WO2015014015A1

WO2015014015A1 - Terminal

Info

Publication number: WO2015014015A1
Application number: PCT/CN2013/084356
Authority: WO
Inventors: 祝芳浩; 刘东海; 袁刚; 丁兆刚; 冯耀辉
Original assignee: 宇龙计算机通信科技(深圳)有限公司
Priority date: 2013-07-30
Filing date: 2013-09-26
Publication date: 2015-02-05

Abstract

The present invention provides a terminal, comprising: a first processor and a second processor, used to process different types of data in the terminal respectively; and an external monitoring module, used to perform type determination on data from an external device of the terminal, and determine, according to a determination result, to transmit the data to the first processor or the second processor. By means of the technical solution of the present invention, different types of data in the terminal may be processed by different processors, and type identification is performed for data input to the processor, so that the data is correctly input to the first processor or the second processor, thereby preventing data from crossing, and effectively improving the safety of the terminal.

Description

Terminal

Technical field

The present invention relates to the field of data security technologies, and in particular, to a terminal. Background technique

As shown in FIG. 1, in the related art, only a single processor (CPU shown in FIG. 1) is provided in the terminal, and the processor can receive data from any external device 102; at the same time, any setting in the terminal The communication module (Modem) can interact with the CPU to exchange data such as voice service and data service.

Since all data is processed by the same CPU and stored in the same memory, when there are some applications with excessive permissions in the terminal, especially third-party applications with uncertain sources, these applications It is easy to control the only processor in the terminal to call any data, including important, private data, and even upload it to other terminals or servers.

Therefore, how to solve the data security problem brought by a single processor to the terminal has become a technical problem to be solved. Summary of the invention

The invention is based on the above problems, and proposes a new technical solution, which can make different types of data in the terminal be processed by different processors, and the data input to the processor can be accurately input by type identification. In the first processor or the second processor, data crossover is avoided, and the security of the terminal is effectively improved.

In view of this, the present invention provides a terminal, including: a first processor and a second processor, configured to separately process different types of data in the terminal; a peripheral monitoring module, connected to an external device of the terminal And performing type determination on data from an external device of the terminal, and determining to transmit data to the first processor or the second processor according to the determination result.

In this technical solution, different types of data in the terminal are processed by different processors, so that the data processing process is physically isolated, which helps to improve the data security of the terminal.

The identification and classification of data from external devices by setting up a dedicated peripheral monitoring module not only helps speed up processing, but also improves data security through data classification.

Considering the number of external devices, you can use a variety of specific connections. For example, in one case, all external devices can be connected to the peripheral monitoring module, and then the peripheral monitoring module transmits the classified data to the first processor or the second processor; in another case, A peripheral monitoring module is separately configured for each external device, and each of the peripheral monitoring modules transmits the classified data to the first processor or the second Processor.

In the above technical solution, preferably, the peripheral monitoring module is further configured to: directly transmit data to the first channel if there is a path between the first processor or the second processor a processor or the second processor, adding an identifier to data that needs to be transmitted to the second processor to be used by the first process if there is only a path between the first processor and the first processor Forwarding to the second processor, adding an identifier to data that needs to be transmitted to the first processor to be used by the second processor in the case where there is only a path between the second processor Forwarded to the first processor.

In this technical solution, the peripheral monitoring module may have a connection path with the first processor or the second processor, and then the data interaction may be directly performed; or may be only related to the first processor or the second processor. A path with a connection can be forwarded by the connected processor to the remaining processors.

Of course, in addition to performing data forwarding, you can actually use other methods to achieve mutual assistance between processors. For example, the peripheral monitoring module is connected to the first processor. For example, in one case, the port connected to the peripheral monitoring module and the port connected to the second processor (or other processor) may be connected by the first processor. Between them to establish a data transmission channel, the peripheral monitoring module directly uses the data transmission channel to transmit data to the second processor; in another case, the first processor establishes a DMA transmission channel by configuring the port The DMA transmission channel is directly used by the peripheral monitoring module to transmit data to the second processor in a manner of calling the bus of the first processor.

In any one of the above technical solutions, preferably, the method further includes: a restricted external device connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is connected to the first processor; The peripheral monitoring module performs type determination on data from the restricted external device, directly transmits data corresponding to the first processor to the first processor, and needs to transmit to the first The data of the second processor adds an identification to be forwarded by the first processor to the second processor.

In this technical solution, the external device is restricted from accessing the data, and the data with high importance and high degree of privacy is more. Therefore, after the type identification of the data of the restricted external device is performed, only the first processor is still connected. Enables the first processor to further view and monitor all data, which helps to improve the security of the terminal; or restricts the external device to interact with the first processor more frequently, thus by directly putting all the data directly The transmission to the first processor enables the first processor to acquire the required data more quickly, which helps to improve data processing efficiency.

