second process receives the second shared data forwarded by the SMS from the data sharing area, the second process sends corresponding data reading completion information to the SMS. After receiving the data reading completion information, the SMS judges whether the data in the data sharing area needs to be deleted according to the data sharing policy, if the data sharing policy indicates that the shared data needs to be deleted, the SMS deletes the second shared data stored in the data sharing area, then destroys the session identifier and the key of the current data sharing session, and sends the information representing the completion of data sharing to the first process and the second process respectively. After the first process and the second process receive the data sharing completion information, the session identifier and the secret key of the current data sharing session stored in each process are deleted.
In an optional embodiment of the present application, if there is a modification authority of the second process to the second shared data in the data sharing policy, the method specifically may further include:
receiving a data modification request sent by a second process, and modifying second shared data stored in the data sharing area according to the data modification request to obtain third shared data;
and storing the third shared data as the second shared data.
The data modification request is sent to the SMS by the second process, and is used for informing the SMS that the second process needs to modify the shared data in the data sharing area, where the data modification request also includes session identification information corresponding to the data sharing session and a data modification mode.
Specifically, when the second process needs to modify the shared data stored in the data sharing area, the second process sends a data modification request to the SMS, and the SMS confirms whether the second process is allowed to modify the shared data in the data sharing area in the data sharing policy; when the data sharing policy allows the second process to modify the shared data, the second shared data stored in the data sharing area is modified according to a data modification mode included in the data modification, so as to obtain modified third shared data, and then the third shared data is stored as new second shared data (namely, the original second shared data is replaced).
It should be noted that, in the embodiment provided by the present application, the first process may also read the modified third shared data. Optionally, the first process and the plurality of second processes may establish the same data sharing session at the same time, and when any one of the second processes having data modification authority modifies the shared data in the data sharing area, the first process and the other second processes read the modified third shared data from the data sharing area.
Fig. 3 is a flow chart of a method for sharing data between multiple systems according to an embodiment of the present application, where an execution body of the method may be a second process, as shown in fig. 3, and the method may include:
in step S201, a data sharing request sent by a sharing management service SMS is received, where the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request includes identification information of each second process that is a member of data sharing in at least one second system.
The method comprises the steps that a first system shares data of the system to other systems in a terminal; the second system receives the data shared by the first system, and the second system can be any system except the first system in the terminal; the first process is a process for providing shared data in a first system; the second process is a process for receiving shared data in the second system, namely a data sharing member. The identification information of each process may be the ID of the process itself, or may be other identifications defined for the process in advance for implementing the present application, which is not limited herein. SMS is used to establish a data sharing session between the first process and the second process, and forward various information during the data sharing process, and in general, if a plurality of operating systems are run on a hardware device such as a terminal, the operating systems are managed by a kernel or a virtual machine monitor, and the SMS may be set in the kernel or the virtual machine monitor.
Specifically, when data of a certain first process in a certain first system in the terminal needs to be shared to second processes in other second systems, the first process may send a data sharing request for all the second processes needing to perform data sharing to the SMS, where the data sharing request includes identification information of each second process that is a member of the data sharing, and the SMS may send the data sharing request to each second process according to the identification information of each second process.
Step S202, if the second process agrees to share data, receiving the session identifier and the secret key sent by the SMS, and sharing second shared data with the SMS through the data sharing area; wherein the session identification and the key are SMS generated; the data sharing area is generated by SMS according to session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
When the second process agrees to share data with the first process, the first process and the second process establish a corresponding data sharing session, and the session identifier can be used for marking the data sharing session; the key may be used to encrypt or decrypt data that is subsequently shared. The first shared data is unencrypted original shared data provided by the first process. The second shared data is encrypted shared data obtained by encrypting the first shared data according to the session identifier and the secret key by the first process. The data sharing area may be used to store the shared data to be shared sent by the first process, and may enable the second process to read the shared data stored therein to realize data sharing between the first process and the second process. The generation and mounting modes of the data sharing area can refer to the following codes:
Creating a new user by using the add-m security;
usermod-g root secure modifies the user secure into a root group;
chgrp root/secure_shares changes the group ownership of the new directory;
chmod 770/secure_shares prohibit access by non-group members;
chmod g+s, o+t/security_shares sets the SGID attribute, and sets the stinky attribute (so as not to delete files by others than the owner).
Specifically, after the SMS sends the data sharing request to the second process, it needs to be confirmed whether the second process agrees to perform data sharing, and the second process may return a corresponding response result to the SMS with respect to the data sharing request, if so, whether to agree to perform data sharing. If the second process returns a response result agreeing to perform data sharing, the SMS can generate a session identifier and a secret key corresponding to the first process and the second process, and can generate a corresponding data sharing area according to the session identifier; if the second process returns a response result that does not agree to the data sharing, the SMS may inform the first process of the result and end the flow of the data sharing. The first shared data is unencrypted original shared data provided by the first process. After the SMS generates the session identifier and the key, the session identifier and the key are required to be sent to the first process and the second process respectively, and the first process can encrypt the first shared data required to be shared according to the session identifier and the key to obtain second shared data after receiving the session identifier and the key, and send the second shared data to the SMS.
It should be noted that, because the data sharing area is generated according to the session identifier, the first process and each different second process will share data through different data sharing areas, specifically, each data sharing area is only accessible by the first process and the second process corresponding to the session identifier.
According to the scheme provided by the application, the corresponding unique session identifier and the key are generated by the process which performs data sharing according to the requirement, so that the process which performs data sharing can perform data sharing according to the unique session identifier and the key, and other processes cannot read shared data due to the fact that the session identifier and the key are not available, and the safety in the data sharing process is ensured.
In an alternative embodiment of the present application, the sharing of the second shared data with the SMS through the data sharing area specifically includes:
transmitting a data reading request to the SMS, wherein the data reading request comprises a session identifier and receives second shared data transmitted by the SMS; wherein the second shared data is read by the SMS from the corresponding data storage area according to the session identification;
and decrypting the second shared data according to the session identifier and the secret key to obtain the first shared data.
