CN117272407A

CN117272407A - Polling method, polling device, computing device and computer readable storage medium

Info

Publication number: CN117272407A
Application number: CN202311474446.3A
Authority: CN
Inventors: 孙一品; 旷小红; 杨孟霏; 陈国峰; 杨维韬
Original assignee: Phytium Technology Co Ltd
Current assignee: Phytium Technology Co Ltd
Priority date: 2023-11-08
Filing date: 2023-11-08
Publication date: 2023-12-22

Abstract

The embodiments of the present disclosure provide a polling method, an apparatus, a computing device, and a computer readable storage medium, where after a first instruction is sent to a secure element subsystem, the polling method sets a period of a first polling operation on the secure element subsystem to a first preset period, where the first preset period corresponds to a period parameter, and the period parameter includes a current load of the secure element subsystem and a type of the first instruction, so that the period of the first polling operation on the secure element subsystem may be matched with the current load of the secure element subsystem and the type of the first instruction, and then the polling period of the first polling operation may correspond to a time period when the secure element subsystem performs the first instruction to obtain an operation result based on the current load. In this way, the objective of improving the operating efficiency of the secure element subsystem may be achieved.

Description

Polling method, polling device, computing device and computer readable storage medium

Technical Field

The present disclosure relates to the field of computer application technology, and more particularly, to a polling method, apparatus, computing device, and computer-readable storage medium.

Background

The Secure Element (SE) subsystem is fused with a typical Secure computing processor architecture through a Secure chip technology, and constructs a Secure enhanced processor Secure computing architecture together, so as to ensure the security of important resources.

Currently, the operating efficiency of the secure element subsystem is to be optimized.

Disclosure of Invention

Embodiments of the present disclosure provide a polling method, apparatus, computing device, and computer readable storage medium, which reduce the number of polling operations on a secure element subsystem by optimizing the polling method, reduce the occupation of computing resources of the secure element subsystem by polling operations, and achieve the purpose of improving the operation efficiency of the secure element subsystem.

In order to achieve the technical purpose, the embodiment of the specification provides the following technical scheme:

in a first aspect, an embodiment of the present specification provides a polling method, which is applied to a computing device, where the computing device includes a first processor core, and the first processor core is equipped with a secure element subsystem, and the polling method includes:

transmitting a first instruction to the secure element subsystem in response to a request for the secure element subsystem;

Setting a period of a first polling operation of the secure element subsystem as a first preset period, wherein the first preset period corresponds to a period parameter; the cycle parameters include a current load of the secure element subsystem and a type of first instruction; the polling operation is for querying a result of the secure element subsystem executing the first instruction.

In one embodiment, the setting the period of the first polling operation of the secure element subsystem to a first preset period includes:

according to the cycle parameter reported by the historical first instruction, inquiring an association relation table to obtain estimated time consumption corresponding to the first instruction; the estimated time consumption is used to characterize an estimated time required by the secure element subsystem to execute the first instruction;

taking the estimated time consumption as the first preset period;

the association relation table stores the corresponding relation between the estimated information of the first instruction and the load of the safety element subsystem, wherein the estimated information of the first instruction comprises the type of the first instruction and estimated time consumption corresponding to the first instruction.

In one embodiment, the process of reporting the current load of the secure element subsystem by the historical first instructions includes:

Acquiring actual time consumption of the secure element subsystem to execute the historical first instruction;

according to the actual information of the historical first instruction, inquiring the association relation table to obtain estimated information of the first instruction matched with the actual information of the historical first instruction;

taking the load of the safety element subsystem corresponding to the estimated information of the first instruction obtained by inquiry as the current load of the safety element subsystem;

the actual information of the history first instruction includes an actual time consuming execution of the history first instruction by the secure element subsystem and a type of the history first instruction.

In one embodiment, the period parameter reported according to the first historical instruction further includes, before querying the association table:

if the report time is within the effective time, entering a step of inquiring an association relation table according to the cycle parameter reported by the first historical instruction; the reporting time includes a time at which the historical first instruction reports a current load of the secure element subsystem;

if the report time is out of the effective time, taking a preset load as the current load of the safety element subsystem, inquiring a correlation table according to the current load of the safety element subsystem and the type of the first instruction to obtain estimated time consumption corresponding to the first instruction, and taking the estimated time consumption as the first preset period.

In one embodiment, in the case that the reporting time is outside the valid time, the polling method further includes:

recording the actual time consumption of the safety element subsystem for executing the first instruction, and inquiring the association relation table according to the actual information of the first instruction to obtain the load of the safety element subsystem corresponding to the actual information of the first instruction; the actual information of the first instruction includes an actual time consumption of the secure element subsystem to execute the first instruction and a type of the first instruction;

updating the current load of the safety element subsystem reported by the historical first instruction by using the load of the safety element subsystem obtained by inquiry;

updating the reporting time with a time when the secure element subsystem finishes executing the first instruction.

if the reporting time of the plurality of historical first instructions is within the effective time and the difference value of the current loads of the safety element subsystems reported by the plurality of different types of historical first instructions is smaller than a preset difference value, taking the actual time consumption of the historical first instructions with the same type as the first instructions as the estimated time consumption corresponding to the first instructions, and taking the estimated time consumption as the first preset period; the reporting time includes a time at which the historical first instruction reports a current load of the secure element subsystem.

In one embodiment, the polling method further comprises:

acquiring execution information of a plurality of first instructions, wherein the execution information of the first instructions comprises actual time consumption of the safety element subsystem for executing the first instructions, estimated time consumption corresponding to the first instructions and load of the safety element subsystem corresponding to the estimated time consumption;

and updating the association relation table according to the execution information of the plurality of first instructions.

In one embodiment, the association table is updated according to the execution information of the plurality of first instructions;

if the number of the execution information of the plurality of first instructions exceeds the preset number, updating the association relation table according to the error execution information of the plurality of first instructions when the error execution information exceeding the preset proportion exists in the execution information of the plurality of first instructions;

the error execution information of the first instruction includes: the absolute value of the difference between the actual time consumption of the first instruction and the estimated time consumption corresponding to the first instruction accounts for the execution information that the proportion of the estimated time consumption corresponding to the first instruction is larger than the preset proportion.

