這裡將詳細地對示例性實施例進行說明,其示例表示在圖式中。下面的描述關於圖式時,除非另有表示,不同圖式中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本說明書相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本說明書的一些態樣相一致的裝置和方法的範例。
在本說明書使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本說明書。在本說明書和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“及/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。
應當理解,儘管在本說明書可能採用術語第一、第二、第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本說明書範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於上下文,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“因應確定”。
本發明旨在提出一種安全任務處理方法,一方面,本發明提出了一種微安全架構,該微安全架構包括至少一個安全應用服務。該微安全架構可以部署在處理器搭載的安全作業系統中。
本發明提供的微安全架構可以使得安全應用服務與各處理器的安全作業系統隔離開,便於安全應用服務的升級、維護和移植。
本發明提供的微安全架構具有很強的相容性,可以相容支援多種不同規格的處理器的安全作業系統。開發人員只需開發微安全架構,就可實現在多種處理器的安全作業系統中同時部署安全應用服務,大大提高安全應用服務的部署效率。
另一方面,本發明還提供了一種基於微安全架構進行安全任務處理的方法。在處理安全任務時,處理器可以因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統。在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務,並調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
第三方面,本發明還提供了微安全架構的創建方法,在安全作業系統的初始過程中,完成微安全架構的創建。
參見圖1,圖1是本說明書一示例性實施例示出的一種電子設備的示意圖。
該電子設備包括至少一個處理器、網路介面、儲存媒體和匯流排。當然,在實際應用中,該電子設備還可包括其他硬體,比如邏輯晶片、輸入/輸出介面等。這裡只是對電子設備的硬體進行示例性地說明,不對其進行具體地限定。
其中,處理器、網路介面、儲存媒體可通過匯流排完成相互間的通訊。
上述處理器可以是ARM(Advanced RISC Machines,先進RISC處理器晶片)晶片(比如ARMv8),也可以是Intel x86(英特爾x86)晶片等。這裡只是對處理器的型號進行示例性地說明,不對該處理器型號進行具體地限定。
電子設備中的每個處理器獨立運行各自的作業系統,並在其運行的作業系統下執行各自的任務。
例如,處理器運行的作業系統可包括基礎作業系統和安全作業系統。處理器預設運行基礎作業系統,當需要處理安全任務時,處理器才將自身運行的基礎作業系統切換為安全作業系統。在安全作業系統的系統環境中執行安全任務,在安全任務執行完成後,再將自身的作業系統由安全作業系統切換為基礎作業系統。
上述儲存媒體可以是任何電子、磁性、光學或其它物理儲存裝置,可以包含儲存資訊,如可執行指令、資料讀寫,等等。例如,處理器可讀寫儲存媒體可以是:動態記憶體、非揮發性記憶體或者類似的儲存媒體。
需要說明的是,電子設備可包括:移動終端設備(如手機、IPAD等)、PC機、可擕式電腦等。這裡只是對電子設備進行示例性地說明,不對其進行具體地限定。
在介紹本發明提供的安全任務處理方法之前,先介紹下本發明提供的微安全架構。
微安全架構是本發明新提出的一種架構,是一種具有很強相容能力的微架構,該微安全架構可以相容支援多種不同規格的處理器的安全作業系統。
比如,該微安全架構可以相容Inter X86處理器的安全作業系統,可以相容ARM處理器的安全作業系統等。
該微安全架構具有調用作業系統基礎功能的許可權。如:中斷註冊,行程創建,行程登出,記憶體管理,檔案系統管理,Timer註冊等功能。這裡只是對微安全架構的功能進行示例性地說明,不對該微安全架構的功能進行具體地限定。
該微安全架構可包括至少一個安全應用服務。比如,該微安全架構可包括:解鎖服務、支付過程中的簽名服務等等。這裡只是對微安全架構的安全應用服務進行示例性地說明,不對其進行具體地限定。
微安全架構可以使得安全應用服務與各處理器的安全作業系統隔離開,便於安全應用服務的升級、維護和移植。此外,由於微安全架構可以相容支援多種不同規格的處理器的安全作業系統,開發人員只需開發微安全架構,就可實現在多種處理器的安全作業系統中同時部署安全應用服務,大大提高了安全應用服務的部署效率。
其中,該微安全架構可以是Super TA(高級許可權安全應用管理)架構,當然,該微安全架構也可以是其他架構,這裡只是對微安全架構進行示例性地說明,不對其進行具體地限定。
下面從基於微安全架構進行安全任務處理、以及微安全架構創建兩方面對本發明提供的安全任務處理方法進行詳細地說明。
1、基於微安全架構進行安全任務處理
參見圖2,圖2是本發明一示例性實施例示出的一種安全任務處理方法的流程圖,該方法可應用在圖1所示的電子設備中的任一處理器。該處理器搭載了安全作業系統。安全作業系統包括微安全架構。微安全架構包含至少一個安全應用服務。該安全任務處理方法可包括如下所示步驟。
步驟202:處理器因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統。
其中,安全任務是指安全性要求高的任務。比如,使用者通過安全應用(比如支付類的APP等)完成帳單或者訂單支付相關的任務。再比如,使用者通過安全應用進行使用者資訊認證的任務等。再比如,使用者打開螢幕時觸發的螢幕解鎖任務等。這裡只是對安全任務進行示例性地說明,不對其進行具體地限定。
安全應用服務,是用於完成安全任務的程式。每種安全任務對應有安全應用服務。
比如,安全任務為螢幕解鎖任務,則處理該安全任務的安全應用服務是螢幕解鎖服務。該螢幕解鎖服務可對使用者輸入的螢幕解鎖密碼與使用者預先設置的解鎖密碼進行匹配。若匹配成功,則完成螢幕的解鎖,若匹配失敗,則顯示密碼錯誤的提示資訊。
這裡只是對安全任務和安全應用服務進行示例性地說明,不對其進行具體地限定。
在本說明書實施例中,當安全應用使用者端(比如支付寶等)的驅動監測到使用者觸發安全應用使用者端上的安全任務時,安全應用使用者端的驅動可發起安全任務處理請求。
處理器在監聽到該安全任務處理請求時,可以回應該安全任務處理請求,將該處理器運行的作業系統由基礎作業系統切換為安全作業系統。
在進行作業系統切換時,處理器可以調取儲存媒體中的切換韌體中記錄的切換邏輯,將該處理器的作業系統由基礎作業系統切換為安全作業系統。
例如,當該處理器為ARMv8處理器時,該電子設備的儲存媒體中儲存有Secure monitor(安全監控器)韌體。處理器可以調用Secure monitor韌體中的切換邏輯,將該處理器運行的作業系統由基礎作業系統切換為安全作業系統。
這裡只是對作業系統切換方式進行示例性地說明,不對其進行具體地限定。
步驟204:處理器在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務。
在一種可選的實現方式中,微安全架構包含了用於處理電子設備所支援的所有安全任務的安全應用服務。
上述安全任務處理請求中攜帶有所請求的目標安全應用服務的服務標識。
處理器在安全作業系統的系統環境中,運行微安全架構,並在微安全架構包含的多個安全應用服務中,確定該服務標識所指示的目標安全應用服務。
在另一種可選的實現方式中,微安全架構包含了用於處理電子設備所支援的部分安全任務的安全應用服務,安全作業系統中包括了用於處理電子設備所支援的部分安全任務的安全應用服務。
在實現時,處理器可確定安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務。
若安全任務處理請求所請求的目標安全應用服務是所述微安全架構所包含的安全應用服務,則運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務。
若安全任務處理請求所請求的目標安全應用服務不是所述微安全架構所包含的安全應用服務,則在安全作業系統中配置的安全應用服務中,查找與該安全任務處理請求匹配的目標安全應用服務。
下面介紹下“確定安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務”的方法。
方法一:安全任務處理請求攜帶了所請求的目標安全應用服務的服務標識。
電子設備的儲存媒體中維護了微安全架構所包含的所有安全應用服務的服務標識名單。
處理器可調用該服務標識名單,在該服務標識名單中查找是否存在該安全任務處理請求所攜帶的服務標識。若該服務標識名單中存在該安全任務處理請求所攜帶的服務標識,則確定安全任務處理請求所請求的安全應用服務為微安全架構所包含的安全應用服務。若該服務標識名單中不存在該安全任務處理請求所攜帶的服務標識,則確定安全任務處理請求所請求的安全應用服務不是微安全架構所包含的安全應用服務。
例如,微安全架構所包含的安全應用服務的服務標識名單包括:安全應用服務1、安全應用服務2和安全應用服務3。
該安全任務處理請求攜帶了所請求的安全應用服務的服務標識為安全應用服務1。
由於安全任務處理請求攜帶的安全應用服務1包含在該服務標識名單中,所以處理器可確定該安全任務處理請求所請求的安全應用服務為微安全架構所包含的安全應用服務。
方式二:安全任務處理請求攜帶了所請求的目標安全應用服務的服務標識。該服務標識可以指示出目標安全應用服務為安全作業系統的安全應用服務還是微安全架構所包含的安全應用服務。
比如可以指定該服務標識中的某一指定位元來指示目標安全應用服務所在位置。處理器可以獲取該安全任務處理請求攜帶的目標安全應用服務的服務標識,若該服務標識的指定位元的取值為第一預設值(比如1),則確定該目標安全應用服務為微安全架構所包含的安全應用服務。若該服務標識的指定位元的取值為第二預設值(比如0),則確定目標安全應用服務為安全作業系統所包含的安全應用服務。
當然,這裡只是對“確定安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務”進行示例性地說明,不對其進行具體地限定。
在本發明實施例中,若安全任務處理請求所請求的目標安全應用服務是所述微安全架構所包含的安全應用服務,運行微安全架構,並在微安全架構包含的多個安全應用服務中,確定該服務標識所指示的目標安全應用服務。
若安全任務處理請求所請求的目標安全應用服務不是所述微安全架構所包含的安全應用服務,則在安全作業系統中配置的安全應用服務中,查找與該安全任務處理請求攜帶的服務標識所指示的目標安全應用服務。
步驟206:處理器調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
在實現時,處理器可先獲取安全任務處理請求所對應的安全任務。
在一種可選的獲取方式中,該安全任務處理請求中攜帶了安全任務,處理器可以對該安全任務處理請求進行解析,獲取該安全任務處理請求中攜帶的安全任務。
在另一種可選的獲取方式中,該安全任務處理請求攜帶了安全任務的標識。當使用者觸發該安全任務後,該安全任務可以記錄在快取中。處理器可以對該安全任務處理請求進行解析,獲取該安全任務處理請求攜帶的安全任務的標識,並基於該安全任務的標識在快取中讀取該安全任務。
這裡只是對“獲取安全任務處理請求所對應的安全任務”進行示例性地說明,不對其進行具體地限定。
2、微安全架構創建
在本發明實施例中,處理器可在安全作業系統的初始化階段,基於預配置的微安全架構的設定檔,創建微安全架構。
下面以處理器為ARMv8處理器為例,對該創建過程進行說明。
參見圖3,圖3是本發明一示例性實施例示出的一種ARMv8架構的示意圖。
先對圖3中所關於的概念進行解釋。
1、EL0、EL1和EL3
EL0表示ARMv8架構的執行等級0,應用程式(即圖3中的Application)在EL0等級下執行。
EL1表示ARMv8架構的執行等級1,內核作業系統在EL1等級下執行。其中內核作業系統可包括:安全作業系統(即圖3中的Secure OS),基礎作業系統(如圖3中的Normal OS)。
EL3表示ARMv8架構的執行等級3,Secure Monitor(安全監測器)韌體在EL3等級下執行。
2、BL1、BL2和BL31
BL1是指電子設備的第一個啟動階段。
BL2是指電子設備第二個啟動階段。
BL31是指電子設備第三個啟動階段。
如圖3所示,在電子設備上電後,電子設備可進入BL1階段。電子設備的處理器可採用BL1階段中的校驗方法校驗BL2階段的韌體。若BL2階段的韌體檢驗通過,則基於BL2階段的韌體執行BL2階段的啟動。
然後,處理器可採用BL2階段中的校驗方法校驗BL31階段中的韌體的合法性,採用BL2階段中的校驗方法校驗Bootloader韌體的合法性,採用BL2階段中的校驗方法校驗安全作業系統給的合法性。
若BL31階段中的韌體合法、以及安全作業系統合法,處理器則採用BL31階段中的韌體執行BL31階段的啟動,並在BL31階段初始化安全作業系統。在安全作業系統初始化過程中,基於預配置的微安全架構的設定檔,創建微安全架構。
需要說明的是,本發明所述的創建微安全架構包括創建微安全架構以及該微安全架構所包含的安全應用服務。
此外,若Bootloader合法,處理器還可在BL31階段執行Bootloader,以使得Bootloader完成基礎作業系統的初始化。在基礎作業系統初始化完成後,處理器可運行基礎作業系統。
上述只是示例性地說明了處理器架構為ARMv8架構下的微安全架構的創建過程。當然,該處理器也可以是其他類型的處理器(比如Inter X86處理器)。在創建微安全架構時,只要微安全架構在安全作業系統初始化階段完成即可,而各安全作業系統的初始化過程可與該處理器架構相關,這裡不再贅述。
由上述描述可知,一方面,本發明提出了一種微安全架構,該微安全架構可以部署在處理器搭載的安全作業系統中,可包括至少一個安全應用服務。微安全架構可以使得安全應用服務與各處理器的安全作業系統隔離開,便於安全應用服務的升級、維護和移植。
此外,微安全架構具有很強的相容性,可以相容支援多種不同規格的處理器的安全作業系統。開發人員只需開發微安全架構,就可實現在多種處理器的安全作業系統中同時部署安全應用服務,大大便捷了安全應用服務的部署。
另一方面,本發明還提供了一種基於微安全架構進行安全任務處理的方法。在處理安全任務時,處理器可以因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統。在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務,並調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
第三方面,本發明還提供了微安全架構的創建方法,在安全作業系統的初始過程中,完成微安全架構的創建。
此外,本發明還提供了與上述安全任務處理方法對應的安全任務處理裝置。
參見圖4,圖4是本發明一示例性實施例示出的一種安全任務處理裝置的方塊圖。所述裝置應用於電子設備中的處理器,所述處理器搭載了安全作業系統;其中,所述安全作業系統包括微安全架構,所述微安全架構包含至少一個安全應用服務;所述裝置包括如下所示單元。
切換單元401,用於因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統;
確定單元402,用於在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務;
調用單元403,用於調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
可選的,所述微安全架構為相容支援多種不同規格的處理器的安全作業系統的通用微安全架構。
可選的,所述裝置還包括:
創建單元404(圖4中未示出),用於在安全作業系統的初始化階段,基於預配置的微安全架構的設定檔,創建微安全架構。
可選的,所述裝置還包括:
檢測單元405(圖4中未示出),用於確定所述安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務;
所述確定單元,用於若是,則運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務。
可選的,所述微安全架構包括Super TA。
此外,本發明還提供了一種電子設備,該電子設備包括:處理器;
用於儲存處理器可執行指令的記憶體;其中,所述處理器通過運行所述可執行指令執行因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統;
在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務;
調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
可選的,所述微安全架構為相容支援多種不同規格的處理器的安全作業系統的通用微安全架構。
所述處理器通過運行所述可執行指令執行在安全作業系統的初始化階段,基於預配置的微安全架構的設定檔,創建微安全架構。
可選的,所述處理器通過運行所述可執行指令,在運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務之前,執行確定所述安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務;若是,則執行所述運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務的步驟。
可選的,所述微安全架構包括Super TA。
此外,本發明還提供一種機器可讀儲存媒體,其上儲存有電腦指令,該指令被處理器執行時實現因應監聽到的安全任務處理請求,將所述處理器運行的作業系統切換為安全作業系統;
在安全作業系統的系統環境中,運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務;
調用所述目標安全應用服務,以完成與所述安全任務處理請求所對應的安全任務。
可選的,所述微安全架構為相容支援多種不同規格的處理器的安全作業系統的通用微安全架構。
可選的,該指令被處理器執行時實現在安全作業系統的初始化階段,基於預配置的微安全架構的設定檔,創建微安全架構。
可選的,該指令被處理器執行時實現確定所述安全任務處理請求所請求的目標安全應用服務是否為所述微安全架構所包含的安全應用服務;若是,則執行運行所述微安全架構,並在所述微安全架構包含的多個安全應用服務中,確定與所述安全任務處理請求匹配的目標安全應用服務。
可選的,所述微安全架構包括Super TA。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦,電腦的具體形式可以是個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件收發設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任意幾種設備的組合。
在一個典型的配置中,電腦包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。
記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)及/或非揮發性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。
電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的範例包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可程式設計唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶、磁片儲存、量子記憶體、基於石墨烯的儲存媒體或其他磁性存放裝置或任何其他非傳輸媒體,可用於儲存可以被計算設備存取的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調變的資料訊號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多工處理和並行處理也是可以的或者可能是有利的。
在本說明書一個或多個實施例使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本說明書一個或多個實施例。在本說明書一個或多個實施例和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“及/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。
應當理解,儘管在本說明書一個或多個實施例可能採用術語第一、第二、第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本說明書一個或多個實施例範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於上下文,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“因應確定”。
以上所述僅為本說明書一個或多個實施例的較佳實施例而已,並不用以限制本說明書一個或多個實施例,凡在本說明書一個或多個實施例的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本說明書一個或多個實施例保護的範圍之內。
The exemplary embodiments will be described in detail here, and examples thereof are shown in the drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with this specification. On the contrary, they are only examples of devices and methods consistent with some aspects of this specification as detailed in the scope of the appended application.
The terms used in this specification are only for the purpose of describing specific embodiments, and are not intended to limit the specification. The singular forms of "a", "the" and "the" used in this specification and the scope of the appended application are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
It should be understood that although the terms first, second, and third may be used in this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of this specification, the first information can also be referred to as second information, and similarly, the second information can also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "determined in response".
The present invention aims to propose a security task processing method. On the one hand, the present invention proposes a micro-security architecture, which includes at least one security application service. The micro security architecture can be deployed in a processor-mounted security operating system.
The micro-safety architecture provided by the present invention can isolate the safe application service from the safe operating system of each processor, and facilitate the upgrade, maintenance and transplantation of the safe application service.
The micro security architecture provided by the present invention has strong compatibility, and can be compatible with security operating systems supporting multiple processors of different specifications. Developers only need to develop a micro-security architecture to realize the simultaneous deployment of secure application services in a secure operating system with multiple processors, greatly improving the deployment efficiency of secure application services.
On the other hand, the present invention also provides a method for processing security tasks based on a micro security architecture. When processing the safety task, the processor may switch the operating system run by the processor to the safety operating system in response to the monitored safety task processing request. In the system environment of the safety operating system, run the micro-security architecture, and determine the target safety application service matching the safety task processing request among the multiple safety application services included in the micro-security architecture, and call all The target safety application service is used to complete the safety task corresponding to the safety task processing request.
In the third aspect, the present invention also provides a method for creating a micro-security architecture. The creation of the micro-security architecture is completed in the initial process of the security operation system.
Refer to Fig. 1, which is a schematic diagram of an electronic device according to an exemplary embodiment of the present specification.
The electronic device includes at least one processor, a network interface, a storage medium and a bus. Of course, in practical applications, the electronic device may also include other hardware, such as logic chips, input/output interfaces, and so on. Here, the hardware of the electronic device is only exemplified, and is not specifically limited.
Among them, the processor, network interface, and storage medium can communicate with each other through the bus.
The above-mentioned processor may be an ARM (Advanced RISC Machines, advanced RISC processor chip) chip (such as ARMv8), or an Intel x86 (Intel x86) chip. Here, only the model of the processor is exemplified, and the model of the processor is not specifically limited.
Each processor in the electronic device runs its own operating system independently, and performs its own tasks under the operating system it runs.
For example, the operating system that the processor runs may include a basic operating system and a safe operating system. The processor presets to run the basic operating system, and when it needs to process the safety task, the processor switches the basic operating system running by itself to the safe operating system. Perform safety tasks in the system environment of the safety operating system, and after the completion of the safety tasks, switch its own operating system from the safety operating system to the basic operating system.
The aforementioned storage medium can be any electronic, magnetic, optical, or other physical storage device, and can contain storage information, such as executable commands, data reading and writing, and so on. For example, the processor readable and writable storage medium may be: dynamic memory, non-volatile memory or similar storage media.
It should be noted that electronic devices may include: mobile terminal devices (such as mobile phones, IPAD, etc.), PCs, portable computers, etc. The electronic device is only exemplified here, and it is not specifically limited.
Before introducing the security task processing method provided by the present invention, first introduce the micro security architecture provided by the present invention.
The micro-security architecture is a newly proposed architecture in the present invention. It is a micro-architecture with strong compatibility. The micro-security architecture can be compatible with security operating systems supporting multiple processors of different specifications.
For example, the micro-security architecture can be compatible with the security operating system of the Inter X86 processor and the security operating system of the ARM processor.
The micro security architecture has the permission to call the basic functions of the operating system. Such as: interrupt registration, schedule creation, schedule logout, memory management, file system management, Timer registration and other functions. The function of the micro-security architecture is only exemplified here, and the function of the micro-security architecture is not specifically limited.
The micro security architecture may include at least one security application service. For example, the micro security architecture may include: unlocking services, signature services in the payment process, and so on. Here, the security application service of the micro security architecture is only exemplified, and it is not specifically limited.
The micro security architecture can isolate the security application service from the security operating system of each processor, facilitating the upgrade, maintenance and migration of the security application service. In addition, because the micro-security architecture can be compatible with secure operating systems that support multiple processors of different specifications, developers only need to develop the micro-security architecture to deploy secure application services in multiple-processor secure operating systems at the same time, greatly improving Improve the deployment efficiency of secure application services.
Among them, the micro security architecture can be a Super TA (Advanced Permission Security Application Management) architecture. Of course, the micro security architecture can also be other architectures. Here, the micro security architecture is only exemplified and not specifically limited. .
The security task processing method provided by the present invention will be described in detail below from two aspects of security task processing based on micro security architecture and micro security architecture creation.
1. Security task processing based on micro security architecture
Referring to FIG. 2, FIG. 2 is a flowchart of a method for processing a security task according to an exemplary embodiment of the present invention. The method can be applied to any processor in the electronic device shown in FIG. The processor is equipped with a safe operating system. The safe operating system includes a micro-safety architecture. The micro security architecture includes at least one security application service. The safety task processing method may include the following steps.
Step 202: In response to the monitored security task processing request, the processor switches the operating system run by the processor to the security operating system.
Among them, safety tasks refer to tasks with high safety requirements. For example, a user completes tasks related to bill or order payment through a security application (such as a payment APP, etc.). For another example, users perform user information authentication tasks through security applications. Another example is the screen unlocking task triggered when the user turns on the screen. The safety task is only exemplified here, and it is not specifically limited.
Safety application services are programs used to complete safety tasks. Each safety task corresponds to a safety application service.
For example, if the safety task is a screen unlocking task, the safety application service that handles the safety task is a screen unlocking service. The screen unlocking service can match the screen unlocking password entered by the user with the unlocking password preset by the user. If the match is successful, the screen will be unlocked. If the match fails, the prompt message of the wrong password will be displayed.
The safety task and safety application service are only exemplified here, and they are not specifically limited.
In the embodiment of this specification, when the driver of the security application user terminal (such as Alipay, etc.) detects that the user triggers the security task on the security application user terminal, the security application user terminal driver can initiate a security task processing request.
When the processor monitors the safety task processing request, it can respond to the safety task processing request and switch the operating system that the processor runs from the basic operating system to the safe operating system.
When the operating system is switched, the processor can call the switching logic recorded in the switching firmware in the storage medium to switch the operating system of the processor from the basic operating system to the safe operating system.
For example, when the processor is an ARMv8 processor, a Secure monitor (security monitor) firmware is stored in the storage medium of the electronic device. The processor can call the switch logic in the Secure monitor firmware to switch the operating system that the processor runs from the basic operating system to the safe operating system.
Here, the operating system switching mode is only exemplified, and is not specifically limited.
Step 204: The processor runs the micro security architecture in the system environment of the security operating system, and determines a target security application matching the security task processing request among multiple security application services included in the micro security architecture service.
In an alternative implementation, the micro security architecture includes security application services for processing all security tasks supported by electronic devices.
The aforementioned security task processing request carries the service identifier of the requested target security application service.
The processor runs the micro security architecture in the system environment of the security operating system, and determines the target security application service indicated by the service identifier among multiple security application services included in the micro security architecture.
In another alternative implementation, the micro security architecture includes security application services for handling part of the security tasks supported by electronic devices, and the security operating system includes security for handling part of the security tasks supported by electronic devices. Application service.
During implementation, the processor may determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture.
If the target security application service requested by the security task processing request is a security application service included in the micro security architecture, run the micro security architecture, and determine among multiple security application services included in the micro security architecture The target security application service matching the security task processing request.
If the target security application service requested by the security task processing request is not a security application service included in the micro security architecture, in the security application services configured in the security operation system, search for a target security application that matches the security task processing request service.
The method of "determining whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture" is introduced below.
Method 1: The security task processing request carries the service identifier of the requested target security application service.
The storage medium of the electronic device maintains a list of service identities of all security application services included in the micro security architecture.
The processor may call the list of service identifications, and search the list of service identifications for whether there is a service identification carried in the security task processing request. If the service identifier carried by the security task processing request exists in the service identifier list, it is determined that the security application service requested by the security task processing request is the security application service included in the micro security architecture. If the service identifier carried by the security task processing request does not exist in the list of service identifiers, it is determined that the security application service requested by the security task processing request is not a security application service included in the micro security architecture.
For example, the service identification list of the security application service included in the micro security architecture includes: security application service 1, security application service 2, and security application service 3.
The security task processing request carries the service identifier of the requested security application service as security application service 1.
Since the security application service 1 carried in the security task processing request is included in the service identifier list, the processor can determine that the security application service requested by the security task processing request is a security application service included in the micro security architecture.
Manner 2: The security task processing request carries the service identifier of the requested target security application service. The service identifier can indicate whether the target security application service is a security application service of a security operating system or a security application service included in a micro security architecture.
For example, a certain designated bit in the service identifier can be designated to indicate the location of the target security application service. The processor may obtain the service identification of the target security application service carried in the security task processing request, and if the value of the specified bit of the service identification is a first preset value (for example, 1), it is determined that the target security application service is a micro Security application services included in the security architecture. If the value of the designated bit of the service identifier is a second preset value (for example, 0), it is determined that the target secure application service is a secure application service included in the secure operating system.
Of course, "determining whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture" is only illustrative here, and it is not specifically limited.
In the embodiment of the present invention, if the target security application service requested by the security task processing request is a security application service included in the micro security architecture, the micro security architecture is run, and among multiple security application services included in the micro security architecture , Determine the target security application service indicated by the service identifier.
If the target security application service requested by the security task processing request is not a security application service included in the micro security architecture, then in the security application service configured in the security operation system, search for the location corresponding to the service identification carried in the security task processing request. The indicated target security application service.
Step 206: The processor invokes the target security application service to complete the security task corresponding to the security task processing request.
During implementation, the processor may first obtain the safety task corresponding to the safety task processing request.
In an optional acquisition manner, the safety task processing request carries the safety task, and the processor may analyze the safety task processing request to obtain the safety task carried in the safety task processing request.
In another optional acquisition manner, the safety task processing request carries the identifier of the safety task. When the user triggers the safety task, the safety task can be recorded in the cache. The processor may analyze the safety task processing request, obtain the safety task identifier carried in the safety task processing request, and read the safety task in the cache based on the safety task identifier.
Here, the "acquire the safety task corresponding to the safety task processing request" is only exemplified, and it is not specifically limited.
2. Creation of micro security architecture
In the embodiment of the present invention, the processor may create a micro-security architecture based on a pre-configured configuration file of the micro-security architecture during the initialization phase of the security operating system.
The following takes the processor as an ARMv8 processor as an example to describe the creation process.
Refer to FIG. 3, which is a schematic diagram of an ARMv8 architecture according to an exemplary embodiment of the present invention.
First explain the concepts in Figure 3.
1. EL0, EL1 and EL3
EL0 represents the execution level 0 of the ARMv8 architecture, and the application program (ie Application in FIG. 3) is executed at the EL0 level.
EL1 represents execution level 1 of the ARMv8 architecture, and the core operating system executes at the EL1 level. The kernel operating system may include: a secure operating system (i.e. Secure OS in Figure 3) and a basic operating system (i.e. Normal OS in Figure 3).
EL3 represents the execution level 3 of the ARMv8 architecture, and the Secure Monitor firmware is executed under the EL3 level.
2. BL1, BL2 and BL31
BL1 refers to the first start-up phase of electronic equipment.
BL2 refers to the second start-up phase of electronic equipment.
BL31 refers to the third start-up phase of electronic equipment.
As shown in Figure 3, after the electronic device is powered on, the electronic device can enter the BL1 stage. The processor of the electronic device can use the verification method in the BL1 stage to verify the firmware of the BL2 stage. If the BL2 firmware check passes, the BL2 stage will start based on the BL2 firmware.
Then, the processor can use the verification method in the BL2 stage to verify the legality of the firmware in the BL31 stage, use the verification method in the BL2 stage to verify the legality of the Bootloader firmware, and use the verification method in the BL2 stage Verify the legality given by the safe operating system.
If the firmware in the BL31 stage is legal and the security operating system is legal, the processor will use the firmware in the BL31 stage to execute the BL31 stage startup and initialize the security operating system in the BL31 stage. During the initialization of the security operating system, a micro security architecture is created based on the pre-configured micro security architecture profile.
It should be noted that the creation of the micro-security architecture in the present invention includes the creation of the micro-security architecture and the security application services included in the micro-security architecture.
In addition, if the Bootloader is legal, the processor can also execute the Bootloader in the BL31 stage, so that the Bootloader completes the initialization of the basic operating system. After the basic operating system is initialized, the processor can run the basic operating system.
The foregoing is only an exemplary illustration of the process of creating a micro-security architecture under the ARMv8 architecture. Of course, the processor can also be other types of processors (such as Inter X86 processors). When creating the micro-security architecture, as long as the micro-security architecture is completed during the initialization phase of the security operating system, and the initialization process of each security operating system can be related to the processor architecture, it will not be repeated here.
It can be seen from the above description that, on the one hand, the present invention proposes a micro-security architecture, which can be deployed in a processor-mounted security operating system and can include at least one security application service. The micro security architecture can isolate the security application service from the security operating system of each processor, facilitating the upgrade, maintenance and migration of the security application service.
In addition, the micro-security architecture has strong compatibility and can be compatible with security operating systems that support multiple processors of different specifications. Developers only need to develop a micro-security architecture to realize the simultaneous deployment of secure application services in a secure operating system with multiple processors, which greatly facilitates the deployment of secure application services.
On the other hand, the present invention also provides a method for processing security tasks based on a micro security architecture. When processing the safety task, the processor may switch the operating system run by the processor to the safety operating system in response to the monitored safety task processing request. In the system environment of the safety operating system, run the micro-security architecture, and determine the target safety application service matching the safety task processing request among the multiple safety application services included in the micro-security architecture, and call all The target safety application service is used to complete the safety task corresponding to the safety task processing request.
In the third aspect, the present invention also provides a method for creating a micro-security architecture. The creation of the micro-security architecture is completed in the initial process of the security operation system.
In addition, the present invention also provides a safety task processing device corresponding to the above safety task processing method.
Refer to Fig. 4, which is a block diagram of a security task processing apparatus according to an exemplary embodiment of the present invention. The device is applied to a processor in an electronic device, and the processor is equipped with a security operating system; wherein, the security operating system includes a micro security architecture, and the micro security architecture includes at least one security application service; the device includes The unit is shown below.
The switching unit 401 is configured to switch the operating system run by the processor to the safe operating system in response to the monitored security task processing request;
The determining unit 402 is configured to run the micro security architecture in the system environment of the security operation system, and determine the target security that matches the security task processing request among multiple security application services included in the micro security architecture Application service
The calling unit 403 is used to call the target security application service to complete the security task corresponding to the security task processing request.
Optionally, the micro-security architecture is a general micro-security architecture compatible with a security operating system supporting multiple processors of different specifications.
Optionally, the device further includes:
The creation unit 404 (not shown in FIG. 4) is configured to create a micro-security architecture based on a pre-configured micro-security architecture profile during the initialization phase of the security operating system.
Optionally, the device further includes:
The detection unit 405 (not shown in FIG. 4) is configured to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture;
The determining unit is configured to, if yes, run the micro security architecture, and determine a target security application service matching the security task processing request among multiple security application services included in the micro security architecture.
Optionally, the micro security architecture includes Super TA.
In addition, the present invention also provides an electronic device, which includes: a processor;
A memory used to store executable instructions of the processor; wherein the processor executes the security task processing request in response to the monitored security task processing request by running the executable instruction, and switches the operating system run by the processor to the security operating system;
In the system environment of the security operating system, run the micro security architecture, and determine a target security application service that matches the security task processing request among multiple security application services included in the micro security architecture;
Invoke the target safety application service to complete the safety task corresponding to the safety task processing request.
Optionally, the micro-security architecture is a general micro-security architecture compatible with a security operating system supporting multiple processors of different specifications.
The processor executes the initialization phase of the security operating system by running the executable instructions, and creates a micro security architecture based on a pre-configured micro security architecture profile.
Optionally, the processor runs the micro-security architecture by running the executable instruction, and determines the one that matches the security task processing request among multiple security application services included in the micro-security architecture. Before the target security application service, execute to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture; if so, execute the operation of the micro security architecture, and Among the multiple security application services included in the micro security architecture, a step of determining a target security application service matching the security task processing request.
Optionally, the micro security architecture includes Super TA.
In addition, the present invention also provides a machine-readable storage medium on which computer instructions are stored. When the instructions are executed by a processor, they can switch the operating system running by the processor to a safe task in response to a security task processing request that is monitored. system;
In the system environment of the security operating system, run the micro security architecture, and determine a target security application service that matches the security task processing request among multiple security application services included in the micro security architecture;
Invoke the target safety application service to complete the safety task corresponding to the safety task processing request.
Optionally, the micro-security architecture is a general micro-security architecture compatible with a security operating system supporting multiple processors of different specifications.
Optionally, when the instruction is executed by the processor, it is implemented in the initialization phase of the security operating system, and a micro security architecture is created based on a pre-configured micro security architecture profile.
Optionally, when the instruction is executed by the processor, it is implemented to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture; if so, execute and run the micro security architecture , And among the multiple security application services included in the micro security architecture, a target security application service that matches the security task processing request is determined.
Optionally, the micro security architecture includes Super TA.
The systems, devices, modules or units explained in the above embodiments may be implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game. Console, tablet, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
Memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), and other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, read-only CD-ROM (CD-ROM), digital multi-function Optical discs (DVD) or other optical storage, magnetic cassettes, magnetic sheet storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media that can be used to store data that can be accessed by computing devices Information. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order from the embodiment and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired result. In some embodiments, multiplexing and parallel processing are also possible or may be advantageous.
The terms used in one or more embodiments of this specification are only for the purpose of describing specific embodiments, and are not intended to limit one or more embodiments of this specification. The singular forms "a", "the" and "the" used in one or more embodiments of this specification and the scope of the appended patent application are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
It should be understood that although the terms first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of one or more embodiments of this specification, the first information can also be referred to as second information, and similarly, the second information can also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "determined in response".
The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not used to limit one or more embodiments of this specification. All within the spirit and principle of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. made should be included in the protection scope of one or more embodiments of this specification.