Specifically, when the second process receives the data writing completion information sent by the SMS and needs to read the shared data stored in the data sharing area, sending a data reading request to the SMS, finding a corresponding data sharing area according to the session identifier in the data reading request, and forwarding the second shared data stored in the data sharing area to the second process, where the second process decrypts the second shared data according to the session identifier and the key, so as to obtain the original unencrypted shared data (i.e., the first shared data) shared by the first process.
Fig. 4 is a block diagram of a multi-system data sharing device according to an embodiment of the present application, and as shown in fig. 4, the multi-system data sharing device 400 may include: a sharing request transmission module 401, a key generation module 402, a key transmission module 403, and a first data sharing module 404, wherein,
the sharing request sending module 401 is configured to receive a data sharing request sent by a first process in the first system, and send the data sharing request to each second process according to identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
The key generation module 402 is configured to, for each second process, generate a corresponding session identifier and a key if the second process agrees to perform data sharing, and generate a data sharing area according to the session identifier;
the key sending module 403 is configured to send the session identifier and the key to the first process and the second process, respectively, and encrypt the first shared data according to the session identifier and the key by the first process to obtain second shared data;
the first data sharing module 404 is configured to receive second shared data sent by the first process, and share the second shared data with the second process through the data sharing area.
According to the scheme provided by the application, the corresponding unique session identifier and the key are generated by the process which performs data sharing according to the requirement, so that the process which performs data sharing can perform data sharing according to the unique session identifier and the key, and other processes cannot read shared data due to the fact that the session identifier and the key are not available, and the safety in the data sharing process is ensured.
In an optional embodiment of the present application, the data sharing request further includes identification information of the first process and a data sharing policy;
the key generation module is specifically used for:
And generating a session identifier based on the identification information of the first process and the identification information of the second process, and generating a key according to the session identifier and the data sharing strategy.
In an alternative embodiment of the present application, the first data sharing module is specifically configured to:
receiving a data writing request sent by a first process, wherein the data writing request comprises a session identifier and second shared data, writing the second shared data into a data sharing area according to the session identifier, and sending a data writing completion message to the second process;
and receiving a data reading request sent by the second process, wherein the data reading request comprises a session identifier, and reading second shared data from the data sharing area according to the session identifier and sending the second shared data to the second process.
In an alternative embodiment of the present application, the apparatus may further include a data destruction module for:
receiving data reading completion information sent by a second process, deleting second shared data stored in a data sharing area, and destroying a session identifier and a secret key;
and sending data sharing completion information to the first process and the second process so that the first process and the second process destroy the respective stored keys respectively.
In an alternative embodiment of the present application, the apparatus may further comprise a data modification module for:
receiving a data modification request sent by a second process, and modifying second shared data stored in the data sharing area according to the data modification request to obtain third shared data;
and storing the third shared data as the second shared data.
Fig. 5 is a block diagram of a multi-system data sharing device according to an embodiment of the present application, and as shown in fig. 5, the multi-system data sharing device 500 may include: a share request receiving module 501, and a second data sharing module 502, wherein,
the sharing request receiving module 501 is configured to receive a data sharing request sent by a sharing management service SMS, where the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request includes identification information of each second process that is a member of data sharing in at least one second system;
the second data sharing module 502 is configured to receive the session identifier and the key sent by the SMS if the second process agrees to perform data sharing, and share second shared data with the SMS through the data sharing area; wherein the session identification and the key are SMS generated; the data sharing area is generated by SMS according to session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
According to the scheme provided by the application, the corresponding unique session identifier and the key are generated by the process which performs data sharing according to the requirement, so that the process which performs data sharing can perform data sharing according to the unique session identifier and the key, and other processes cannot read shared data due to the fact that the session identifier and the key are not available, and the safety in the data sharing process is ensured.
In an alternative embodiment of the application, the second data sharing module is specifically configured to:
transmitting a data reading request to the SMS, wherein the data reading request comprises a session identifier and receives second shared data transmitted by the SMS; wherein the second shared data is read by the SMS from the corresponding data storage area according to the session identification;
and decrypting the second shared data according to the session identifier and the secret key to obtain the first shared data.
Referring now to fig. 6, a schematic diagram of an electronic device (e.g., a terminal device or server performing the method of fig. 1 or 3) 600 suitable for use in implementing an embodiment of the present application is shown. The electronic device in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), a wearable device, etc., and a fixed terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 6 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the application.
An electronic device includes: the memory is used for storing programs for executing the methods according to the method embodiments; the processor is configured to execute a program stored in the memory. Herein, the processor may be referred to as a processing device 601, which is described below, and the memory may include at least one of a Read Only Memory (ROM) 602, a Random Access Memory (RAM) 603, and a storage device 608, which are described below, in detail:
as shown in fig. 6, the electronic device 600 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data required for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
In general, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, magnetic tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication means 609, or from storage means 608, or from ROM 602. The above-described functions defined in the method of the embodiment of the present application are performed when the computer program is executed by the processing means 601.
The computer readable storage medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some implementations, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:
receiving a data sharing request sent by a first process in a first system, and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
For each second process, if the second process agrees to perform data sharing, generating a corresponding session identifier and a corresponding secret key, and generating a data sharing area according to the session identifier;
the session identification and the secret key are respectively sent to a first process and a second process, so that the first process encrypts the first shared data according to the session identification and the secret key to obtain second shared data;
and receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area.
Or alternatively, the first and second heat exchangers may be,
receiving a data sharing request sent by a Sharing Management Service (SMS), wherein the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
if the second process agrees to carry out data sharing, receiving a session identifier and a secret key sent by the SMS, and sharing second shared data with the SMS through a data sharing area; wherein the session identification and the key are SMS generated; the data sharing area is generated by SMS according to session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
Computer program code for carrying out operations of the present application may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules or units involved in the embodiments of the present application may be implemented in software or in hardware. Where the name of the module or unit does not constitute a limitation of the unit itself in some cases, for example, the first constraint acquisition module may also be described as "a module that acquires the first constraint".
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.