In one embodiment, the first instruction includes a non-cryptographic portion; the association relation table comprises a first relation table; wherein, the first relation table stores the corresponding relation between the non-password estimated information of the first instruction and the load of the safety element subsystem; the non-password pre-estimated information of the first instruction comprises the type of the first instruction and pre-estimated time consumption of a non-password operation part of the first instruction;

The step of inquiring the association relation table according to the period parameter reported by the historical first instruction to obtain the estimated time consumption corresponding to the first instruction comprises the following steps:

querying the first relation table according to the current load of the secure element subsystem reported by the historical first instruction and the type of the first instruction to obtain estimated time consumption of a non-password operation part of the first instruction corresponding to the type of the first instruction and the current load of the secure element subsystem reported by the historical first instruction;

taking the estimated time consumption of the non-password operation part of the first instruction as the estimated time consumption corresponding to the first instruction.

In one embodiment, the computing device further comprises a cryptographic engine for executing a cryptographic portion of the first instruction;

the first instruction further includes a cryptographic operation portion; the association relation table further comprises a second relation table, wherein the second relation table stores the corresponding relation between the password operation part of the first instruction and the estimated time consumption of the password operation part of the first instruction;

inquiring the second relation table according to the password operation part of the first instruction to obtain estimated time consumption of the password operation part of the first instruction;

taking the sum of the estimated time consumption of the non-password operation part of the first instruction and the estimated time consumption of the password operation part of the first instruction as the estimated time consumption corresponding to the first instruction.

In one embodiment, the polling method further comprises:

counting the continuous on-time execution times of a first instruction of a target type, wherein the continuous on-time execution times represent the continuous times of the result of the execution of the first instruction by the safety element subsystem in a first polling operation;

and when the continuous on-time execution times of the first instruction of the target type are larger than the preset times, the current load of the safety element subsystem reported by the historical first instruction is reduced.

In one embodiment, the method further comprises:

if the first polling operation does not obtain the result of the execution of the first instruction by the secure element subsystem, setting the polling period of the subsequent polling operation as a second preset period, wherein the second preset period is smaller than the first preset period;

counting the total time of a plurality of polling operations, and stopping the polling operation of the first instruction when the total time exceeds a set time threshold.

In one embodiment, the secure element subsystem has a trusted service platform built therein; the trusted service platform comprises at least one of a trusted cryptography module TCM and a trusted platform module TPM;

the first instructions include trusted computing instructions for the TCM and/or trusted computing instructions for the TPM.

In a second aspect, one embodiment of the present specification provides a polling apparatus applied to a computing device, the computing device including a first processor core, the first processor core carrying a secure element subsystem, the polling apparatus comprising:

an instruction sending module, configured to send a first instruction to the secure element subsystem in response to a request for the secure element subsystem;

The first polling module is used for setting the period of the first polling operation of the safety element subsystem as a first preset period, and the first preset period corresponds to a period parameter; the cycle parameters include a current load of the secure element subsystem and a type of first instruction; the polling operation is for querying a result of the secure element subsystem executing the first instruction.

In one embodiment, the first polling module sets a period of a first polling operation for the secure element subsystem to a first preset period, specifically for:

according to the cycle parameter reported by the historical first instruction, inquiring an association relation table to obtain estimated time consumption corresponding to the first instruction; the estimated time consumption is used for representing the time required by the estimated safety element subsystem to execute the first instruction, and the estimated information of the first instruction comprises the type of the first instruction and the estimated time consumption corresponding to the first instruction;

taking the estimated time consumption as the first preset period;

the association relation table stores the corresponding relation between the estimated information of the first instruction and the load of the safety element subsystem.

In one embodiment, the first polling module is further configured to obtain a current load of the secure element subsystem reported by the historical first instruction;

the process of reporting the current load of the secure element subsystem by the historical first instructions includes:

In one embodiment, the method further comprises: a time judging module; wherein,

the time judging module is used for triggering the first polling module if the reporting time is within the effective time; the reporting time includes a time at which the historical first instruction reports a current load of the secure element subsystem;

If the report time is out of the effective time, taking a preset load as the current load of the safety element subsystem, inquiring a correlation table according to the current load of the safety element subsystem and the type of the first instruction to obtain estimated time consumption corresponding to the first instruction, and triggering the first polling module to execute the step of taking the estimated time consumption as the first preset period.

In one embodiment, in the case that the reporting time is outside the valid time, the polling device further includes:

the load updating module is used for recording the actual time consumption of the safety element subsystem for executing the first instruction, and inquiring the association relation table according to the actual information of the first instruction so as to obtain the load of the safety element subsystem corresponding to the actual information of the first instruction; the actual information of the first instruction includes an actual time consumption of the secure element subsystem to execute the first instruction and a type of the first instruction;

In one embodiment, the first polling module is further configured to, before querying the association table, query the association table according to the cycle parameter reported by the historical first instruction:

if the reporting time of the plurality of historical first instructions is within the effective time and the difference of the current loads of the safety element subsystems reported by the plurality of different types of historical first instructions is smaller than a preset difference, taking the actual time consumption of the historical first instructions with the same type as the first instructions as the estimated time consumption corresponding to the first instructions, and executing the step of taking the estimated time consumption as the first preset period.

In one embodiment, the polling device further comprises:

the table updating module is used for acquiring execution information of a plurality of first instructions, wherein the execution information of the first instructions comprises actual time consumption of the safety element subsystem for executing the first instructions, estimated time consumption corresponding to the first instructions and load of the safety element subsystem corresponding to the estimated time consumption;

the first polling module queries an association relation table according to the period parameter reported by the historical first instruction, so as to obtain estimated time consumption corresponding to the first instruction, wherein the estimated time consumption is specifically used for:

In one embodiment, the first instruction further includes a cryptographic portion; the association relation table further comprises a second relation table, wherein the second relation table stores the corresponding relation between the password operation part of the first instruction and the estimated time consumption of the password operation part of the first instruction;

The first polling module queries an association relation table according to the period parameter reported by the historical first instruction so as to obtain estimated time consumption corresponding to the first instruction, wherein the estimated time consumption is specifically used for:

In one embodiment, the method further comprises:

a cautious tuning module for counting a number of consecutive on-time executions of a first instruction of a target type, the number of consecutive on-time executions characterizing a number of consecutive times that the secure element subsystem executed a result of the first instruction in a first polling operation;

In one embodiment, the polling device further comprises:

the second polling module is used for setting the polling period of the subsequent polling operation as a second preset period if the first polling operation does not obtain the result of executing the first instruction by the secure element subsystem, wherein the second preset period is smaller than the first preset period;

In a third aspect, an embodiment of the present specification also provides a computing device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing a polling method as described above when executing the computer program.