In any one of the foregoing technical solutions, preferably, the method further includes: an unrestricted external device connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is connected to the second processor; The peripheral monitoring module performs type determination on data from the non-restricted external device, and directly transmits data corresponding to the second processor to the second processor, and needs to transmit to the The data of the first processor adds an identification to be forwarded by the second processor to the first processor.

In the technical solution, the data that is accessed by the non-restricted external device has less importance, less privacy data, or more frequent data exchange with the second processor, so that all data is directly transmitted. The second processor enables the second processor to acquire the required data more quickly, which helps to improve data processing efficiency.

In any one of the above technical solutions, preferably, the method further includes: a shared external device connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is simultaneously connected to the first processor And the second processor; wherein the peripheral monitoring module performs type determination on data from the shared external device, and transmits data to the first processor or the second processing according to the determination result Device.

In this technical solution, the amount of various types of data touched by the shared external device is similar, and the frequency of interaction with the first processor and the second processor is also similar, so that various types of data can be directly transmitted to the first processor and The second processor facilitates the orderly execution of data processing and data interaction.

In any one of the foregoing technical solutions, preferably, the first processor is configured to process private data in the terminal, and the second processor is configured to process non-private data in the terminal.

In this technical solution, there may be multiple types of data in the terminal, such as the importance of the data, the degree of privacy, the size of the data, the difference in the data format, etc., even based on the actual needs of the user, processed by each processor. The data types are adjusted and changed. In a more specific embodiment, the private data may be processed by the first processor according to the degree of privacy of the data, and the non-private data is processed by the second processor.

In any one of the foregoing technical solutions, preferably, the peripheral monitoring module is further configured to: determine that data of an external device from the terminal corresponds to a protected application or an unprotected application, where the determining corresponds to the receiving The data of the protection application is private data, and the data corresponding to the unprotected application is non-private data.

The present invention also provides a terminal, including: a first processor and a second processor, configured to separately process different types of data in the terminal; a communication monitoring module, a communication module connected to the terminal, configured to The data from the communication module of the terminal performs type determination, and determines to transmit data to the first processor or the second processor according to the determination result.

By setting up a special communication monitoring module, the data from the external device can be identified and classified, which not only helps speed up the processing, but also improves data security through data classification.

Considering the number of communication modules, a variety of specific connection methods can be used. For example, in one case, all communication modules can be connected to the communication monitoring module, and then the classified monitoring data can be transmitted to the first processor or the second processor by the communication monitoring module; in another case, each can be The communication modules are separately configured with a communication monitoring module, and each of the communication monitoring modules transmits the classified data to the first processor or the second processor.

In the above technical solution, preferably, the communication monitoring module is further configured to: directly transmit data to the first channel if there is a path between the first processor or the second processor a processor or the second processor; adding an identification to data that needs to be transmitted to the second processor to be used by the first processor in the presence of a path only between the first processor Forwarding to the second processor; in only with the second Where there is a path between the processors, an identification is added to the data that needs to be transmitted to the first processor for forwarding by the second processor to the first processor.

In this technical solution, the communication monitoring module may have a connection path with the first processor or the second processor, and may directly perform data interaction; or may only be associated with one of the first processor or the second processor. If there is a connected path, the remaining processors can perform data forwarding to the remaining processors.

Of course, in addition to performing data forwarding, you can actually use other methods to achieve mutual assistance between processors. For example, the communication monitoring module is connected to the first processor. For example, in a case, the port connected to the communication monitoring module and the port connected to the second processor (or other processor) may be connected by the first processor. Performing configuration to establish a data transmission channel, so that the communication monitoring module directly utilizes the data transmission channel to transmit data to the second processor; in another case, the first processor establishes a DMA transmission channel by configuring the port, The manner of calling the bus of the first processor is directly used by the communication monitoring module to transmit the data to the second processor.

In any one of the above aspects, preferably, the method further includes: a restriction type communication module, connected to one end of the communication monitoring module, and the other end of the communication monitoring module is connected to the first processor; The communication monitoring module performs type determination on data from the restricted communication module, directly transmits data corresponding to the first processor to the first processor, and needs to transmit to the second processor Data is added to the identifier for forwarding by the first processor to the second processor.

In the technical solution, the restricted communication module contacts the data, and the data with high importance and high degree of privacy is more. Therefore, after the type identification of the data of the restricted communication module is performed, only the first processor is still connected. The first processor enables further viewing and monitoring of all data, which helps to improve the security of the terminal; or, the restricted communication module can be more interactive with the first processor than the other communication module. High, so by transferring all data directly to the first processor, enabling the first processor to acquire the required data faster, helps to improve data processing efficiency.

In any one of the above aspects, preferably, the method further includes: an unrestricted communication module, connected to one end of the communication monitoring module, and the other end of the communication monitoring module is connected to the second processor; The communication monitoring module performs type determination on data from the unrestricted communication module, and directly transmits data corresponding to the second processor to the second processor, and needs to transmit to the first The data of the processor is added with an identification to be forwarded by the second processor to the first processor.

In the technical solution, the non-restricted communication module contacts the data, has less importance, has less privacy data, or has a higher frequency of data interaction with the second processor, so that all data is directly transmitted. The second processor enables the second processor to acquire the required data more quickly, which helps to improve data processing efficiency.

In any one of the foregoing technical solutions, preferably, the method further includes: a shared communication module, connected to one end of the communication monitoring module, and the other end of the communication monitoring module is simultaneously connected to the first processor and the a second processor; wherein the communication monitoring module performs type determination on data from the shared communication module And transmitting data to the first processor or the second processor according to the judgment result.

In the technical solution, the number of types of data touched by the shared communication module is similar, and the frequency of interaction with the first processor and the second processor is similar, so that various types of data can be directly transmitted to the first processor and The second processor facilitates the orderly execution of data processing and data interaction.

In any one of the foregoing technical solutions, the communication monitoring module is further configured to: determine that data of the communication module from the terminal corresponds to a protected application or an unprotected application, where the determination corresponds to the The data of the protected application is private data, and the data corresponding to the unprotected application is non-private data.

The present invention also provides a terminal, including: a first processor and a second processor, configured to separately process different types of data in the terminal; wherein, the first processor is further configured to: The data of the at least one external device and/or the at least one communication module is type-determined, and according to the determination result, it is determined that the received data is processed by itself or transmitted to the second processor.

The identification and classification of data from external devices and/or communication modules by the first processor directly helps to reduce the improvement of the existing structure of the terminal and reduce the complexity of the terminal structure. In particular, the technical solution may be specifically applied to an external device and/or a communication module connected only to the first processor, or to an external device and/or a communication module that are simultaneously connected to the first processor and the second processor. .

In the above technical solution, preferably, the method further includes: a restriction-type external device connected only to the first processor; and an unrestricted external device connected to only the second processor; wherein, the first processing Directly receiving data from the restricted type external device, and receiving data from the non-restricted external device directly forwarded by the second processor, and according to the external device from the restricted class or the unrestricted As a result of the type determination of the data of the external device of the class, it is determined that the received data is processed by itself or transmitted to the second processor.

In this technical solution, type identification is performed on all data of the restricted class external device and the non-restricted class external device by the first processor, so that the first processor can view all the data, especially when the first process is performed. When the data used for processing is more important and the privacy is higher, the first processor is a "secure processor" relative to the second processor, thereby helping to avoid erroneous transmission of data and preventing malicious applications from passing through the first The second processor steals important, private data.

In any one of the above technical solutions, preferably, the second processor is further configured to: at least one from the connection The data of the external device and/or the at least one communication module is type-determined, and according to the determination result, it is determined that the received data is processed by itself or transmitted to the first processor.

In the technical solution, the data from the external device and/or the communication module is directly identified and classified by the second processor, which helps to reduce the improvement of the existing structure of the terminal and reduce the complexity of the terminal structure. In particular, the technical solution may be specifically applied to an external device and/or a communication module connected only to the second processor, or to an external device and/or a communication module that are simultaneously connected to the first processor and the second processor. .

In any one of the above technical solutions, preferably, the method further includes: a restricted external device connected only to the first processor; and an unrestricted external device connected only to the second processor; a processor receives data from the restricted external device, and determines to process the received data by itself or transmits the data to the second processor according to a result of type determination of the received data; The second processor receives data from the non-restricted external device and determines to process the received data by itself or transmit the data to the first processor according to a result of type determination of the received data.

In this technical solution, the external device is restricted from accessing the data, the data with high importance and high degree of privacy is more, or the external device is restricted to interact with the first processor more frequently; the non-restricted external device is exposed to the device. Of the data, there is more data with less importance and less privacy, or more frequent data exchange with the second processor. Therefore, the first processor and the second processor respectively identify, distribute, and process data from the restricted external device and the non-restricted external device, thereby helping to avoid data security problems caused by data crossover. Helps improve the efficiency of data processing and enhance the user experience.

In any one of the foregoing technical solutions, preferably, the private data is data corresponding to a protected application, and the non-private data is data corresponding to an unprotected application.

The present invention also provides a terminal, comprising: a first processor and a second processor, configured to separately process different types of data in the terminal; and a communication module, configured to perform data received from an external communication device Type determining, and determining to transmit data to the first processor or the second processor according to the result of the determination.

The communication module directly recognizes and classifies the data from the external device and/or the data received by itself, which helps to reduce the improvement of the existing structure of the terminal and reduce the complexity of the terminal structure.

In the above technical solution, preferably, the communication module is further configured to: directly transmit data to the first process if there is a path between the first processor or the second processor Or the second An identifier is added to data that needs to be transmitted to the second processor for forwarding to the second processor by the first processor in the case where there is only a path between the first processor and the first processor Adding an identification to data that needs to be transmitted to the first processor for forwarding to the first processor by the second processor in the case where there is a path only between the second processor .

In this technical solution, the communication module may have a connection path with the first processor or the second processor, and the data interaction may be directly performed; or only one of the first processor or the second processor may exist. The connected path can be forwarded by the connected processor to the remaining processors.

Of course, in addition to performing data forwarding, you can actually use other methods to achieve mutual assistance between processors. For example, the communication module is connected to the first processor. For example, in one case, the port connected to the communication module and the port connected to the second processor (or other processor) may be configured by the first processor. , to establish a data transmission channel, so that the communication module directly uses the data transmission channel to transmit data to the second processor; in another case, the first processor establishes a DMA transmission channel by configuring the port to invoke the first The way of the bus of the processor, the communication module directly uses the DMA transmission channel to transmit data to the second processor.

In any one of the foregoing technical solutions, preferably, the communication module is further configured to: determine that data from the external communication device corresponds to a protected application or an unprotected application, where the determination corresponds to the protected application. The data is private data, and the data corresponding to the unprotected application is non-private data.

It should be noted that, in each of the above technical solutions:

The first processor and the second processor are not intended to limit the number of processors in the terminal to two, and it is apparent that the terminal can actually contain more processors. Among them, "first" and "second" represent the relationship between any two processors in the terminal, and are used to distinguish any two processors that are compared. For example, for a terminal that includes three processors, when processor 1 and processor 2 are selected for comparison, either one of processor 1 and processor 2 may be referred to as a "first processor" and the other is " "Second processor"; and when processor 2 and processor 3 are selected for comparison, either processor 2 and processor 3 may be referred to as "first processor" and the other as "second processor" " , So on and so forth.

Of course, in order to enhance the processing capability of the terminal, multiple processors can be used to process the same type of data, and the multiple processors should be treated as one processor group, then the "first processor" and the "second processor". It is also possible to actually represent a processor group for processing the same type of data, each processor group containing one or more processors. At the same time, in order to correspond to more types of data, there may obviously be more processor groups in the terminal. Such as "third processor group", "fourth processor group" and so on.

Through the above technical solution, different types of data in the terminal can be processed by different processors, and the data input to the processor can be accurately input into the first processor or the second processor by type identification, thereby avoiding Data crossover effectively improves the security of the terminal.

Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can be embodied in the form of one or more computer program products embodied on a computer-usable storage medium (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of a method, a device (system), and a computer program product according to an embodiment of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram. DRAWINGS

FIG. 1 is a schematic diagram showing a terminal architecture of a conventional single processor in the related art;

2 is a schematic structural diagram of a terminal according to an embodiment of the present invention;

3 is a schematic structural diagram of a terminal in a specific embodiment of the embodiment shown in FIG. 2; FIG. 4 is a schematic structural diagram of a terminal in another specific embodiment of the embodiment shown in FIG. A schematic diagram of a connection structure between an external device and a communication module and a processor in a terminal according to an embodiment of the present invention;

6 is a diagram showing a terminal structure for monitoring an external device or a communication module according to an embodiment of the present invention;

FIG. 7 shows a terminal for monitoring an external device or a communication module according to another embodiment of the present invention. Schematic;

FIG. 8 is a block diagram showing the structure of a terminal according to another embodiment of the present invention; FIG.

9 is a schematic structural diagram of a terminal in a specific embodiment of the embodiment shown in FIG. 8. FIG. 10 is a schematic structural diagram of a terminal in another specific embodiment of the embodiment shown in FIG. detailed description

The present invention will be further described in detail with reference to the drawings and specific embodiments thereof. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the invention, but the invention may be practiced in other embodiments other than those described herein. Limitations of specific embodiments.

FIG. 2 shows a schematic diagram of a terminal structure according to an embodiment of the present invention.

As shown in FIG. 2, a terminal according to an embodiment of the present invention includes: a first processor (CPU1 shown in FIG. 2) and a second processor (CPU2 shown in FIG. 2) for processing separately Different types of data in the terminal.

In one aspect, the type of data from the external device 102 of the terminal can be identified within the terminal. Specifically, a peripheral monitoring module 104, an external device 102 connected to the terminal, and/or a communication monitoring module 106, wherein: the peripheral monitoring module 104 is configured to external device 102 from the terminal The data is type-determined, and determines to transmit data to the first processor or the second processor according to the determination result; the communication monitoring module 106 is configured to use a communication module from the terminal (as shown in FIG. 2) The data of the illustrated Modem is type-determined, and based on the result of the determination, it is determined that the data is transmitted to the first processor or the second processor.

On the other hand, the type of data of the external device 102 from the terminal can be identified in the terminal. Specifically, a communication monitoring module 106, a communication module connected to the terminal (such as the Modem shown in FIG. 2), configured to perform type determination on data of the communication module from the terminal, and determine according to the determination result. Transmitting data to the first processor or the second processor.

Of course, although the peripheral monitoring module 104 and the communication monitoring module 106 are simultaneously shown in FIG. 2, those skilled in the art should understand that: according to actual conditions and requirements, only the peripheral monitoring module 104 may be set in the terminal, or Only the communication monitoring module 106 is provided, and the peripheral monitoring module 104 and the communication monitoring module 106 can also be set at the same time, which are easy to change and implement.

In the technical solution, different types of data in the terminal are processed by different processors by the first processor and the second processor, so that the data processing process is physically isolated, which is helpful. Improve the data security of the terminal.

At the same time, the data processed by the first processor and the second processor can be stored in different storage spaces respectively. Having, for example, storing data processed by the first processor in a first memory connected only to the first processor, and storing data processed by the second processor in a second memory connected only to the second processor, thereby Avoid data crossover and further improve the security of the terminal. Specifically, the first memory and the second memory may include a terminal

RAM. EMMC and so on.

1, the number of processors

It should be noted that the first processor and the second processor are not used to limit the number of processors in the terminal to two, and it is obvious that more processors can be included in the terminal. Among them, "first" and "second" represent the relationship between any two processors in the terminal, and are used to distinguish any two processors that are compared. For example, for a terminal including three processors, when processor 1 and processor 2 are selected for comparison, either processor 1 and processor 2 may be referred to as "first processor" and the other is " "Second processor"; and when processor 2 and processor 3 are selected for comparison, either processor 2 and processor 3 may be referred to as "first processor" and the other as "second processor" " , So on and so forth.

Of course, in order to enhance the processing capability of the terminal, multiple processors can be used to process the same type of data, and the multiple processors should be treated as one processor group, then the "first processor" and the "second processor". It is also possible to actually represent a processor group for processing the same type of data, each processor group containing one or more processors. At the same time, in order to correspond to more types of data, it is obvious that there may be more processor groups in the terminal, such as "third processor group", "fourth processor group" and the like.

2, data classification

The first processor and the second processor are respectively used to process different types of data within the terminal, and thus involve classifying data within the terminal. For example, according to the importance of the data, the data is divided into core data and non-core data; or according to the privacy of the data, the data is divided into private data and non-private data; or according to the data transmission direction, the data is divided into Send data and received data, and so on.

Each classification can be preset by the manufacturer, or it can be determined by the user according to his actual situation. For example, in the case of classification of private data and non-private data, for example, data associated with certain applications can be used as private data or non-private data, such as "address book" and "call record". Application-related data such as "," "short message", "mail", whether read or written, is counted as private data, or data related to a game application is treated as non-private data; In this case, a certain type of data may be used as private data or non-private data, such as interactive data with online banking as private data, and software update package data as non-private data, etc., and may also include other The way to distinguish, not here - enumeration.

3, data transmission

The identification and classification of data from the external device 102 and/or the communication module by setting up a dedicated peripheral monitoring module 104 and/or communication monitoring module 106 not only helps speed up processing but also improves data classification. Data security.

For the connection between the peripheral monitoring module 104 and/or the communication monitoring module 106 and the CPU 1 or CPU 2 The way, the specific data transmission method may be different:

(1) As shown in FIG. 2, assuming that the peripheral monitoring module 104 and/or the communication monitoring module 106 are simultaneously connected to the CPU 1 and the CPU 2, the peripheral monitoring module 104 and/or the communication monitoring module 106 may, depending on the type of data detected, Transfer directly to CPU1 or CPU2.

(2) As shown in Figure 3, it is assumed that the peripheral monitoring module 104 and/or the communication monitoring module 106 are only connected to

CPU1 can directly transmit data corresponding to CPU1, and data corresponding to CPU2 needs to be forwarded by CPU1.

(3) As shown in FIG. 4, assuming that the peripheral monitoring module 104 and/or the communication monitoring module 106 are only connected to the CPU 2, the data corresponding to the CPU 2 can be directly transmitted, and for the data corresponding to the CPU 1, the data needs to be performed by the CPU 2. Forward.

In modes (2) and (3), there are many specific data forwarding methods. For example, (2), that is, CPU1 assists CPU2 in data interaction:

1) The peripheral monitoring module 104 and/or the communication monitoring module 106 add an identifier to the data that needs to be transmitted to the CPU 2, and after receiving the data, the CPU 1 transmits the data to the CPU 2 by viewing the identification.

2) The peripheral monitoring module 104 and/or the communication monitoring module 106 notifies the CPU 1 (such as sending a notification message or other preset manner) after discovering that there is data that needs to be sent to the CPU 2, and is connected to the peripheral monitoring module by the CPU1. 104 and/or a port of the communication monitoring module 106, a port connected to the CPU 2 (or other processor) to configure a data transmission channel, thereby being directly utilized by the peripheral monitoring module 104 and/or the communication monitoring module 106 The data transfer channel transfers data to CPU2.

3) Similar to 2), but instead of establishing a data transmission channel, a DMA transmission channel is established by configuring a port to directly use the DMA by the peripheral monitoring module 104 and/or the communication monitoring module 106 in a manner of calling the bus of the CPU1. Transfer channel to transfer data to CPU2.

4. Types of external devices and modems

As shown in FIG. 5, the external device 102 in the terminal shown in FIG. 2 can be divided into: a restricted external device 102A connected only to the CPU 1 and a non-connected only to the CPU 2 according to the connection relationship with the CPU 1 and the CPU 2. The class external device 102B is restricted and the shared class external device 102C is simultaneously connected to the CPU 1, CPU 2.

For the Modem in the terminal shown in Figure 2, according to its connection relationship with CPU1 and CPU2, it can be divided into: Modeml connected only to CPU1, Modem2 connected only to CPU2, and Modem3 connected to CPU1 and CPU2 at the same time.

The specific connection method used actually involves the classification of the external device 102 and the Modem. For example, it can be classified according to the type of data involved in each external device 102/Modem. For example, when more data (greater than or equal to the preset amount of data) processed by an external device 102/Modem is data of high importance and high privacy, it can be connected only to CPU1 (dedicated for handling important A processor with high data and high privacy; and when an external device 102/Modem processes all types of data, it can be connected to both CPU1 and CPU2 (ie, simultaneously connected to all processing) In order to speed up data interaction efficiency; when an external device processes more data with low importance and low privacy, it can be connected to CPU2 only.

Alternatively, it can be categorized according to the relationship between each external device 102/Modem and the processor. For example, when an external device 102/Modem interacts with the first processor frequently, it can be connected only to the first processor; when an external device 102/Modem interacts with the second processor frequently, Connect it only to the second processor; the rest can be connected to all processors at the same time.

It should be noted that although the external device 102 is connected to the peripheral monitoring module 104 and the Modem is connected to the communication monitoring module 106, in fact, the "external device 102" shown in FIG. 2 does not represent the terminal. Contains only one external device, "Modem" does not mean that only one Modem is included in the terminal; "External Device 102", "Modem" in Figure 2 should actually be represented as a collection of one or more external devices, and one Or a collection of multiple modems.

Then, the connection relationship between the external device 102 or Modem in the "set" and the peripheral monitoring module 104 or the communication monitoring module 106 is not limited to that shown in FIG. The following is a detailed description with reference to FIG. 6 and FIG. 7. Where, because the connection mode of the external device 102 and the Modem is similar, the two are described together, and the "monitoring module" is used instead of the specific "peripheral monitoring module 104" or "Communication Monitoring Module 106", but it is apparent that the external device 102 corresponds to the peripheral monitoring module 104, and the Modem corresponds to the communication monitoring module 106.

The external device 1 and the external device 2 are included in the terminal as an example. In one case, as shown in FIG. 6, multiple external devices such as the external device 1, the external device 2, and the like are connected to the same monitoring module, which helps reduce the number of monitoring modules used and reduces the complexity of the terminal; In another case, as shown in FIG. 7, a plurality of external devices such as an external device 1, an external device 2, and the like are respectively connected to corresponding monitoring modules, for example, the external device 1 is connected to the monitoring module 1, and the external device 2 is connected to the monitoring device. Module 2, etc., helps to reduce the calculation amount of each monitoring module and improve data processing efficiency.

The specific connection modes of the external device 1 and the external device 2 can also be applied to communication modules such as Modeml and Modem2, and details are not described herein. At the same time, although the way in which the monitoring module is directly connected to the CPU1 and CPU2 is used in Fig. 6, the monitoring module 1 and the monitoring module 2 are connected to the CPU1 and CPU2 respectively, but this is only for the specific For example, it is actually possible to use any of the specific connections as shown in Figures 2-4.

In addition to using a separate peripheral monitoring module 104 and/or communication monitoring module 106, the identification of data types within external devices and/or communication modules can be implemented in other ways.

Embodiment 1: Data type monitoring by a processor

1. Type monitoring of data performed by a single processor

As shown in Figure 8, it is assumed that the type monitoring of data is performed by CPU1, that is, the "Monitor" function is set only in CPU1. The external device 102 and Modem connected to the CPU 1 include only connected to the CPU 1 or simultaneously connected to the CPU 1 and the CPU 2, and the data is transmitted to the CPU 1 , and the specific data type is recognized by the CPU 1 and The CPU 1 determines to directly process the data or forward the data to the CPU 2 based on the result of the determination.

For the external device 102 and Modem connected to the CPU 2, including only connecting to the CPU 2 or simultaneously connected to the CPU 1, CPU 2, the data can be directly forwarded to the CPU 1 by the CPU 2, and then the CPU 1 determines whether to directly process the data or forward the data to the CPU 1 according to the judgment result. CPU2.

In particular, the CPU 1 may be a processor in the terminal for processing data of high importance and high privacy, so as to avoid data parsing by other processors as much as possible, thereby reducing the possibility of stealing and leaking important and private data. Sex.

Second, the type monitoring of data performed by multiple processors

As shown in Fig. 8, it is assumed that the type monitoring of data is performed by CPU1 and CPU2, that is, the "monitor" function is set in both CPU1 and CPU2. CPU1 and CPU2 can receive the data transmitted from the connected external device 102 or Modem, identify the data type, and determine whether to directly process it according to the recognition result, or forward it to other processors for processing.

Data identification and processing by multiple processors can help reduce the computational burden of a single CPU and improve the computational efficiency of data.

Embodiment 2: Type monitoring of data by Modem

The received data is type-recognized directly by the modem in the terminal, and based on the recognition result, it is determined which CPU should be processed. Although there may be one or more Modems in the terminal, for each Modem, the specific connection with the CPU is the same or similar. The following takes a specific Modem as an example to illustrate the connection relationship between it and the CPU.

First, connect to all CPUs at the same time

As shown in Figure 9, the Modem establishes a connection with all CPUs in the terminal. For example, if it is connected to CPU1 and CPU2 at the same time, when the Modem needs to transfer data to any CPU, it can be directly transmitted.

Second, only connect to a certain CPU

As shown in Figure 10, the Modem is only connected to a preset CPU in the terminal. For example, Modeml is only connected to CPU1, Modem2 is only connected to CPU2, then Modeml needs to transfer data to CPU2.

When Modem2 needs to transfer data to CPU1, it needs to perform data forwarding by CPU1 and CPU2.

Of course, FIG. 10 is a specific implementation manner. In fact, multiple modems in the terminal can be connected to only the same CPU, for example, Modeml and Modem2 can be connected only to CPU1, thereby helping to improve data security. Sexuality, to avoid malicious applications receiving some data through CPU2.

In addition, in any aspect of the present invention, preferably, the method further includes: an update unit (not shown), and updating, according to the received update instruction, a determination condition for determining the data, so that the monitoring module is configured according to The updated determination condition is to judge the private data and the non-private data. The monitoring module may be the peripheral monitoring module 104 and/or the communication monitoring module 106 shown in FIG. 2-4, or may be the CPU1 shown in FIG. CPU2 can also be the Modem (or Modeml and Modem2) shown in Figure 9-10.

In this technical solution, as the terminal service increases, the type of the user's private data will also change. For example, in the communication service, the short message, the address book, and the like belong to the user's private data; in the terminal system, the power on/off password, the application protection password, the terminal anti-theft password, and the screen unlock password are also private data of the user, and the data is selected by thinning. The update of the judgment conditions makes the selection of data more accurate, thereby ensuring the security of the user's private data.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

The technical solution of the present invention is described in detail above with reference to the accompanying drawings. In this paper, a terminal is provided, which can make different types of data in the terminal be processed by different processors, and can be identified by type for data input to the processor. Accurate input into the first processor or the second processor avoids data crossover and effectively improves the security of the terminal.

In the present invention, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The term "plurality" refers to two or more, unless specifically defined otherwise.

The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

Claim

A terminal, comprising:

a first processor and a second processor, configured to separately process different types of data in the terminal; a peripheral monitoring module, connected to an external device of the terminal, configured to perform data on an external device from the terminal Type determining, and determining to transmit data to the first processor or the second processor according to the result of the determination.

The terminal according to claim 1, wherein the peripheral monitoring module is further configured to: when there is a path between the first processor or the second processor, Directly transmitted to the first processor or the second processor;

Adding an identifier to data that needs to be transmitted to the second processor for forwarding to the second processor by the first processor, in the case where there is only a path between the first processor;

In the case where there is only a path between the second processor, an identification is added to the data that needs to be transmitted to the first processor for forwarding by the second processor to the first processor.

The terminal according to claim 2, further comprising:

Restricting an external device, connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is connected to the first processor;

The peripheral monitoring module performs type determination on data from the restricted external device, directly transmits data corresponding to the first processor to the first processor, and needs to transmit to the first processor The data of the second processor adds an identification to be forwarded by the first processor to the second processor.

The terminal according to claim 2, further comprising:

a non-limiting external device connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is connected to the second processor;

The peripheral monitoring module performs type determination on data from the non-restricted external device, and directly transmits data corresponding to the second processor to the second processor, and needs to transmit to the The data of the first processor adds an identification to be forwarded by the second processor to the first processor.

The terminal according to claim 2, further comprising:

a shared external device connected to one end of the peripheral monitoring module, and the other end of the peripheral monitoring module is simultaneously connected to the first processor and the second processor respectively;

The peripheral monitoring module performs type determination on data from the shared external device, and transmits data to the first processor or the second processor according to the determination result.

The terminal according to any one of claims 1 to 5, wherein the first processor is configured to process private data in the terminal, and the second processor is configured to process the terminal in the terminal Non-private data.

The terminal according to claim 6, wherein the peripheral monitoring module is further configured to: determine that data of an external device from the terminal corresponds to a protected application or an unprotected application, where It is determined that the data corresponding to the protected application is private data, and the data corresponding to the unprotected application is non-private data.

8. A terminal, comprising:

a first processor and a second processor, configured to separately process different types of data in the terminal; a communication monitoring module, a communication module connected to the terminal, configured to perform data type on the communication module from the terminal Judging, and determining to transmit data to the first processor or the second processor according to the judgment result.

The terminal according to claim 8, wherein the communication monitoring module is further configured to: directly direct data in a path between the first processor or the second processor Transmitting to the first processor or the second processor;

The terminal according to claim 9, further comprising:

a restriction type communication module, connected to one end of the communication monitoring module, and the other end of the communication monitoring module is connected to the first processor;

The communication monitoring module performs type determination on data from the restricted communication module, directly transmits data corresponding to the first processor to the first processor, and needs to transmit to the first The data of the second processor adds an identification to be forwarded by the first processor to the second processor.

The terminal according to claim 9, further comprising:

An unrestricted communication module is connected to one end of the communication monitoring module, and the other end of the communication monitoring module is connected to the second processor;

The communication monitoring module performs type determination on data from the unrestricted communication module, and directly transmits data corresponding to the second processor to the second processor, and needs to transmit to the The data of the first processor adds an identification to be forwarded by the second processor to the first processor.

The terminal according to claim 9, further comprising:

a shared communication module, connected to one end of the communication monitoring module, and the other end of the communication monitoring module is simultaneously connected to the first processor and the second processor, respectively;

The communication monitoring module performs type determination on data from the shared communication module, and transmits data to the first processor or the second processor according to the determination result.

The terminal according to any one of claims 8 to 12, wherein the first processor is configured to process private data in the terminal, and the second processor is configured to process the terminal in the terminal. Non-private data.

The terminal according to claim 13, wherein the communication monitoring module is further configured to: Determining that the data of the communication module from the terminal corresponds to a protected application or an unprotected application, wherein the data corresponding to the protected application is determined to be private data, and the data corresponding to the unprotected application is non-private data.

15. A terminal, comprising:

a first processor and a second processor, configured to separately process different types of data in the terminal; wherein the first processor is further configured to: connect at least one external device and/or at least one communication module from the connection The data is subjected to type determination, and it is determined according to the judgment result that the received data is processed by itself or transmitted to the second processor.

The terminal according to claim 15, further comprising:

Restricting external devices, only connected to the first processor;

Non-restricted external device, only connected to the second processor;

The first processor directly receives data from the restricted external device, and receives data from the non-restricted external device directly forwarded by the second processor, and according to the pair from the restricted class As a result of the type determination of the data of the external device or the non-restricted external device, it is determined that the received data is processed by itself or transmitted to the second processor.

The terminal according to claim 15, wherein the second processor is further configured to: perform type determination on data from the connected at least one external device and/or the at least one communication module, and according to the determination result It is determined that the received data is processed by itself or transmitted to the first processor.

The terminal according to claim 17, further comprising:

Restricting external devices, only connected to the first processor;

Non-restricted external device, only connected to the second processor;

The first processor receives data from the restricted external device, and determines to process the received data by itself or transmits the data to the second processing according to a result of performing type determination on the received data. Device

The second processor receives data from the non-restricted external device, and determines to process the received data by itself or transmit the data to the first processor according to a result of performing type determination on the received data. .

The terminal according to any one of claims 15 to 18, wherein the first processor is configured to process private data in the terminal, and the second processor is configured to process the terminal in the terminal. Non-private data.

The terminal according to claim 19, wherein the private data is data corresponding to a protected application, and the non-private data is data corresponding to an unprotected application.

21. A terminal, comprising:

a first processor and a second processor, configured to separately process different types of data in the terminal; a communication module, configured to perform type determination on the received data from the external communication device, and determine As a result, it is determined that the data is transmitted to the first processor or the second processor.

The terminal according to claim 21, wherein the communication module is further configured to: directly transmit data when there is a path between the first processor or the second processor To the first processor or the second processor;

The terminal according to claim 21 or 22, wherein the first processor is configured to process private data in the terminal, and the second processor is configured to process non-private data in the terminal.

The terminal according to claim 23, wherein the communication module is further configured to: determine that data from the external communication device corresponds to a protected application or an unprotected application, wherein the determining corresponds to the The data of the protected application is private data, and the data corresponding to the unprotected application is non-private data.