Claims (11)

1. A method for sharing data between multiple systems, comprising:
receiving a data sharing request sent by a first process in a first system, and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
For each second process, if the second process agrees to carry out data sharing, generating a corresponding session identifier and a key, and generating a data sharing area according to the session identifier;
the session identifier and the secret key are respectively sent to the first process and the second process, so that the first process encrypts the first shared data according to the session identifier and the secret key to obtain second shared data;
and receiving second shared data sent by the first process, and sharing the second shared data with the second process through the data sharing area.
2. The method of claim 1, wherein the data sharing request further includes identification information of the first process and a data sharing policy;
the generating the corresponding session identifier and the key includes:
and generating a session identifier based on the identification information of the first process and the identification information of the second process, and generating a secret key according to the session identifier and the data sharing strategy.
3. The method of claim 1, wherein the receiving the second shared data sent by the first process and sharing the second shared data with the second process through the data sharing area comprises:
Receiving a data writing request sent by the first process, wherein the data writing request comprises the session identifier and the second shared data, writing the second shared data into the data sharing area according to the session identifier, and sending a data writing completion message to the second process;
and receiving a data reading request sent by the second process, wherein the data reading request comprises the session identifier, and reading the second shared data from the data sharing area according to the session identifier and sending the second shared data to the second process.
4. The method of claim 2, wherein if there is a policy to delete shared data in the data sharing policy, the method further comprises:
receiving data reading completion information sent by the second process, deleting second shared data stored in the data sharing area, and destroying the session identifier and the secret key;
and sending data sharing completion information to the first process and the second process so that the first process and the second process destroy the keys stored by the first process and the second process respectively.
5. The method of claim 4, wherein if there is a modification authority of the second process to the second shared data in the data sharing policy, the method further comprises:
Receiving a data modification request sent by the second process, and modifying the second shared data stored in the data sharing area according to the data modification request to obtain third shared data;
and storing the third shared data as second shared data.
6. A method for sharing data between multiple systems, comprising:
receiving a data sharing request sent by a Sharing Management Service (SMS), wherein the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
if the second process agrees to carry out data sharing, receiving a session identifier and a secret key sent by the SMS, and sharing second shared data with the SMS through a data sharing area; wherein the session identification and the key are generated by the SMS; the data sharing area is generated by the SMS according to the session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
7. The method of claim 6, wherein the sharing the second shared data with the SMS through the data sharing area comprises:
sending a data reading request to the SMS, wherein the data reading request comprises the session identifier and receives second shared data sent by the SMS; wherein the second shared data is read by the SMS from the corresponding data storage area according to the session identification;
and decrypting the second shared data according to the session identifier and the secret key to obtain first shared data.
8. A multi-system data sharing apparatus, comprising:
the sharing request sending module is used for receiving a data sharing request sent by a first process in the first system and respectively sending the data sharing request to each second process according to the identification information of each second process; the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
the key generation module is used for generating a corresponding session identifier and a key for each second process if the second process agrees to perform data sharing, and generating a data sharing area according to the session identifier;
The key sending module is used for sending the session identifier and the key to the first process and the second process respectively so that the first process encrypts the first shared data according to the session identifier and the key to obtain second shared data;
and the first data sharing module is used for receiving second shared data sent by the first process and sharing the second shared data with the second process through the data sharing area.
9. A multi-system data sharing apparatus, comprising:
the sharing request receiving module is used for receiving a data sharing request sent by a Sharing Management Service (SMS), wherein the data sharing request is sent to the SMS by a first process in a first system, and the data sharing request comprises identification information of each second process serving as a data sharing member in at least one second system;
the second data sharing module is used for receiving the session identifier and the secret key sent by the SMS if the second process agrees to carry out data sharing, and sharing second shared data with the SMS through a data sharing area; wherein the session identification and the key are generated by the SMS; the data sharing area is generated by the SMS according to the session identification; the second shared data is obtained by encrypting the first shared data according to the session identifier and the key after the first process receives the session identifier and the key sent by the SMS.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to carry out the steps of the method of any one of claims 1-7.
11. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1-7.
CN202310987614.2A 2023-08-07 2023-08-07 Method and device for sharing data among multiple systems, electronic equipment and storage medium Pending CN117033019A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310987614.2A CN117033019A (en) 2023-08-07 2023-08-07 Method and device for sharing data among multiple systems, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310987614.2A CN117033019A (en) 2023-08-07 2023-08-07 Method and device for sharing data among multiple systems, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117033019A true CN117033019A (en) 2023-11-10