In a fourth aspect, one embodiment of the present specification also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a polling method as described above.

In a fifth aspect, the present description embodiments provide a computer program product or a computer program, the computer program product comprising a computer program stored in a computer readable storage medium; the processor of the computer device reads the computer program from the computer readable storage medium, and the processor implements the steps of the polling method described above when executing the computer program.

As can be seen from the above technical solutions, in the polling method provided in the embodiments of the present disclosure, after a first instruction is sent to a secure element subsystem, a period of a first polling operation on the secure element subsystem is set to a first preset period, where the first preset period corresponds to a period parameter, and the period parameter includes a current load of the secure element subsystem and a type of the first instruction, so that the period of the first polling operation on the secure element subsystem may be matched with the current load of the secure element subsystem and the type of the first instruction, and then the polling period of the first polling operation may correspond to a time consumption of the secure element subsystem for executing the first instruction to obtain an operation result based on the current load. Therefore, the probability that the result of executing the first instruction by the safety element subsystem can be obtained through the first polling operation can be improved, the polling times of the safety element subsystem can be reduced, the problem that the safety element subsystem occupies excessive operation resources for responding to the polling operation is avoided, the operation resources of the safety element subsystem can be mainly used for processing the first instruction, and the purpose of improving the operation efficiency of the safety element subsystem is achieved.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present description, and that other drawings may be obtained according to the drawings provided without inventive effort to a person skilled in the art.

Fig. 1 is a schematic diagram of a possible application scenario of a polling method according to an embodiment of the present disclosure.

Fig. 2 is a schematic diagram of a possible hardware architecture of a computing device according to an embodiment of the present disclosure.

Fig. 3 is a schematic flow chart of a polling method according to an embodiment of the present disclosure.

Fig. 4 is a flow chart of a historical first instruction reporting security element subsystem current load provided in one embodiment of the present disclosure.

Fig. 5 is a schematic flow chart of conservative tuning of a load according to an embodiment of the present disclosure.

Fig. 6 is a schematic structural diagram of a polling device according to an embodiment of the present disclosure.

Fig. 7 is a schematic structural diagram of a computing device according to an embodiment of the present disclosure.

Detailed Description

Unless defined otherwise, technical or scientific terms used in the embodiments of the present specification should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present specification belongs. The terms "first," "second," and the like, as used in the embodiments of the present disclosure, do not denote any order, quantity, or importance, but rather are used to avoid intermixing of the components.

Throughout the specification, unless the context requires otherwise, the word "plurality" means "at least two", and the word "comprising" is to be construed as open, inclusive meaning, i.e. as "comprising, but not limited to. In the description of the present specification, the terms "one embodiment," "some embodiments," "example embodiments," "examples," "particular examples," or "some examples," etc., are intended to indicate that a particular feature, structure, material, or characteristic associated with the embodiment or example is included in at least one embodiment or example of the present specification. The schematic representations of the above terms do not necessarily refer to the same embodiment or example.

The technical solutions of the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.

SUMMARY

In the related art, a Secure Element (SE) subsystem may be a hardware component specifically designed to store and process sensitive information. SE is typically a stand-alone chip with physical isolation and security protection. It can protect assets (trust roots, sensitive data, keys, certificates, applications) from high-level software and hardware attacks, and a secure element subsystem typically supports secure bearers for multiple applications or services. Each application program runs in an independent safety container and is isolated from each other, so that different application programs cannot interfere or influence each other, and the isolation can provide higher safety and protection, so that a plurality of application programs can run in the same SE domain without interfering each other. In some cases, the secure element subsystem may include a piece of independent hardware with a Security core (Security) independent of the main processor (Application Processor, AP) core. In a computing device, a main processor core may be used to run a client application (Client Application, CA), which may also be referred to as a user application program or a generic application. Some client applications, when running some specific functions (e.g. face recognition functions or payment verification functions, etc.), need to request execution of the relevant instructions from the secure element subsystem. In addition, when a trusted service platform, such as TCM (Trusted Cryptography Module ) and/or TPM (Trusted Platform Module, trusted platform module), with trusted computing capability is running in the secure element subsystem, the secure element subsystem may also request that the secure element subsystem provide trusted cryptography services through the trusted service platform. The secure element subsystem has independent software and hardware resources with definite physical boundaries, ensuring that the trusted service platform can operate in a secure environment.

After the client application sends a corresponding instruction to the secure element subsystem, the secure element subsystem does not actively inform the client application to acquire an operation result after executing the related operation indicated by the instruction due to the architecture characteristics of the secure element subsystem, but the main processor core is required to inquire whether the secure element subsystem has already executed the related operation in a polling mode or not, and the main processor core can only read the operation result after the secure element subsystem executes the related operation of the completed instruction.

However, due to the architecture specificity of the secure element subsystem, conventional polling period adjustment strategies are not applicable, and in order to effectively manage and process tasks, control response time, and real-time in the system, it is necessary to optimize the polling method for the secure element subsystem to optimize the processing efficiency of the secure element subsystem.

Conventional polling period adjustment strategies may include fixed-time-interval polling (Fixed Interval Polling), exponential backoff polling (Exponential Backoff Polling), adaptive Delay (Adaptive Delay) algorithms, random-interval polling (Randomized Interval Polling), and maximum-number-of-queries polling (Maximum Attempts Polling).

The fixed time interval polling is simple and easy to realize, is suitable for scenes with low requirements on real-time performance, queries the execution result of the task in the fixed time interval, does not consider the real-time change of the task state, can cause unnecessary query delay and network flow, and cannot adjust the query frequency according to the actual execution condition of the operation.

The exponential backoff polling increases the polling time interval step by step as the task is executed, and reduces unnecessary polling requests, but has a higher polling frequency at the beginning of the operation, and takes a longer time to acquire the result.

The adaptive delay algorithm takes the interval from the start of execution time to the completion of execution of the command as the response time. The delay time for the next poll in the adaptive delay algorithm is uncertain, which may result in a longer delay for the system in some cases, affecting the user experience and real-time demanding applications. The effect of the adaptive delay depends on the choice and optimization of the adjustment algorithm. The choice of the appropriate algorithm and the manner and frequency of adjusting the parameters are key factors. Improper algorithm selection or parameter adjustment may lead to unreasonable changes in polling delay time or reduced system performance

Random interval polling can avoid initiating a large number of inquiry requests at the same time by randomly selecting a time interval, so that system load and network traffic are reduced, but the random polling interval may cause unstable execution effect, and too frequent or too sparse polling may be detrimental to task execution and system performance

The maximum number of queries (time) may avoid endless loops or long waiting times, providing security and control of polling operations, but if operations take a longer time to complete, multiple queries may be required to obtain results, resulting in longer waiting times.

In order to design a polling method matched with a safety element subsystem and an instruction executed by the safety element subsystem, the inventor discovers that by researching the traditional polling strategy and the characteristics of the safety element subsystem, the load of the safety element subsystem is correspondingly changed along with the change of the execution task state, so that the operation efficiency of the instruction is influenced, the time required by the execution of the instruction in the safety element subsystem is influenced, if the polling period of the first polling operation of the safety element subsystem is in a corresponding relation with the current load of the safety element subsystem, the polling period of the first polling operation is enabled to be corresponding to the time when the safety element subsystem obtains the operation result based on the current load execution instruction, the probability that the result of executing the first instruction by the safety element subsystem can be obtained by the first polling operation is improved, the polling times of the safety element subsystem are favorably reduced, the problem that the safety element subsystem occupies excessive operation resources in order to respond to the polling operation is avoided, and the operation resources of the safety element subsystem can be mainly used for processing the first instruction, and therefore the purpose of improving the operation efficiency of the safety element subsystem is achieved.

In addition, the inventor also finds that, through research, different instruction types sent to the secure element subsystem may cause different time consumption of executing instructions by the secure element subsystem, in order to enable the actual time consumption of executing instructions by the secure element subsystem to be set closer to the period of the first polling operation, an association table of the corresponding relationship between the estimated information of the instructions and the load of the secure element subsystem may be established, wherein the estimated information of the instructions may include the type of the instructions and the estimated time consumption of the instructions, and the estimated time consumption is obtained by querying the association table through the instruction type and the current load of the secure element subsystem through the historical instructions, and the estimated time consumption is used as the period of the first polling operation, so that the period of the first polling operation is set closer to the actual time consumption of executing the instructions by the secure element subsystem, thereby improving the probability that the result of executing the first instructions by the secure element subsystem can be obtained through the first polling operation.

Furthermore, the inventor also provides a dynamic adjustment scheme aiming at the association relation table and a conservative adjustment scheme of the polling strategy.

Based on the above-described conception, the inventors have proposed a polling method, and the polling method provided in the embodiments of the present specification will be exemplarily described below with reference to the accompanying drawings.

Exemplary scenario and System architecture

Referring to fig. 1, fig. 1 shows a possible application scenario of the polling method provided in the embodiment of the present disclosure, in fig. 1, a user uses a computing device 10 to perform a payment operation, a payment application in the computing device 10 sends, in response to the payment operation, a password verification related instruction to a secure element subsystem, so as to request the secure element subsystem to perform security verification on a password, and after the payment application sends the instruction, the polling method provided in the embodiment of the present disclosure may be used to poll the secure element subsystem, and timely obtain an operation result obtained by performing a related operation by the secure element subsystem.

Of course, fig. 1 only illustrates an application process of the polling method in a password verification scenario, where in the scenarios of identity recognition, security initiation and firmware verification, software security and remote verification, etc., the client application CA may be involved in sending an instruction to the secure element subsystem to request the secure element subsystem to perform a related operation, so that the secure element subsystem may be polled by using the polling method provided in the embodiment of the present specification. The application scenario to which the polling method may be applied is not exhaustive in this specification.

Referring to fig. 2, fig. 2 illustrates a possible hardware architecture of a computing device 10, where the computing device 10 may include multiple processor cores, which may be integrated into the same processor chip or distributed among different processor chips. Among the multiple processor cores, one processor core may be used to host a secure element subsystem, i.e., the secure element subsystem may use the hardware resources of the processor core to provide security-related operations for other processor cores, for ease of distinction, in some embodiments the processor core hosting the secure element subsystem may be referred to as the first processor core 11. Other processor cores may be used to run the client application, and in some embodiments, the processor core used to run the client application may be referred to as the main processor core 12 (or AP core, second processor core, etc.). In other embodiments, other processor cores may also be used to build a trusted execution environment (Trusted Execution Environment, TEE) subsystem for running trusted applications (Trusted Application, TA). The present specification is not limited thereto. In the use process, after the main processor core 12 sends an instruction to the secure element subsystem on the first processor core 11, the secure element subsystem needs to be queried in a polling manner to obtain a related operation result in time.

Exemplary method

Taking the main processor core 12 (or the second processor core) as an example, which is applied in fig. 2, some embodiments of the present disclosure exemplarily illustrate the polling method, as shown in fig. 3, which is applied to a computing device, where the computing device includes a first processor core, and the first processor core is mounted with a secure element subsystem, and the polling method includes:

s301: in response to a request for the secure element subsystem, a first instruction is sent to the secure element subsystem.

The request for the secure element subsystem may be a request issued by an application running on the second processor core of the computing device to the secure element subsystem, where the request may be a request for the secure element subsystem to perform security related operations including, but not limited to, encryption operations, decryption operations, security authentication operations, etc., and where the secure element subsystem includes a trusted service platform such as TCM (Trusted Cryptography Module), trusted cryptography module) or TPM (Trusted Platform Module ), the secure element subsystem may also perform related operations of trusted computing, which is not limited in this specification, as the case may be.

S302: setting a period of a first polling operation of the secure element subsystem as a first preset period, wherein the first preset period corresponds to a period parameter; the cycle parameters include a current load of the secure element subsystem and a type of first instruction; the polling operation is for querying a result of the secure element subsystem executing the first instruction.

Because of factors such as physical isolation and operation characteristics of the secure element subsystem, the secure element subsystem does not send a feedback message to an application program sending the first instruction on the second processor core after executing the related operation indicated by the first instruction, which requires that the application program running on the second processor core inquires the state of the secure element subsystem for executing the related operation indicated by the first instruction (i.e. whether the execution is completed) in a polling manner after sending the first instruction, and after the secure element subsystem obtains the execution result of the related operation, the related application program obtains the execution result from the secure element subsystem.

Therefore, in the polling method provided in this embodiment, after the first instruction is issued to the secure element subsystem, the step of setting the period of the first polling operation may be performed, and the first polling operation may be a polling operation performed for the first time to the secure element subsystem after the first instruction is issued. The period of the first polling operation may refer to a time between when the first instruction is issued and when the first polling operation is performed. It is to be understood that, if the result of executing the first instruction by the secure element subsystem can be queried after the first polling operation, occupation of software and hardware resources of the computing device can be saved to a greater extent. However, as described above, since the execution speed of the first instruction is related to the current load of the secure element subsystem, and since the types of the first instructions executable by the secure element subsystem are different, it is necessary to set the period of the first polling operation to the first preset period corresponding to the period parameter, so that the period of the first polling operation for the secure element subsystem can be matched with the current load of the secure element subsystem and the type of the first instruction, the polling period of the first polling operation can be made to correspond to the time consuming time for the secure element subsystem to execute the first instruction to obtain the operation result based on the current load. Therefore, the probability that the result of executing the first instruction by the safety element subsystem can be obtained through the first polling operation can be improved, the polling times of the safety element subsystem can be reduced, the problem that the safety element subsystem occupies excessive operation resources for responding to the polling operation is avoided, the operation resources of the safety element subsystem can be mainly used for processing the first instruction, and the purpose of improving the operation efficiency of the safety element subsystem is achieved.

In one embodiment of the present specification, a possible manner of setting the period of the first polling operation is provided, specifically, the setting the period of the first polling operation on the secure element subsystem to the first preset period includes:

taking the estimated time consumption as the first preset period;

In this embodiment, a feasible way of determining the first preset period is provided. The historical first instruction may refer to a first instruction that has been executed by the secure element subsystem. Reporting the cycle parameter by the history first instruction may refer to recording the cycle parameter during the issuing and executing of the history first instruction. The reporting of the cycle parameter may include: in the process of issuing and executing the historical first instruction, the second processor core or an application program running on the second processor core can record the type of the historical first instruction and the actual time consumption of the historical first instruction, the load of the safety element subsystem corresponding to the information can be found in the association relation table according to the recorded information, the found load of the safety element subsystem can be regarded as the current load of the safety element subsystem, and the found current load of the safety element subsystem and the type of the historical first instruction can be recorded as the cycle parameter.

In a possible embodiment, each first instruction reports one of the cycle parameters after execution by the secure element subsystem; in other embodiments, after the plurality of first instructions are executed by the secure element subsystem, any one or a specific one of the plurality of first instructions may report the cycle parameter, which is not limited in this specification, and the present disclosure is specific to the actual situation.

It is to be understood that, in the association table, the correspondence between the estimated information and the load of the secure element subsystem is stored, and the estimated information includes the type of the first instruction and the estimated time consumption corresponding to the first instruction, that is, the correspondence between the type of the first instruction, the estimated time consumption corresponding to the first instruction and the load of the secure element subsystem may be stored in the association table, and after any two of the relationships are known, a third party may be obtained by querying the association table. For example, after knowing the estimated information, the load corresponding to the estimated information can be obtained by searching from the association relation table according to the estimated information; after knowing the type of the first instruction and the load of the secure element subsystem, the estimated time consumption of the first instruction corresponding to the two information can be searched according to the two information.

In a scenario that the historical first instruction reports the current load of the secure element subsystem, the recorded actual time consumption of the historical first instruction can be used as the estimated time consumption of the historical first instruction, and the load of the secure element subsystem corresponding to the type of the historical first instruction and the recorded actual time consumption of the historical first instruction can be searched in the association relation table to be used as the current load of the secure element subsystem.

That is, in one embodiment of the present description, the process of reporting the current load of the secure element subsystem by the historical first instruction includes:

The association table may be constructed in a calibrated manner, for example, by setting the secure element subsystem to execute different types of first instructions under different loads, and recording the corresponding actual time consumption, so that the recorded actual time consumption may be used as an estimated time consumption record to form the association table, and a specific construction manner may refer to the related description below.

In this embodiment, by querying the association relationship table by using the period parameter reported by the first command, the estimated time consumption corresponding to the first command can be obtained conveniently and quickly, which is favorable for quickly determining the first preset period, thereby being favorable for shortening the execution time consumption of the polling method and improving the execution efficiency of the polling method.

In order to avoid the problem that the current load of the secure element subsystem in the cycle parameters cannot better characterize the actual load of the secure element subsystem due to the fact that the time point of the cycle parameters reported by the historical first instruction is long from the current time, in one embodiment of the present specification, the querying the association table according to the cycle parameters reported by the historical first instruction further includes:

In this embodiment, comparison of the reporting time corresponding to the historical first instruction and the valid time is introduced, if the reporting time corresponding to the historical first instruction is within the valid time, the time point when the historical first instruction reports the cycle parameter may be considered to be closer to the current time, the actual load of the safety element subsystem does not change greatly compared with the load of the safety element subsystem at the reporting time (i.e., the current load of the safety element subsystem in the cycle parameter reported by the historical first instruction), and it may be considered that the current load of the safety element subsystem in the cycle parameter reported by the historical first instruction may represent the actual load of the safety element subsystem in the current state, in which case the step of querying the association table may be entered according to the cycle parameter reported by the historical first instruction.

When the reporting time corresponding to the historical first instruction is out of the valid time, the time point of the reporting of the periodic parameter by the historical first instruction can be considered to be far away from the current time, and the actual load of the safety element subsystem is likely to be changed greatly compared with the load of the safety element subsystem at the reporting time (namely, the current load of the safety element subsystem in the periodic parameter reported by the historical first instruction), in which case, the preset load can be taken as the current load of the safety element subsystem. The preset load may be a load with a larger probability of one safety element subsystem determined according to the use condition of the safety element subsystem, for example, the duration of each load of the safety element subsystem in the use process may be counted, and the load with the longest duration is set as the preset load. Of course, in some embodiments, the preset load may also be empirically set. In one embodiment, the preset load may be a 0 load, i.e. the load of the safety element subsystem is 0. The specific value and the determining manner of the preset load are not limited in this specification, and are specific to actual situations.

In order to make available as soon as possible a subsequent first instruction a cycle parameter having a reporting time within an active time, in one embodiment, in case the reporting time is outside the active time, the polling method further comprises:

In this embodiment, when the reporting time is outside the valid time, the execution of the first instruction is recorded, and the current load of the secure element subsystem reported by the historical first instruction and the reporting time are updated as soon as possible according to the execution, so as to provide a reference for determining the period of the first polling operation of the subsequent first instruction.

In order to reduce resource consumption of the computing device in running the polling method, in an embodiment of the present disclosure, the querying the association table according to the period parameter reported by the historical first instruction further includes:

The difference value of the current loads of the safety element subsystems reported by the plurality of different types of historical first instructions is smaller than a preset difference value, which means that the difference value of the current loads of the safety element subsystems reported by the plurality of historical first instructions is smaller than the preset difference value. For example, assuming that there are three historical first instructions, A, B and C, A, B and C reported that the current load of the secure element subsystem is assumed to be 30%, 35% and 32%, respectively, the difference in the current loads of the secure element subsystem reported by the three historical first instructions may include: (35% -30% =) 5%, (35% -32% =) 3%, and (32% -30% =) 2%, when the preset difference is greater than 5%, then the difference in the current loads of the secure element subsystem reported by the three historical first instructions is considered to be less than a preset difference.

In order to avoid the need to perform calculation of the first preset period for each first instruction, the burden of executing the polling method on the computing device is reduced, so that the polling method can be executed in some computing devices with fewer computing resources or slower execution speed.

In order to make the data in the association table more fit to the actual running situation of the secure element subsystem, and also to avoid the problem that the data collected by the association table during construction is inaccurate, in one embodiment of the present disclosure, the polling method further includes:

In this embodiment, in the operation process of the computing device, the execution information of the plurality of first instructions may be collected, and the association table may be updated according to the collected plurality of execution information, so that the data in the association table is closer to the actual operation condition of the secure element subsystem, and the problem of inaccurate estimated time consumption calculation caused by inaccurate data collected during the construction of the association table is avoided.

In this embodiment, when the number of pieces of execution information is accumulated to a certain number (i.e., the number of pieces of execution information exceeds a preset number), the accuracy of the data in the association table may be analyzed according to the plurality of pieces of execution information, and when the data in the association table is found to be inaccurate (i.e., when there is error execution information exceeding a preset proportion), the association table may be updated according to the error execution information of the plurality of pieces of first instructions, so as to ensure the accuracy of the data in the association table.

As previously described, for the case where a trusted service platform is built into the secure element subsystem, the first instructions may include trusted computing instructions, in particular, in some embodiments, a trusted service platform is built into the secure element subsystem; the trusted service platform comprises at least one of a trusted cryptography module TCM and a trusted platform module TPM;

The security element subsystem is utilized to provide the operating environment and hardware resources for the TCM and the TPM, so that the security of trusted computing provided by the TCM and the TPM can be improved.

For the first instructions of different types, which may be roughly classified into two types according to whether they include a cryptographic operation portion, for the case where the first instructions include a non-cryptographic operation portion, in one embodiment of the present specification, the association relationship table includes a first relationship table; wherein, the first relation table stores the corresponding relation between the non-password estimated information of the first instruction and the load of the safety element subsystem; the non-password pre-estimated information of the first instruction comprises the type of the first instruction and pre-estimated time consumption of a non-password operation part of the first instruction;

For the case where the first instruction includes a cryptographic portion, in one embodiment of the present specification, the computing device further includes a cryptographic engine for executing the cryptographic portion of the first instruction;

The cryptographic engine may be hardware independent of the secure element subsystem and may be used to perform various types of cryptographic operations to execute the cryptographic portion of the first instruction.

Referring to tables 1 and 2, tables 1 and 2 show one possible representation of the first and second relationship tables, respectively.

TABLE 1 first relationship Table

TABLE 2 second relationship Table

In the first relational table, 0%, 10% … …, etc. of the SE load column are used to represent the proportion of the currently occupied resources of the secure element subsystem to the total resources; a, B in the column of the type of the first instruction indicates that the type of the first instruction is a or the type of the first instruction is B … …, 1s, 1.1s, etc. in other columns indicate estimated time consumption corresponding to the type of the first instruction and SE load, for example, when the SE load is 0% and the type of the first instruction is a, the estimated time consumption is 1s; when the SE coverage is 30% and the type of the first instruction is B, the estimated time consumption is 2.4s, etc.

In the second relation table, the cryptographic operation part in the first instruction is subdivided into a part with a fixed length of the cryptographic operation data (for example, SM2 signature verification, PCR extension, etc.) and a part with a variable length of the cryptographic operation data (for example, SM3hash, SM4 encryption operation, SM4 decryption operation, etc.). For example, for the SM2 signature cryptographic algorithm, the cryptographic operation rate (Speed) is 100 times/s, the length (L) is a fixed length of 32 bytes, and the estimated execution time (i.e. estimated time consumption) is 10ms; for the SM3hash cryptographic algorithm, the cryptographic operation rate (Speed) is 32kB/s, the length (L) is variable, and the estimated execution time is equal to L/Speed assuming that the length is represented by L.

The construction process of the first relation table may include:

the time consumption of the non-password operation part of each first instruction under different loads is counted by adjusting the SE load. The load of SE is adjusted to 0, the first instruction is repeatedly executed, and the time consumption of the non-password operation part of each first instruction is countedFinally, average value of Deltax +.>The time-consuming reference value is executed as the first instruction non-cryptographic operation section.

And (3) regulating the load of the SE, and limiting the number of tasks simultaneously executed on the SE by controlling the concurrent task number, so as to limit the load of the SE or limit the resources of the SE according to the target load percentage, such as limiting the use of a memory, limiting the processing capacity and the like, so as to control the load of the SE. Repeating the complaint operation under different SE loads to obtain average value Calculating under different loadsGrowth ratio of->From this calculation, the time-consuming increase ratio m=Δx1/Δx for each first instruction non-cryptographic operation is calculated, resulting in a matrix as shown in table 1.

In constructing the second relationship table, since the execution time of the cryptographic operation section is mainly related to the cryptographic engine, the cryptographic algorithm, and the participating operation length, the second relationship table as shown in table 2 can be constructed from these relationships.

Referring to fig. 4, one embodiment of the present description provides a process for reporting the load of a secure element subsystem when a first instruction includes a cryptographic portion, which may include:

the upper layer application (such as an application running on a second processor core) sends a first instruction to the secure element subsystem SE, starts timing, analyzes and executes the first instruction, if the first instruction comprises a password operation part, the password operation part can be sent to the password engine, the password engine executes the part of operation, the operation result of the password engine executing the part of operation and time consumption deltay are returned to the SE, and the SE returns the execution result to the upper layer application; after receiving the execution result of the SE, the upper layer application finishes timing to obtain the actual time consumption T of the first instruction; at this time, the upper layer application can calculate Δx=t- Δy, look up a table according to Δx and the association relation table to obtain the SE load, report the SE current load, and complete the reporting process.

In order to reasonably shorten the first preset period obtained by table lookup under specific conditions, in one embodiment of the present specification, the polling method further includes:

For example, assume that the actual time taken when the first instruction B is in actual execution isThe estimated time consumption (or first preset period) is +.>The method comprises the steps of carrying out a first treatment on the surface of the Then->Indicating that the SE load is greater during the actual execution of the first instruction B than the first instruction A, when +.>There are two cases, the SE load is equal to the load reported by the first instruction A when executing the first instruction B, or the SE load is reduced when executing the first instruction B and the SE load is reduced when executing the first instruction A. The case of SE load reduction is difficult to find according to this case, and therefore, a limitation needs to be made to the policy of shortening the interval to ensure reasonable utilization of system resources.

To implement a conservative tuning strategy, a counter (count) is introduced in the reporting of the SE load for counting the number of consecutive on-time executions of the first instruction of the target type, and a maximum value (maxcount, the preset number). The counter represents how many times the actual command time consumption and the estimated time consumption of the same SE load are consistent) The state of the execution result can be polled by one polling operation; maximum number of times indicates +.>When the cumulative number of cases of (a) has reached a maximum value, an attempt may be made to use a lower SE load (i.e. the security elementThe current load of the component subsystem) is time-consuming to achieve the goal of conservative tuning.

Referring specifically to FIG. 5, the upper layer application looks up the table to obtain the estimated time consumption of the first instructionThe first instruction is sent to the secure element subsystem SE, the secure element subsystem executes the first instruction and feeds back the execution result, the upper layer application records the actual time consumption T of the process and judges +.>If not, continuously clearing the execution times on time (count=0), and entering a step of calculating and reporting SE load;

if yes, continuously adding 1 (count++) to the time-on-time execution times, judging whether the time-on-time execution times are larger than or equal to the preset times (count > =maxcount), and if yes, turning down the current load; if not, the current load is maintained.

By the method, the current load of the cautious current load can be cautiously adjusted, and the purpose of adjusting the current load of the historical first instruction report and optimizing the first preset period under specific conditions is achieved.

In order to obtain the execution result of the first instruction in time and avoid waiting for a long time when the execution result is not obtained in the first polling operation, in one embodiment of the present specification, the polling method further includes:

When the first polling operation does not obtain the result of the first instruction executed by the secure element subsystem, the polling period of the subsequent polling operation is reduced to a second preset period, so that the situation that the secure element subsystem finishes executing the first instruction can be found out in time, and the execution result can be obtained in time. In a possible embodiment, the second preset period may be 0.1 times that of the first preset period, which is not limited in this specification.

In addition, in the present embodiment, when the total usage of the polling operations is counted and exceeds the set time threshold, the polling operation is stopped, and resource waste caused by long-time polling of the first command overtime is avoided.

In one embodiment of the present specification, a possible implementation of a polling method is provided, which may include:

estimating the time consumption of a first instruction to be executed according to SE load: (1) according to the SE load reported by the historical first instruction A and the type of the historical first instruction A, the estimated time consumption of the non-password operation part under the load is obtained by searching a non-password operation association relation table (namely a first relation table)The method comprises the steps of carrying out a first treatment on the surface of the (2) Obtaining +/according to the category of the first instruction B and the cryptographic operation association relation table>The method comprises the steps of carrying out a first treatment on the surface of the (3) According to->And->Calculated->。

Optimizing the polling period according to the estimated time consumption: (1) the time consumption estimated according to calculation after the first instruction B is sentFirst polling period +.>Through one ofPerforming the operation of polling the execution state after the polling period; (2) if the result cannot be returned in time after the first polling, the subsequent polling period is reduced toThe method comprises the steps of carrying out a first treatment on the surface of the (3) In order to currently avoid cases where SE load is high, death or the like occurs, when the sum of all polling periods is equal to or greater than three times the expected time consumption is not yet performed to completion ( >) The first instruction B is treated as a timeout.

Exemplary apparatus

In an exemplary embodiment of the present disclosure, there is also provided a polling apparatus applied to a computing device including a first processor core, the first processor core carrying a secure element subsystem, as shown in fig. 6, the polling apparatus including:

an instruction sending module 601, configured to send a first instruction to the secure element subsystem in response to a request for the secure element subsystem;

a first polling module 602, configured to set a period of a first polling operation on the secure element subsystem as a first preset period, where the first preset period corresponds to a period parameter; the cycle parameters include a current load of the secure element subsystem and a type of first instruction; the polling operation is for querying a result of the secure element subsystem executing the first instruction.

Taking the estimated time consumption as the first preset period;

In one embodiment, the polling device further comprises:

In one embodiment, the method further comprises:

In one embodiment, the polling device further comprises:

Specific limitations regarding the polling device may be found in the above limitations regarding the polling method, and will not be described in detail herein. The various modules in the polling device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

Exemplary computing device

Another embodiment of the present application further provides a computing device, referring to fig. 7, and an exemplary embodiment of the present specification further provides a computing device, including: a memory storing a computer program, and a processor that when executed performs the steps in the polling method according to various embodiments of the present specification described in the above embodiments of the present specification.

The internal structure of the computing device may be as shown in fig. 7, including a processor, memory, network interface, and input devices connected by a system bus. Wherein the processor of the computing device is configured to provide computing and control capabilities. The memory of the computing device includes a non-volatile storage medium, an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computing device is for communicating with an external terminal through a network connection. The computer program, when executed by a processor, performs the steps in the polling method according to various embodiments of the present specification described in the above embodiments of the present specification.

The processor may include a host processor, and may also include a baseband chip, modem, and the like.

The memory stores programs for executing the technical scheme of the invention, and can also store an operating system and other key services. In particular, the program may include program code including computer-operating instructions. More specifically, the memory may include read-only memory (ROM), other types of static storage devices that may store static information and instructions, random access memory (random access memory, RAM), other types of dynamic storage devices that may store information and instructions, disk storage, flash, and the like.

The processor may be a general-purpose processor, such as a general-purpose Central Processing Unit (CPU), microprocessor, etc., or may be an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of programs in accordance with aspects of the present invention. But may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.

The input device may include means for receiving data and information entered by a user, such as a keyboard, mouse, camera, scanner, light pen, voice input device, touch screen, pedometer or gravity sensor, etc.

The output device may include means, such as a display screen, printer, speakers, etc., that allow information to be output to the user.

The communication interface may include means, such as any transceiver, for communicating with other devices or communication networks, such as ethernet, radio Access Network (RAN), wireless Local Area Network (WLAN), etc.

The processor executes the program stored in the memory and invokes other devices, which may be used to implement the steps of any of the polling methods provided in the embodiments of the present application.

The computing device can also comprise a display component and a voice component, wherein the display component can be a liquid crystal display screen or an electronic ink display screen, and an input device of the computing device can be a touch layer covered on the display component, can also be a key, a track ball or a touch pad arranged on a shell of the computing device, and can also be an external keyboard, a touch pad or a mouse and the like.

Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the architecture associated with the present description and is not limiting of the computing devices to which the present description may be applied, and that a particular computing device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

Exemplary computer program product and storage Medium

In addition to the methods and apparatus described above, the polling methods provided by the embodiments of the present description may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the polling methods according to the various embodiments of the present description described in the "exemplary methods" section of the present description.

The computer program product may write program code for performing the operations of embodiments of the present description in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.

Furthermore, the present specification embodiment also provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor to perform the steps in the polling method according to the various embodiments of the present specification described in the above-described "exemplary method" section of the present specification.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples merely represent a few implementations of the present description, which are described in more detail and are not to be construed as limiting the scope of the solutions provided by the examples of the present description. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the present description, which is within the scope of the present description. Accordingly, the protection scope of the patent should be determined by the appended claims.

Claims

1. A polling method, applied to a computing device, the computing device including a first processor core, the first processor core hosting a secure element subsystem, the polling method comprising:

2. The method of claim 1, wherein the setting the period of the first polling operation of the secure element subsystem to a first preset period comprises:

taking the estimated time consumption as the first preset period;

3. The method of claim 2, wherein reporting the current load of the secure element subsystem by the historical first instruction comprises:

4. The method of claim 2, wherein the querying the association table based on the cycle parameter reported by the historical first instruction further comprises:

5. The method of claim 4, wherein in the event that the reporting time is outside the validity time, the polling method further comprises:

6. The method of claim 2, wherein the querying the association table based on the cycle parameter reported by the historical first instruction further comprises:

7. The method as recited in claim 2, further comprising:

8. The method of claim 7, wherein the association table is updated according to execution information of a plurality of the first instructions;

9. The method of any one of claims 2-8, wherein the first instruction includes a non-cryptographic portion; the association relation table comprises a first relation table; wherein, the first relation table stores the corresponding relation between the non-password estimated information of the first instruction and the load of the safety element subsystem; the non-password pre-estimated information of the first instruction comprises the type of the first instruction and pre-estimated time consumption of a non-password operation part of the first instruction;

10. The method of claim 9, wherein the computing device further comprises a cryptographic engine for executing a cryptographic portion of the first instruction;

11. The method according to any one of claims 2 to 8, further comprising:

12. The method according to any one of claims 1 to 8, further comprising:

13. The method according to any one of claims 1-8, wherein a trusted service platform is built in the secure element subsystem; the trusted service platform comprises at least one of a trusted cryptography module TCM and a trusted platform module TPM;

14. A polling apparatus for use with a computing device, the computing device comprising a first processor core having a secure element subsystem onboard, the polling apparatus comprising:

15. The apparatus of claim 14, wherein the first polling module sets a period of a first polling operation for the secure element subsystem to a first preset period specific to:

taking the estimated time consumption as the first preset period;

16. The apparatus as recited in claim 15, further comprising: a time judging module; wherein,

17. The apparatus of claim 15, wherein the first polling module is further configured to, prior to querying the association table, based on the periodic parameter reported by the historical first instruction:

18. The apparatus as recited in claim 15, further comprising:

19. The apparatus according to any one of claims 15 to 18, further comprising:

20. A computing device comprising a memory, a first processor core, and a second processor core; wherein,

The memory has stored thereon a computer program executable on the processor;

the first processor core is used for carrying a secure element subsystem;

the second processor core being configured to implement the polling method of any of claims 1-13 when executing the computer program.

21. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when executed by a processor, the computer program implements the polling method of any of claims 1-13.