Family

ID=88640641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310987614.2A Pending CN117033019A (en) 2023-08-07 2023-08-07 Method and device for sharing data among multiple systems, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117033019A (en)

Similar Documents

Publication Publication Date Title
CN109144961B (en) Authorization file sharing method and device
US9537918B2 (en) File sharing with client side encryption
US20170371625A1 (en) Content delivery method
CN107113314B (en) Method and device for heterogeneous data storage management in cloud computing
CN104937904A (en) Copy offload for disparate offload providers
KR20200085095A (en) Electronic apparatus and method for managing data based on block chain
CN109146482B (en) Block chain-based user rights and interests providing method and device
CN112966303A (en) Data encryption and decryption method and device, electronic equipment and computer storage medium
CN112261015A (en) Block chain based information sharing method, platform, system and electronic equipment
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN116502189A (en) Software authorization method, system, device and storage medium
WO2022199313A1 (en) Information sharing method and device
CN117033019A (en) Method and device for sharing data among multiple systems, electronic equipment and storage medium
CN113961931A (en) Adb tool using method and device and electronic equipment
CN115174188A (en) Message transmission method and device, electronic equipment and storage medium
CN111786955B (en) Method and apparatus for protecting a model
CN114219565A (en) Order data processing method, server, storage medium and program product
CN114282252A (en) Information interaction method and system based on block chain and computer equipment
CN113709128A (en) IROS system communication method and device based on block chain
CN114428973A (en) De-identified information transmission method, device, equipment and computer readable medium
CN113595742A (en) Data transmission method, system, computer device and storage medium
JP6542401B2 (en) Key chain management method and system for end-to-message encryption
JP2005032184A (en) Software providing method and system
CN111859351A (en) Method, system, server and storage medium for writing information into chip
KR102398380B1 (en) Method and system for key exchagne

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination