WO2020248088A1 - Procédé d'accès sécurisé et dispositif électronique - Google Patents

Procédé d'accès sécurisé et dispositif électronique Download PDF

Info

Publication number
WO2020248088A1
WO2020248088A1 PCT/CN2019/090478 CN2019090478W WO2020248088A1 WO 2020248088 A1 WO2020248088 A1 WO 2020248088A1 CN 2019090478 W CN2019090478 W CN 2019090478W WO 2020248088 A1 WO2020248088 A1 WO 2020248088A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
identifier
module
memory block
hardware module
Prior art date
Application number
PCT/CN2019/090478
Other languages
English (en)
Chinese (zh)
Inventor
查克拉博蒂·齐元吉
方中华
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2019/090478 priority Critical patent/WO2020248088A1/fr
Priority to CN201980097157.1A priority patent/CN113906398A/zh
Publication of WO2020248088A1 publication Critical patent/WO2020248088A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • This application relates to the field of multimedia technology, in particular to a secure access method and electronic equipment.
  • the media path is the transmission path of the media stream.
  • a media path is composed of at least one hardware module and at least one memory (buffer), and each hardware module in the at least one hardware module can access any memory in the at least one memory.
  • a secure media path is a transmission path for transmitting media streams with security requirements.
  • media streams with security requirements are referred to as secure media streams.
  • applications in a non-secure environment generally do not have access rights to the memory in the SMP. This application refers to the memory in the SMP as a secure memory block.
  • This application provides a secure access method and electronic equipment to solve the problem of poor security of existing SMPs.
  • this application provides a secure access method, which includes: determining a target hardware module and a target memory block according to a detection request; determining whether the target hardware module and the target memory block belong to the same media path; When the hardware module and the target memory block belong to the same media path, determine whether the target hardware module has access rights to the target memory block; when the target hardware module has access rights to the target memory block, call the target hardware module to access The target memory block.
  • this application is executed on the TEE side.
  • the electronic device in this application first detects whether the hardware module and the memory block to be accessed by the hardware module belong to the same SMP, thereby preventing the hardware module of the first SMP from accessing the security of the second SMP RAM.
  • the electronic device further detects whether the hardware module has access rights to the memory block.
  • the hardware module accesses the memory block in accordance with the access authority, so as to prevent the hardware module without the access authority from accessing the data in the secure memory to cause the leakage of the secure media stream.
  • the electronic device first detects whether the hardware module and the memory block belong to the same media channel, and when they belong to the same media channel, it then detects whether the hardware module has access rights to the memory block.
  • the hardware Modules can only access memory blocks that belong to the same secure media channel and have access rights, to avoid the leakage of secure media streams from the secure memory blocks caused by cross access of different secure media channels or hardware modules accessing memory blocks without access rights , Improve the security of SMP access to memory.
  • determining whether the target hardware module and the target memory block belong to the same media path includes: obtaining the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first A path identifier indicates the media path corresponding to the target hardware module, the second path identifier indicates the media path corresponding to the target memory block; detecting whether the first path identifier and the second path identifier are the same; in the first path identifier and When the second path identifiers are the same, it is determined that the target hardware module and the target memory block belong to the same media path.
  • each SMP in this application is represented by a unique path identifier.
  • the electronic device can accurately detect whether the target hardware module and the target memory block belong to the same SMP based on the path identifier.
  • determining whether the target hardware module and the target memory block belong to the same media path includes: obtaining the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first A path identifier indicates the media path corresponding to the target hardware module, the second path identifier indicates the media path corresponding to the target memory block; it is detected whether the first path identifier and the second path identifier are the same as the target path identifier, the target path The identifier is used to indicate the target media path; when the first path identifier is the same as the target path identifier, determine that the target hardware module belongs to the target media path; and when the second path identifier is the same as the path identifier, determine the target The memory block belongs to the target media channel.
  • the electronic device can determine whether the target hardware module and the target memory block belong to the target media channel.
  • the target media channel can call the target hardware module.
  • the target memory block is a memory block that the target media channel can access, so as to prevent the target media channel from calling a hardware module that does not belong to the target media channel or accessing a memory block that does not belong to the target media channel.
  • the target media path can be any SMP among the created SMPs.
  • the acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically includes: acquiring the module identity identifier of the target hardware module, and in the first correspondence relationship Determine the first path identifier corresponding to the module identity; obtain the memory identity identifier of the target memory block, and determine the second path identifier corresponding to the memory identity in the first correspondence; wherein, the first A corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier.
  • a path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block. At least one hardware module corresponds to the same path identifier.
  • the first corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier.
  • One path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block.
  • the same path identifier corresponds to at least One hardware module and at least one memory block belong to the media channel indicated by the channel identifier.
  • the acquiring the first path identifier of the target hardware module and the second path identifier of the target memory block specifically includes: acquiring the module identity of the target hardware module, and in accordance with the module identity
  • the first corresponding relationship determines the first path identifier corresponding to the module identity, and the first corresponding relationship includes the corresponding relationship between the path identifier and the module identity.
  • One path identifier corresponds to the module identity of at least one hardware module.
  • At least one hardware module corresponding to the path identifier belongs to the media path indicated by the same path identifier; acquires the target address to be accessed, where the target address indicates the target memory block, and determines the target memory block in the second correspondence relationship according to the target address
  • the second correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.
  • determining whether the target hardware module has access rights to the target memory block includes: obtaining the module identity of the target hardware module and the memory identity of the target memory block; detecting the third correspondence relationship Whether there is an access authority identifier corresponding to the module identity identifier and the memory identifier, the third correspondence relationship includes the corresponding relationship between the module identity identifier, the memory identity identifier, and the access authority identifier; in the third correspondence relationship is set with When the module identity identifier and the access authority identifier corresponding to the memory identity identifier, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • the access permission of the target hardware module to the target memory block is detected, so as to avoid the hardware module that has no access permission to the media stream in the target memory block from accessing the target memory block
  • the media stream can improve the security of SMP.
  • the target hardware module corresponds to the target input-output memory management unit IOMMU
  • the target IOMMU includes an identification register
  • the identification register includes at least one memory identity identifier with access rights
  • the target hardware module is determined Whether the target memory block has access authority includes: obtaining the memory identity of the target memory block; determining whether the at least one memory identity with access authority includes the memory identity; when the at least one memory identity with access authority When the memory identity is included in the identity, it is determined that the target hardware module has the access authority indicated by the access authority to the target memory block.
  • the access authority includes a read operation authority and a write operation authority
  • the identification register includes a read identification register and a write identification register
  • the read identification register includes at least one memory identification identifier with read operation authority.
  • the write identification register includes at least one memory identification with write operation authority.
  • determining whether the target hardware module has access rights to the target memory block includes: determining whether the at least one memory identity with read operation permission includes the memory identity; when the at least one has When the memory identity of the read operation permission includes the memory identity, it is determined that the target hardware module has read operation permission for the target memory block; or, it is determined whether the memory identity is included in the at least one memory identity with the write operation permission Identification; when the at least one memory identity with write operation authority includes the memory identity, it is determined that the target hardware module has write operation authority for the target memory block.
  • the method before determining the target hardware module and the target memory block according to the detection request, the method further includes: obtaining a request to create a media path; generating a path identifier of the media path; configuring at least one hardware module and at least one memory block , Obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one memory block form the media path; according to the path identifier, the module of the at least one hardware module The identity identifier and the memory identity identifier of the at least one memory block establish the first correspondence relationship.
  • the corresponding relationship between the path identifier of the SMP and the hardware module and secure memory block belonging to the SMP is established, and each hardware module in the SMP is bound to the secure memory related to the hardware module Piece.
  • each hardware module in the SMP is bound to the secure memory related to the hardware module Piece.
  • the method further includes: obtaining from the third correspondence relationship at least one memory identity that the target hardware module has access rights; At least one memory identity of the authority is set in the identity register of the target IOMMU.
  • the access authority of the target hardware module to the target memory block is set, so that the access authority of the target hardware module to the target memory block can be configured at the hardware level, and the security of the SMP is improved.
  • the target memory block after configuring at least one hardware module and at least one memory block, it further includes: mapping the virtual address of each memory block in the at least one memory block, the memory identity identifier of the memory block, and the channel identifier Store to obtain the second correspondence.
  • mapping the virtual address of each memory block in the at least one memory block, the memory identity identifier of the memory block, and the channel identifier Store to obtain the second correspondence.
  • this application provides an electronic device that includes a processor, a target hardware module, and a target memory block, where the processor is configured to determine the target hardware module and the target memory block according to a detection request; The processor is also used to determine whether the target hardware module and the target memory block belong to the same media path; the processor is also used to determine whether the target hardware module and the target memory block belong to the same media path Whether the target hardware module has access authority to the target memory block; the target hardware module is used to access the target memory block when the target hardware module has access authority to the target memory block.
  • the electronic device may be a processor chip.
  • the processor in the electronic device is a processor core or a central processing unit in the processor chip.
  • the processor is further configured to obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module , The second path identifier indicates the media path corresponding to the target memory block; the processor is also used to detect whether the first path identifier and the second path identifier are the same; the processor is also used to When the identifier is the same as the second path identifier, it is determined that the target hardware module and the target memory block belong to the same media path.
  • the processor is further configured to obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module ,
  • the second path identifier indicates the media path corresponding to the target memory block;
  • the processor is also used to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate the target Media path;
  • the processor is also used for determining that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier;
  • the processor is also used for determining that the second path identifier is the same as the target path identifier When the path identifiers are the same, it is determined that the target memory block belongs to the target media path.
  • the processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence; the processor, It is also used to obtain the memory identity identifier of the target memory block, and determine the second path identifier corresponding to the memory identifier in the first correspondence relationship; wherein, the first correspondence relationship includes the path identifier and the module identity identifier and Correspondence of the memory identity identifier, a path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and at least one hardware module and at least one memory block corresponding to the same path identifier belong to the same path Identifies the indicated media path.
  • the processor is further configured to obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence according to the module identity
  • the first correspondence relationship includes the correspondence relationship between the path identifier and the module identity identifier, one path identifier corresponds to the module identifier of at least one hardware module, and at least one hardware module corresponding to the same path identifier belongs to the media path indicated by the same path identifier
  • the processor is also used to obtain the target address to be accessed, the target address indicates the target memory block, and the second path identifier corresponding to the target memory block is determined in the second correspondence according to the target address, and the second The correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.
  • the processor is also used to obtain the module identity of the target hardware module and the memory identity of the target memory block; the processor is also used to detect whether the third correspondence is set The access authority identifier corresponding to the module identity identifier and the memory identity identifier, and the third correspondence relationship includes the corresponding relationship between the module identity identifier, the memory identity identifier, and the access authority identifier; the processor is also used for setting the third correspondence relationship When the access authority identifier corresponding to the module identity identifier and the memory identifier is set in the module, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • the electronic device further includes a target input-output memory management unit IOMMU, the target IOMMU corresponds to the target hardware module, the target IOMMU includes an identification register, and the identification register includes at least one access authority Memory identity, where the target IOMMU is used to obtain the memory identity of the target memory block, and to determine whether the at least one memory identity with access rights includes the memory identity; the target IOMMU is also used to When the at least one memory identity identifier with access authority includes the memory identity identifier, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • IOMMU target input-output memory management unit
  • the access authority includes a read operation authority and a write operation authority
  • the identification register includes a read identification register and a write identification register
  • the read identification register includes at least one memory identification identifier with read operation authority
  • the write identification register includes at least one memory identification with write operation authority.
  • the target IOMMU is also used to determine whether the at least one memory identity with read operation permission includes the memory identity, and the at least one memory identity with read operation permission includes When the memory identity is identified, it is determined that the target hardware module has the read operation permission for the target memory block; the target IOMMU is also used to determine whether the memory identity is present in the at least one memory identity with write operation permission, and When the at least one memory identity with read operation permission includes the memory identity, it is determined that the target hardware module has write operation permission on the target memory block.
  • the processor is also used to obtain a request to create a media path; the processor is also used to generate a path identifier of the media path; the processor is also used to configure at least one hardware module and At least one memory block, the module identity of the at least one hardware module and the memory identity of the at least one memory block are obtained, the at least one hardware module and the at least one memory block form the media path; the processor is also used for The path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block establish the first correspondence relationship.
  • the processor is further configured to obtain at least one memory identity that the target hardware module has access permission from the third correspondence; the processor is further configured to At least one memory identity is configured in the identity register of the target IOMMU.
  • the technical effects produced by the second aspect and the implementation manners of the second aspect are the same as the technical effects produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
  • the present application also provides a device, the device includes: a determining module for determining a target hardware module and a target memory block according to a detection request; a determining module for determining whether the target hardware module and the target memory block are Belong to the same media path; the determining module is also used to determine whether the target hardware module has access rights to the target memory block when the target hardware module and the target memory block belong to the same media path; the calling module is used to When the target hardware module has access authority to the target memory block, the target hardware module is called to access the target memory block.
  • the device further includes an acquisition module and a detection module.
  • the acquisition module is configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first The path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the media path corresponding to the target memory block;
  • the detection module is used to detect whether the first path identifier and the second path identifier are the same; the determination The module is also used to determine that the target hardware module and the target memory block belong to the same media path when the first path identifier and the second path identifier are the same.
  • the acquiring module is further configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module ,
  • the second path identifier indicates the media path corresponding to the target memory block;
  • the detection module is also used to detect whether the first path identifier and the second path identifier are the same as the target path identifier, and the target path identifier is used to indicate the target Media path;
  • the determining module is also used to determine that the target hardware module belongs to the target media path when the first path identifier is the same as the target path identifier;
  • the determining module is also used to determine whether the second path identifier is the same as the target media path When the path identifiers are the same, it is determined that the target memory block belongs to the target media path.
  • the acquisition module is further configured to acquire the module identity of the target hardware module, and determine the first path identifier corresponding to the module identity in the first correspondence; the acquisition module, It is also used to obtain the memory identity of the target memory block, and determine the second path identity corresponding to the memory identity in the first corresponding relationship; wherein, the first corresponding relationship includes the path identity and the module identity and Correspondence of the memory identity identifier, a path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block, and at least one hardware module and at least one memory block corresponding to the same path identifier belong to the same path Identifies the indicated media path.
  • the acquisition module is further configured to acquire the module identity of the target hardware module, and determine the first path identifier corresponding to the module identity in the first correspondence according to the module identity
  • the first correspondence relationship includes the correspondence relationship between the path identifier and the module identity identifier, one path identifier corresponds to the module identifier of at least one hardware module, and at least one hardware module corresponding to the same path identifier belongs to the media path indicated by the same path identifier
  • the acquisition module is also used to acquire the target address to be accessed, the target address indicates the target memory block, and the second path identifier corresponding to the target memory block is determined in the second correspondence according to the target address, and the second The correspondence relationship includes the correspondence relationship between the address of the memory block and the channel identifier of the media channel to which the memory block belongs.
  • the acquisition module is also used to acquire the module identity of the target hardware module and the memory identity of the target memory block; the detection module is also used to detect whether the third correspondence is set The access authority identifier corresponding to the module identity and the memory identity, the third correspondence includes the correspondence between the module identity, the memory identity, and the access authority identifier; the determining module is also used in the third correspondence When the access authority identifier corresponding to the module identity identifier and the memory identifier is set in the module, it is determined that the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • the device further includes a generation module, a configuration module, and an establishment module, wherein the acquisition module is also used to acquire a request to create a media path; the generation module is also used to generate a path of the media path Identification; the configuration module is also used to configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one The memory block forms the media path; the establishing module is further configured to establish the first correspondence relationship according to the path identifier, the module identity identifier of the at least one hardware module, and the memory identity identifier of the at least one memory block.
  • the obtaining module is also used to obtain at least one memory identity that the target hardware module has access permission from the third correspondence; the configuration module is also used to obtain the access permission At least one memory identity is configured in the identity register of the target IOMMU, where the target IOMMU corresponds to the target hardware module.
  • the technical effects produced by the third aspect and the implementation manners of the third aspect are the same as those produced by the implementation manners of the first aspect and the first aspect, and will not be repeated here.
  • this application provides a computer-readable storage medium with instructions stored in the computer-readable storage medium, which when run on a computer or processor, cause the computer or processor to execute the first aspect or the first aspect. In terms of any possible design method.
  • this application provides a computer program product containing instructions that, when the instructions run on a computer or processor, cause the computer or processor to perform any possible design as in the first aspect or any possible design in the first aspect.
  • the electronic device before the hardware module accesses the memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP. If the hardware module and the corresponding secure memory block belong to the same SMP, the electronic device further detects the hardware Whether the module has the authority to access the secure memory block, if the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block; otherwise, the hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.
  • FIG. 1A is a system architecture diagram of a typical electronic device provided by this application.
  • FIG. 1B is a schematic diagram of the first exemplary application scenario of SMP provided in this application.
  • FIG. 1C is a schematic diagram of a second exemplary application scenario of SMP provided in this application.
  • FIG. 2 is a schematic diagram of the system architecture of an exemplary application environment of the electronic device 10 provided by the present application;
  • FIG. 3 is an exemplary method flowchart of the secure access method 100 provided by the present application.
  • Fig. 4 is an exemplary schematic diagram of a bitmap in the identification register provided by the present application.
  • FIG. 5 is a schematic diagram of an exemplary structure of an electronic device 20 provided in the present application.
  • FIG. 6A is an exemplary signaling interaction diagram of the SMP creation method 200 provided by this application.
  • FIG. 6B is an exemplary signaling interaction diagram of the secure media stream transmission method 300 provided by the present application.
  • FIG. 7A is a schematic diagram of an exemplary structure of an electronic device 70 provided in the present application.
  • FIG. 7B is a schematic diagram of an exemplary structure of an electronic device 71 provided by the present application.
  • FIG. 7C is a schematic diagram of an exemplary scenario for detecting access permissions provided in FIG. 7B based on the present application.
  • This application can be applied to electronic devices supporting audio and video input/output, such as smart phones, smart set-top boxes, smart TVs, surveillance, computers, tablet computers, etc.
  • Figure 1A shows the system architecture of a typical electronic device.
  • the system architecture includes: application layer, driver layer, operating system layer, hardware module and storage module.
  • the application layer is used to run application software, such as Tencent, Youku, etc.
  • the driver layer includes a driver program written for each hardware module, and the driver program is used to drive the corresponding hardware module to access the memory block.
  • the operating system layer is responsible for memory management, stack management, task scheduling management, etc. When the application software of the application layer is running, it can apply to the operating system layer to allocate a memory block and obtain the virtual address of the allocated memory block.
  • the allocated memory block is used to store data during the running of the application software, such as the following various media stream data.
  • the driver layer can drive the hardware module to access the corresponding memory block according to the virtual address of the memory block.
  • the media stream transmitted during the running of the application software may also be referred to as a media data stream, including different forms of media data streams such as transport stream (TS) and elementary stream (ES).
  • Media streams include audio streams and/or video streams.
  • the application software Before the application software transmits the media stream, it can create a media path according to the intention of the application software and the processing process of the media stream.
  • the media path is the path through which the application software processes the media stream on the electronic device.
  • the processing process includes but is not limited to Play, record, transcode, and forward, etc.
  • the media path may include, for example, a recording path, a playback path, and a transcoding path.
  • the media path includes the resources used for audio and video processing, such as a series of hardware modules and memory.
  • application software may apply to the operating system layer to occupy hardware module 1, hardware module 2 and hardware module 3, and apply to the operating system layer to allocate memory block 1 and memory block 2.
  • Hardware module 1, hardware module 2, and hardware module 3, as well as memory block 1 and memory block 2, for example, can form a media channel, and the transmission process of the media stream on the media channel is, for example: hardware module 1 to memory block 1, memory block 1 to hardware module 2, hardware module 2 to memory block 2, and memory block 2 to hardware module 3.
  • the driver layer receives instructions from the application software, and then drives the corresponding hardware modules in the media path to perform access operations on the corresponding memory blocks.
  • the electronic device shown in FIG. 1A may, for example, support a trusted execution environment (TEE) and a rich execution environment (REE).
  • TEE corresponds to REE.
  • TEE is used to provide a protected execution environment for protected application software
  • REE is used to provide an execution environment for unprotected application software.
  • the memory (buffer) between TEE and REE is isolated, that is, the application software in REE is not allowed to access the memory in TEE.
  • the media paths involved in this application may include ordinary media paths, or may also be referred to as non-secure media paths and secure media paths (SMP).
  • Ordinary media channels are media channels under REE, which are used to transmit unprotected media streams.
  • SMP is a media channel under TEE, used to transmit media streams that have certain security requirements, for example, media streams that require watermarking, encryption, prohibition of transcoding, and mechanism recording.
  • Security requirements can be defined as media content usage rules (content usage rules), for example.
  • the hardware modules and memory blocks in SMP should process and transmit related media streams in accordance with media content usage rules.
  • the driver layer in Figure 1A can include REE drivers and TEE drivers. TEE drivers are used to drive hardware modules in SMP to access memory blocks in SMP, and REE drivers are used to drive hardware modules in ordinary media channels to access ordinary media channels. The memory block in.
  • each hardware module shown in FIG. 1A can provide multiple processing channels, where each processing channel can be used in one media channel and process the media stream data of the media channel.
  • a hardware module includes 32 processing channels, then the hardware module can be used in 32 media channels at the same time, and each of the processing channels processes media stream data in one of the 32 media channels.
  • the 32 media channels can include ordinary media channels and SMP. That is, in some embodiments, the TEE and the REE can share the same hardware module. Furthermore, in this scenario, the same hardware module can perform operations in response to instructions from the TEE driver, or perform operations in response to instructions from the REE driver.
  • FIG. 1B For example, two SMPs are running simultaneously under TEE, and media stream 1 transmitted by SMP1 has output protection requirements. For example, media stream 1 output by SMP1 needs to be watermarked, and media stream 2 transmitted by SMP2, for example Does not have output protection requirements.
  • Both secure memory block 1 and hardware module 1 belong to SMP1, and secure memory block 2 belongs to SMP2.
  • one processing channel of the hardware module 1 is used for SMP1, for example, and the other processing channel is used for common media channels, for example, then the hardware module 1 can receive the drive instructions of the TEE driver and the drive instructions of the REE drive.
  • the REE drive controls the hardware module 1 to access the secure memory block 2, then the hardware module 1 will store the media stream 1 with output protection requirements in the secure memory block 2, causing the output protection of the media stream 1 to fail.
  • the graphics processing unit (GPU) module can access the secure memory block and has a copy function, and the GPU module is driven by the REE driver. Therefore, as shown in Figure 1C, even if the GPU module is not used in any media path, the REE driver can control the GPU module to access the secure memory block in SMP3 and copy (copy) the media stream data in the secure memory block.
  • PVR personal video recorder
  • this application provides a secure access method and electronic device.
  • the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP. If the memory block belongs to the same SMP, the electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block. Otherwise, the The hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.
  • FIG. 2 illustrates a schematic diagram of a system architecture of an exemplary application environment of the electronic device 10.
  • the electronic device 10 supports TEE.
  • the REE system architecture includes the REE software application layer, the REE software interface adaptation layer, the REE software driver layer, the REE software operating system layer, the REE hardware module, and the REE input and output memory management unit corresponding to the REE hardware module (input output memory management unit, IOMMU) module and REE storage module.
  • the software application in the REE software application layer can control the REE hardware module through the REE software interface adaptation layer, the REE software driver layer and the REE software operating system layer, and access the memory blocks in the REE storage module.
  • the REE software operating system layer, the REE software driver layer, the REE software interface adaptation layer, and the REE software application layer are implemented by software codes. Illustratively, these software codes can be stored in the memory and run. On the processor.
  • the REE software application layer is used to provide the operating environment of the REE software application, and is also used to apply to the REE software operating system layer to allocate the REE hardware module and REE memory block when the REE software application is running, and store the virtual address of the REE memory block.
  • the REE software interface adaptation layer is used to match the driver in the REE software driver layer according to the virtual address accessed by the REE software application layer.
  • the REE software driver layer includes a driver program written for each hardware module, and the driver program drives the corresponding hardware module to access the corresponding REE memory block according to the virtual address.
  • the REE software operating system layer is used to perform REE hardware module resource management, as well as stack management and task scheduling.
  • the REE software operating system layer for example, can configure the REE hardware module 12 to create a common media channel in response to instructions from the REE software application layer.
  • the REE software operating system layer is also used to maintain one or more computer programs and data. When the one or more computer programs are running, they can implement the functions of each software layer on the REE side.
  • the data is used to provide support for the operation of the one or more computer programs.
  • the REE IOMMU module corresponds to the REE hardware module one to one.
  • the REE IOMMU module is used to convert the virtual address of the memory block into the physical address of the corresponding memory block, and further, perform unsafe access to the memory block indicated by the corresponding physical address.
  • the REE storage module may include, but is not limited to, double data rate (DDR) memory, flash memory (Flash), static random access memory (SRAM), etc., which are not limited in this application.
  • DDR double data rate
  • flash flash memory
  • SRAM static random access memory
  • the REE storage module includes multiple memory blocks, and each memory block has a different physical address.
  • the TEE system architecture includes TEE software application layer, TEE software interface adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module, TEE IOMMU module corresponding to TEE hardware module, and TEE storage module.
  • the TEE software operating system layer, the TEE software driver layer, the TEE software interface adaptation layer, and the TEE software application layer are implemented by software codes.
  • these software codes can be stored in the memory and run on the processor. on.
  • the software application in the TEE software application layer can control the TEE hardware module through the TEE software interface adaptation layer, the TEE software driver layer, and the TEE software operating system layer, and access the memory block in the TEE storage module. It should be understood that the basic interaction process between the software layers is similar to the REE side, and will not be detailed here.
  • the TEE system architecture also includes a session management module, a memory management module, and a policy management module, where the session management module, the memory management module, and the policy management module are implemented by software code and run on the processor .
  • the session management module, the memory management module, and the policy management module run on the TEE software driver layer, for example. In other embodiments, the session management module, the memory management module, and the policy management module run on the TEE software operating system layer, for example. In some other embodiments, some modules of the session management module, the memory management module, and the policy management module run on the TEE software driver layer, and other modules run on the TEE software operating system layer.
  • the strategy management module is used to maintain the strategy table referred to below in this manual, that is, the third corresponding relationship referred to below.
  • the session management module is used to correspondingly store the channel identifier of the SMP and the TEE hardware module information and secure memory block information belonging to the SMP to obtain the first correspondence involved in the following.
  • the memory management module is used to maintain the physical address and virtual address mapping table of each memory block in the TEE storage module, and then, in the process of configuring the secure memory block in the TEE system architecture, the memory management module is also used to configure the secure memory block Memory identification (tag), then, the memory identification of the secure memory block, the path identifier of the SMP to which the corresponding secure memory block belongs, and the corresponding relationship between the virtual address and physical address of the corresponding secure memory block form a mapping relationship to obtain the The mapping table corresponding to the secure memory block, that is, the second correspondence involved in the following.
  • the session management module may also be used to detect the hardware module and the secure memory block according to the above series of correspondences to determine whether the corresponding hardware module has access rights to the secure memory block.
  • the memory management module is also used to set the identification register in the IOMMU module according to the memory identity identification of the secure memory block to set the access authority of the hardware module to the secure memory block.
  • setting the identification registers summarized by the IOMMU module can be specifically completed by the memory management module.
  • the TEE IOMMU module corresponds to the TEE hardware module one to one.
  • the TEE IOMMU module includes an identification register, and the identification in the identification register is used to authenticate the TEE hardware module's access authority to the memory block. For example, when the TEE IOMMU module contains the first memory identity, the TEE hardware module can access the memory block indicated by the first memory identity. Similarly, when the TEE IOMMU module does not contain the memory identity, the TEE hardware module cannot access the second The memory block indicated by the memory identifier.
  • the specific implementation form of the identification register is described in the following embodiments.
  • the TEE storage module may include multiple secure memory blocks, and each secure memory block can be identified by a physical address.
  • the TEE software driver layer may set the memory identity of the memory block according to the instruction of the software application in the TEE software application layer and the third correspondence.
  • the processor running each software layer of REE and the processor running each software layer of TEE may be physically the same processor.
  • the processor implements the functions of each software layer of the REE.
  • the processor runs in the TEE mode, the processor implements the functions of each software layer of the TEE.
  • the processor may be, for example, a system-level chip control logic unit, a microprocessor, a microcontroller (micro-controller unit, MCU), a central processing unit (CPU), a digital signal processing (digital signal processing, DSP) ), graphics processing unit (GPU), field programmable gate array (FPGA), application specific integrated circuit (ASIC), etc., which are not limited in this application.
  • the REE hardware module and the TEE hardware module shown in FIG. 2 may include, for example, a demux module (demux), a hardware decryption module, a hardware encryption module, a hardware decoding module (decoder), a video decoding module (VDEC), and hardware Communication module, hardware graphics processing module (video processor, VPSS), hardware display module (video display, VDP), analog to digital converter (analog to digital converter, ADC), digital to analog converter (digital to analog converter, DAC),
  • the communication interface, radio frequency unit, microelectronic mechanical module, etc. are not limited in this application.
  • both the hardware decryption module and the hardware encryption module include a cipher.
  • the REE hardware module and the TEE hardware module can be implemented by two processing channels in the same hardware module.
  • Both the REE storage module and the TEE storage module may include but are not limited to DDR memory, flash memory (Flash), SRAM, etc., which are not limited in this application.
  • the REE memory module and the TEE memory module are isolated from each other, so that ordinary memory blocks and secure memory blocks are isolated from each other.
  • the physical address (physical address) described in the embodiment shown in FIG. 2 can be: storing information in a byte as a unit in the storage module. In order to correctly store or obtain information, each byte unit has a unique memory block address.
  • the physical address can also be called the actual address or the absolute address.
  • the physical address can be addressed in the storage module through the address bus, and is the address where the data is actually stored.
  • the virtual address described in the embodiment illustrated in FIG. 2 may be a logical address used by application software to access the memory block. Virtual addresses do not actually store data, but need to be mapped to actual physical addresses to obtain data.
  • the mapping relationship between the virtual address and the physical address may be stored in a memory management unit (MMU), for example, and the MMU implements the translation of the virtual address into a physical address. Virtual addresses between different application software are mapped to different physical addresses to achieve memory isolation.
  • MMU memory management unit
  • access involved in this application includes read operation and write operation
  • access authority includes read operation authority and write operation authority
  • the software and hardware of the REE system architecture and the software and hardware of the TEE system architecture illustrated in FIG. 2 may be located in the same system on chip (SOC).
  • the REE software application layer, the REE software interface adaptation layer, the REE software driver layer, the REE software operating system layer, the REE hardware module, the REE IOMMU module, and the TEE software application layer and TEE software interface shown in FIG. 2 The adaptation layer, TEE software driver layer, TEE software operating system layer, TEE hardware module, and TEE IOMMU module are located in the same SOC, and the REE storage module and TEE storage module can be independent of the SOC.
  • FIG. 2 is only a schematic description, and does not constitute a specific limitation on the electronic device 10.
  • the electronic device 10 may include more or fewer components than those shown in the figure, or combine certain components, or split certain components, or arrange different components.
  • the illustrated components can be implemented in hardware, software, or a combination of software and hardware.
  • the secure access method described in this application is implemented in the TEE. Accordingly, the secure access method described in this application is executed by at least one of the software, hardware, and combination of software and hardware on the TEE side of the electronic device 10 .
  • the method 100 includes the following steps:
  • Step S101 Determine the target hardware module and the target memory block according to the detection request.
  • the detection request is used to trigger the electronic device 10 to detect whether the target hardware module and the target memory block have the permission to be accessed, and whether the target hardware module has the access permission to the target memory block.
  • the detection request is generated by the TEE software driver layer.
  • the TEE software driver layer may receive an instruction from the TEE software application layer to call the target hardware module to access the target memory block. Then, the TEE software driver layer may generate the detection request and send the request to the session management module. Test request.
  • the detection request is generated by the target hardware module.
  • the target hardware module may receive an instruction to access the target memory block from the REE driver module, and then the target hardware module generates the detection request, and sends the detection request to the session management module.
  • the detection request may include the module identity of the target hardware module and the memory identity of the target memory block.
  • the module identification may include the module identification of the target hardware module.
  • the module identity identifier may further include the module identifier of the target hardware module and the processing channel identifier of the target hardware module, and the processing channel identifier indicates the channel occupied by the target hardware module.
  • the memory identity identifier may be set when the memory management module configures the target memory block.
  • the implementation form of the module identity and the memory identity are, for example, handles.
  • a handle can be described as an identifier that is used to identify an object or item.
  • the object or item can be, for example, a module, task, instance, block of memory, control ( control) resources (resource), etc.
  • the detection request may include the handle of the target hardware module and the handle of the target memory block.
  • the handle of the target memory block may include the memory identity identifier of the target memory block and the address of the target memory block, and the address may be, for example, the virtual address of the target memory block.
  • Step S102 Determine whether the target hardware module and the target memory block belong to the same media path.
  • step S103 is executed.
  • the media path in this embodiment refers to SMP
  • the SMP is created by application software.
  • the created SMP may include at least one SMP.
  • each SMP in the at least one SMP corresponds to a path identifier
  • each path identifier is unique
  • each path identifier indicates a corresponding SMP.
  • the path identifier can be described as SID (session identify), for example.
  • the session management module can obtain the first path identifier of the target hardware module and the second path identifier of the target memory block, the first path identifier indicates the media path corresponding to the target hardware module, and the second path identifier indicates the media corresponding to the target memory block. path. Then, the session management module can determine whether the first path identifier and the second path identifier are the same. If the first path identifier and the second path identifier are the same, determine that the target hardware module and the target memory block belong to the same media path; if the first path identifier Different from the second path identifier, it is determined that the target hardware module and the target memory block do not belong to the same media path.
  • step S102 is only an implementation example of step S102 in a conventional scenario. In other implementation scenarios, this application can implement step S102 in other ways.
  • the session management module can determine whether the target hardware module and the target memory block belong to the target media channel.
  • the target media path may be any SMP in the created SMP, and the path identifier of the target media path may be described as the target path identifier.
  • the session management module may obtain the first path identifier of the target hardware module and the second path identifier of the target memory block.
  • the first path identifier indicates the media path corresponding to the target hardware module
  • the second path identifier indicates the media corresponding to the target memory block. path.
  • the session management module can detect whether the first path identifier and the second path identifier are the same as the target path identifier. If the first path identifier is the same as the target path identifier, and the second path identifier is the same as the target path identifier, determine the target hardware module and The target memory block belongs to the target media channel.
  • the target media path needs to access the data stream in the memory block by calling the hardware module to achieve the processing task, it is first necessary to determine whether the target hardware module and the target memory block belong to the target media path. If both the target hardware module and the target memory block belong The target media channel can further determine whether the target hardware module has access rights to the target memory block; otherwise, it means that the current access request is illegal. For example, the access request may be cross-media channel access, or the target media channel is not allowed The target hardware module is called, or the target memory block cannot be accessed.
  • the electronic device 10 may, for example, adopt the following at least two optional implementation manners to execute "obtain the first path identifier of the target hardware module and the second path identifier of the target memory block".
  • the session management module may obtain the module identity of the target hardware module, and then determine the first path identity corresponding to the module identity in the first correspondence.
  • the session management module can obtain the memory identity of the target memory block, and determine the second path identity corresponding to the memory identity in the first correspondence.
  • the module identity identifier includes, for example, the module identifier of the target hardware module and the processing channel identifier of the target hardware module.
  • the first corresponding relationship includes the corresponding relationship between the path identifier and the module identifier and the memory identifier.
  • One path identifier corresponds to the module identifier of at least one hardware module and the memory identifier of at least one memory block.
  • the same path identifier corresponds to at least One hardware module and at least one memory block belong to the media channel indicated by the channel identifier. It can be understood that all the path identifiers in the first correspondence relationship indicate SMP.
  • the first corresponding relationship may be established when the electronic device 10 creates the SMP. For the embodiments of creating the SMP, please refer to the following description of this specification.
  • the first correspondence may be as shown in Table 1.
  • the "passage 01” and “passage 02” in Table 1 are both the pass mark.
  • “(Module A, processing channel 01)” is the module identity of hardware module 01, where “module A” is the module identifier of hardware module 01, and “processing channel 01” is the identifier of the processing channel occupied by hardware module 01. The meanings of other module identities in Table 1 are similar, and will not be repeated here.
  • “(Virtual address 01, first identifier)” is the handle of memory block 01, where "virtual address 01” is the virtual address of memory block 01, and “first identifier” is the memory identity identifier of memory block 01. The meanings of other memory handles in Table 1 are similar, and will not be repeated here.
  • the hardware module 01 indicated by “(module A, processing channel 01)”, the hardware module 02 indicated by “(module B, processing channel 10)", and the hardware module indicated by “(module C, processing channel 32)” The hardware module 03, and the memory block 01 indicated by “(virtual address 01, first identifier)", and the memory block 02 indicated by “(virtual address 02, second identifier)” belong to the SMP indicated by the path identifier "path 01".
  • Block 05 belongs to the SMP indicated by the path identifier "path 02".
  • the handle of the target hardware module is, for example, (module A, processing channel 01), and the handle of the target memory block is, for example, (virtual address 02, second identification).
  • the target hardware module and the target memory block belong to the same media path, that is, the SMP indicated by "path 01".
  • the handle of the target hardware module is, for example, (module D, processing channel 15), and the handle of the target memory block is, for example, (virtual address 02, second identification).
  • the target hardware module belongs to the "path”
  • the target memory block belongs to the SMP indicated by "Path 01"
  • the target hardware module and the target memory block do not belong to the same media path.
  • Table 1 is only a schematic example, and should not constitute a limitation to the first correspondence described in this application. In other implementation manners, the implementation form of the first correspondence relationship and the expression manner of various identities are not limited to those shown in Table 1. No more details here.
  • the session management module may obtain the module identity of the target hardware module, and determine the first path identity corresponding to the module identity in the first correspondence. Furthermore, the session management module can obtain the target address to be accessed according to the memory identity of the target memory block, and then transmit the target address to the memory management module. The memory management module may determine the second path identifier corresponding to the target memory block in the second correspondence, and then the memory management module may transmit the second path identifier to the session management module.
  • the target address may be a virtual address of the target memory block, for example.
  • the second correspondence includes the correspondence between the address of the memory block and the channel identifier of the media channel to which the corresponding memory block belongs.
  • the information contained in the second correspondence is, for example, attribute information corresponding to a memory block, and the attribute information of the memory block may be implemented in the form of a mapping table.
  • the attribute information of the memory block may also include the memory type of the memory block.
  • the second correspondence may include the address of the memory block, the type of the memory block, and the channel identifier of the media channel to which the corresponding memory block belongs.
  • mapping table of a memory block is shown in Table 2.
  • Table 2 is the attribute information mapping table of memory block 01
  • virtual address 01 refers to the virtual address corresponding to memory block 01
  • physical address 01 refers to the physical address corresponding to memory block 01
  • path 01 refers to the media path to which memory block 01 belongs
  • the first identifier means that the memory identity identifier of the memory block 01 is set as the first identifier.
  • the memory management module may set the identification register in the IOMMU according to the first identification to set the access authority of the hardware module corresponding to the IOMMU to the memory block 01.
  • Table 2 is only a schematic example, and should not constitute a limitation to the second correspondence described in this application. In other implementation manners, the implementation form of the second correspondence relationship may be different from Table 2. No more details here.
  • the session management module needs to detect whether the target hardware module and the target memory block belong to the same SMP, so as to avoid the hardware module of the first SMP under TEE from accessing the second SMP.
  • the secure memory block can improve the security of SMP.
  • Step S103 When the target hardware module and the target memory block belong to the same media path, it is determined whether the target hardware module has access authority to the target memory block.
  • step S104 is executed.
  • the access authority of any hardware module to the memory block is set during the creation of the SMP, and will not be detailed here.
  • the step of determining whether the target hardware module has access authority to the target memory block may be performed by the session management module.
  • the session management module can obtain the module identity of the target hardware module and the memory identity of the target memory block.
  • the session management module layer can read the third correspondence from the memory area corresponding to the policy management module, and then the session management The module detects whether there is an access authority identifier corresponding to the module identity identifier and the memory identity identifier in the third correspondence relationship, if the third correspondence relationship is set with the access authority identifier corresponding to the module identity identifier and the memory identity identifier ,
  • the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • the module identity is, for example, the module identity of the target hardware module.
  • the third correspondence relationship is preset and stored in the memory area corresponding to the policy management module, and includes the correspondence relationship between the module identity identifier, the memory identity identifier, and the access authority identifier.
  • the third correspondence relationship may include a correspondence relationship between a module identifier, a memory identifier, and an access authority identifier. Exemplarily, the third correspondence is shown in Table 3.
  • Table 3 shows four types of memory identification identifiers.
  • Read identifier means that the hardware module indicated by the module identifier in Table 3 has read operation authority for the memory block of the type indicated in the column.
  • Write identifier refers to the table If the hardware module indicated by the module identification in this column has the write operation authority to the memory block of the indicated type in the column, the same applies,
  • read identification and write identification means that the hardware module indicated by the module identification in the column in Table 3
  • the memory blocks of the listed types have read operation permissions and write operation permissions.
  • the hardware module indicated by module A has read operation authority for the memory block indicated by the first identifier; the hardware module indicated by module B has read operation authority and write operation authority for the memory block indicated by the first identifier; the hardware module indicated by module A
  • the memory block indicated by the second identifier has the write operation permission, which will not be listed here in this application.
  • Table 3 is only a schematic example, and should not constitute a limitation to the third correspondence described in this application.
  • the third correspondence may also include more or fewer correspondences between memory identity identifiers, module identifiers, and access authority identifiers. No more details here.
  • each hardware module has a certain function, and different hardware modules can handle different types of media streams correspondingly.
  • the function of the demultiplexing module is to descramble the TS
  • the function of the hardware display module is to display the video corresponding to the video data.
  • the relevant technical personnel can set the type of memory block corresponding to the type of the stored media stream, and then, according to the operation authority of each hardware module to the corresponding type of media stream, set the access authority of the corresponding hardware module to the corresponding type of memory block .
  • relevant technicians may determine the identity of the memory block storing the TS as the first identity to identify, and the identity of the memory block storing the video data as the second identity.
  • the multiplex distribution module has read operation authority and write operation authority for the first identifier, and the multiplex distribution module does not have any access authority for the second identifier.
  • the hardware display module has read operation authority for the second identifier, but does not have any access authority for the first identifier.
  • the relevant technicians correspondingly store the module identification, the first identification, and the read identification and the write identification of the multiplexed module in the third correspondence relationship, and correspond to the module identification, the second identification and the read identification of the hardware display module Stored in the third correspondence. Therefore, if the access authority identifier corresponding to the module identity identifier and the memory identity identifier is not set in the third correspondence, it means that the target hardware module does not have access authority to the target memory block.
  • the hardware module and the IOMMU module have a one-to-one correspondence.
  • the target hardware module corresponds to the target IOMMU module.
  • the target IOMMU module includes an identification register.
  • the identification register includes at least one memory identity that the target hardware module has access rights to.
  • the memory identity of the target memory block can be obtained, and then it is determined whether the at least one memory identity includes the memory identity, and when the at least one memory identity with access permission includes In the case of the memory identity identifier, the target hardware module has the access authority indicated by the access authority identifier for the target memory block.
  • the identification register includes a read identification register and a write identification register.
  • the read identification register includes at least one memory identification with read operation authority
  • the write identification register includes at least one memory identification with write operation authority.
  • the access authority includes read operation authority and write operation authority. Therefore, determining whether the target hardware module has access authority to the target memory block may include: determining the at least one memory identity with read operation authority Whether the identifier includes the memory identity identifier, and when the at least one memory identity identifier with read operation permission includes the memory identity identifier, the target hardware module has the read operation permission on the target memory block. Alternatively, it is determined whether the at least one memory identity with write operation permission includes the memory identity, and when the at least one memory identity with write operation permission includes the memory identity, the target hardware module pairs The target memory block has write permission.
  • the bitmap of the memory identity can be maintained in the identification register, for example, the bitmap of the memory identity can include 64 bits, and each of the 64 bits of the bitmap uniquely indicates one kind Memory type, for example, the 21st bit in the bitmap indicates memory type 21.
  • the value of the field of each memory identification bit can indicate whether the hardware module has access rights to this type of memory. This application may describe the value of the field as indicating whether the identification register contains the corresponding memory identification.
  • the field value "1" is an enable value, indicating that the hardware module has access rights to the type of memory indicated by the corresponding bit, that is, the identification register contains the corresponding memory identity; the field value "0" is forbidden
  • the access value indicates that the hardware module has no access authority to the type of memory indicated by the corresponding bit, that is, the identification register does not contain the corresponding memory identification.
  • the field value "0" is the enable value, indicating that the hardware module has access rights to the type of memory indicated by the corresponding bit, that is, the identification register contains the corresponding memory identity;
  • the field value "1" is The access prohibited value indicates that the hardware module has no access authority to the type of memory indicated by the corresponding bit, that is, the identification register does not contain the corresponding memory identification.
  • the initial values of the 64-bit fields shown in FIG. 4 may all be forbidden values.
  • the TEE memory management module 2122 may modify the field values of some bits in the bitmap from the forbidden values as required. Is the enable value. No more details here.
  • the identification register may include a read operation authority identification register and a write operation authority identification register, the bitmap in the read operation authority identification register and the bitmap in the write operation authority identification register are shown in Figure 4, respectively.
  • the field value of the bit in the bitmap of the operation authority identification register indicates whether the hardware module has read authority for the type of memory block indicated by the corresponding bit.
  • the bit field value in the bitmap of the write operation authority identification register indicates whether the hardware module has write authority for the type of memory block indicated by the corresponding bit.
  • the memory identity identifier of the target memory block is 21, and the 21st bit in the bitmap of the read operation authority identification register is, for example, the enable value "1", indicating that the target hardware module has read operation authority to the target memory block.
  • the 21st bit in the bitmap of the write operation authority identification register is, for example, the access prohibited value "0", indicating that the target hardware module has no write operation authority to the target memory block.
  • FIG. 4 is only a schematic implementation manner, and does not limit the identification register described in the present application. In other implementation manners, the identification register may also be implemented in other implementation manners, which is not limited in this application.
  • the electronic device 10 detects the access authority of the target hardware module to the target memory block, thereby being able to avoid access to hardware modules that have no access authority to the media stream in the target memory block.
  • the media stream in the target memory block can in turn improve the security of SMP.
  • Step S104 When the target hardware module has access authority to the target memory block, the target hardware module accesses the target memory block.
  • step S103 when the target hardware module has read operation authority to the target memory block, the target hardware module reads the media stream data in the target memory block.
  • the target hardware module has the write operation authority to the target memory block, the target hardware module writes media stream data into the target memory block.
  • the electronic device before the hardware module accesses the secure memory block, the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP, thereby avoiding cross-SMP cross access of the hardware module. If the hardware module and the corresponding secure memory block belong to the same SMP, the electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block. The secure memory block, otherwise, the hardware module cannot access the secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.
  • the embodiment shown in FIG. 3 takes the use process of SMP as an example to introduce the secure access method of this application. According to the description of the foregoing embodiments, the settings of some correspondences and the like in the embodiment shown in FIG. 3 are completed in the stage of creating the SMP. The implementation process of creating SMP involved in this application is introduced below.
  • the application software running in the TEE software application layer can transmit a request to create a media path to the TEE software driver layer.
  • the media path to be created in this embodiment is an SMP.
  • the TEE software driver layer driver can generate the path identifier of the SMP to be created, such as "path 01".
  • the driver TEE software driver layer can configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block.
  • the TEE software driver layer correspondingly stores the path identifier, the module identifier of the at least one hardware module, and the memory identifier of the at least one memory block, and obtains that the first correspondence shown in Table 1 includes the path 01 Correspondence.
  • the at least one hardware module and the at least one memory block constitute the media path.
  • the at least one hardware module includes, for example, a target hardware module.
  • configuring at least one memory block by the TEE software driver layer may include: the TEE software driver layer may allocate at least one secure memory block according to a request of the application software, and further, set each of the at least one secure memory block according to the third correspondence relationship. The memory identity of a secure memory block. Then, the TEE software driver layer may set the attribute information of each secure memory block in at least one secure memory block, so that the virtual address, memory identity identifier, and channel identifier 01 of each secure memory block correspond to obtain the second correspondence.
  • the TEE software driver layer can also obtain at least one memory identity that each hardware module has access rights in the at least one hardware module from the third correspondence, and then assign at least one memory identity that the corresponding hardware module has access rights to , Set in the IOMMU identification register corresponding to the corresponding hardware module.
  • the TEE software driver layer may obtain at least one memory identity with access permission of the target hardware module from the third correspondence, and then set the at least one memory identity with access permission in the identity register of the target IOMMU.
  • the TEE software driver layer obtains from the third correspondence relationship at least one memory identity that the target hardware module has access rights to, and then corresponds to the memory identity in the corresponding register of the target IOMMU The field value is changed from the forbidden field value to the enabled value.
  • the electronic device 10 is in the SMP creation stage, that is, the corresponding relationship between the path identifier of the SMP and the hardware module and secure memory block belonging to the SMP is established, and each hardware module in the SMP is bound to the hardware The safe memory block associated with the module.
  • SMP provides a data basis for detecting the relationship between the target hardware module and the target secure memory block, and whether the target hardware module has access rights to the target secure memory block. Furthermore, the safety of SMP is improved.
  • FIG. 5 provides a structural diagram of an electronic device 20, and the electronic device 20 supports TEE.
  • the TEE side of the electronic device 20 includes: a software part and a hardware part.
  • the software part includes TEE application, session management module (session manager), memory management module (memory manager), policy management module (policy manager) and TEE driver module.
  • the software part is a functional module implemented by software instructions or software codes, and these software instructions or software codes run on the processor to implement corresponding functions.
  • the hardware part includes demux, hardware decoder, VPSS and VDP, and IOMMU corresponding to each hardware module.
  • the hardware part also includes TEE storage module. Among them, the identification register corresponding to the read operation authority and the identification register corresponding to the write operation authority are set in each IOMMU.
  • the TEE application runs on the TEE software application layer of the electronic device 10.
  • the session management module, the memory management module, the policy management module and the TEE driver module run on the TEE software driver layer of the electronic device 10.
  • the strategy table (that is, the third correspondence) described in this embodiment may be as shown in Table 4.
  • the first memory identity identifier in the first column and the second memory identity identifier in the second column indicate the same memory identity type.
  • the first memory identity can be used as a software-level identity for this type of memory to facilitate the call and management of the session manager, and the second memory identity can be used as an identification register indicating that this type of memory block is in the IOMMU The corresponding bit in.
  • the third column is the module identifier.
  • the hardware module indicated by the module identifier has access authority to the memory blocks of the type indicated in the first and second columns, and the corresponding access authority is marked by the access authority identifier in the fourth column.
  • the audio digital signal processing (AudioDSP) shown in Table 4 is a kind of demux, and the stream cipher belongs to the hardware decryption module or the hardware encryption module.
  • the fifth column is the media channel intent identifier, which is used to indicate the intention of the media channel to which the hardware module and the memory block belong.
  • the first memory identification "video elementary stream data memory” is used for the session management module to manage and call this type of memory block, and the memory block indicated by "video elementary stream data memory” is IOMMU's identification register corresponds to the 21st bit in the bitmap.
  • the hardware module indicated by demux has the read operation authority and the write operation authority for the memory block whose type is "video elementary stream data memory” or the tag is "21".
  • the hardware module indicated by demux can be used in SMP intended to "watch”.
  • FIG. 5 is only an exemplary description of the electronic device of this application, and does not constitute any limitation to the electronic device involved in this application.
  • the electronic device involved in this application may include more or fewer hardware modules. Accordingly, the electronic device involved in this application may include hardware modules with other functions.
  • the functional software of the electronic device can also adopt other forms of expression. No more details here.
  • FIG. 6A illustrates a signaling interaction diagram of a method 200 for creating SMP.
  • the SMP creation method 200 (hereinafter referred to as the method 200) includes the following steps:
  • Step S201 The TEE application sends a request for creating a first SMP to the session management module.
  • Step S202 the session management module generates a path identifier "SID01".
  • SID01 is used to identify the first SMP to be created.
  • Step S203 the session management module occupies the demux module.
  • the session management module is called by the TEE application to occupy the demux module.
  • the session management module can occupy the processing channel 20 of the demux module.
  • the session management module can generate a handle of the demux module, and store the handle corresponding to the path identifier "SID01".
  • the handle includes the module identification demux and the processing channel 20.
  • the TEE application can also call the session management module to occupy other hardware modules that make up the first SMP, such as decoder, VPSS, and VDP, and store the handles of other hardware modules corresponding to "SID01". No more details here.
  • Step S204 the memory management module configures the first secure memory.
  • the TEE application calls the memory management module to configure the first secure memory.
  • the TEE application calls the memory management module, it can send "SID01" to the memory management module.
  • the memory management module can allocate any secure memory in the TEE storage module as the first secure memory. Then, the memory management module can allocate the first memory identity and the second memory identity to the first secure memory according to the intention of the first SMP and the policy table shown in Table 4.
  • the first memory identity of the first secure memory is, for example, "video elementary stream data memory”
  • the second memory identity of the first secure memory is, for example, "21”.
  • the memory management module uses "21" and "SID01" as the attribute information of the first secure memory, and establishes a mapping table of "21", "SID01” and the virtual address of the first secure memory.
  • the mapping table is shown in Table 2, which is not detailed here.
  • the memory management module may also generate a handle to the first secure memory, and the handle of the first secure memory includes, for example, the first memory identification "video elementary stream data memory" of the first secure memory and the virtual address of the first secure memory.
  • Step S205 The memory management module sends the handle of the first secure memory to the session management module.
  • the session management module may store the handle of the first secure memory corresponding to "SID01".
  • the TEE application can also call the memory management module to configure the second secure memory and the third secure memory, generate the handle of the second secure memory and the handle of the third secure memory, and then, similarly transfer the handle of the second secure memory and the third secure memory.
  • the handle of the safe memory is sent to the session management module.
  • the session management module stores the handle of the second secure memory and the handle of the third secure memory corresponding to "SID01" to form a first corresponding relationship. No more details here.
  • the second secure memory is, for example, "video frame data memory”, and the corresponding tag is "24";
  • the third secure memory is, for example, "video display data memory”, and the corresponding tag is "25”.
  • Step S206 the memory management module sets the access authority of the demux module to the first memory block.
  • the memory management module sets the identification register in the IOMMU corresponding to the demux module to set the access authority of the demux module to the first secure memory.
  • the memory management module can modify the value of the 21st field of the read operation authority identification register in the IOMMU to "1", and change the value of the 21st field of the write operation authority identification register in the IOMMU Modify it to "1".
  • the memory management module can also set the field values of the tag of the second secure memory and the tag of the third secure memory in the identification register of the IOMMU to set the access authority of the demux module to the second secure memory and the third secure memory.
  • the memory management module can also set other hardware modules to access the first secure memory, the second secure memory, and the third secure memory, respectively. No more details here.
  • the decoder module has read operation authority for the first secure memory, and has read operation authority and write operation authority for the second secure memory; for example, the VPSS module has read operation authority for the second secure memory and has read operation authority for the third secure memory. It has read operation authority and write operation authority; for example, the VDP module has read operation authority for the third secure memory.
  • the electronic device 20 may also create a second SMP, a third SMP, etc., and the creation process of the second SMP and the third SMP are similar to the method 200, and will not be described in detail here.
  • FIG. 6B illustrates a signaling interaction diagram of a method 300 for transmitting a secure media stream.
  • the method 300 for transmitting secure media streams includes the following steps:
  • Step S301 the session management module receives the detection request.
  • the detection request in this embodiment is sent by the demux module, for example.
  • the detection request includes, for example, the demux module identifier and the handle of the third secure memory.
  • Step S302 The session management module determines that the demux module and the third secure memory belong to the same SMP according to the first correspondence.
  • the session management module can obtain the SID01 corresponding to the demux module from the first correspondence, and the session management module can obtain the SID01 corresponding to the third secure memory handle from the first correspondence. Based on this, the session management module determines the demux module and the third Secure memory is the first SMP.
  • Step S303 The session management module determines according to the policy table that the demux module has no access authority to the third secure memory.
  • the session management module can traverse Table 4, and furthermore, it can be determined that the corresponding relationship between the demux module and the "video display data memory" is not set in Table 4, thereby determining that the demux module has no access authority to the third secure memory. Furthermore, the session management module may not send any instructions to the TEE driver module, so that the TEE driver module does not trigger the demux module to access the third secure memory.
  • step S303 is an optional step. Even if step S303 is not executed, after step S302, if the demux module accesses the third secure memory, the tag "25" field in the IOMMU identification register corresponding to the demux module The value is "0", so that the demux module still cannot access the third secure memory.
  • FIG. 6A and FIG. 6B are only schematic descriptions, and do not limit the technical solution of the present application.
  • the SMP involved may be other SMPs, and the hardware modules and memory blocks to be detected may also be other blocks, which will not be described in detail here.
  • the electronic device detects whether the hardware module and the corresponding secure memory block belong to the same SMP, if the hardware module and the corresponding secure memory block belong to the same SMP , The electronic device further detects whether the hardware module has the authority to access the secure memory block. If the hardware module has the authority to access the secure memory block, the hardware module can access the secure memory block; otherwise, the hardware module cannot access the secure memory block. Secure memory block. In this way, the secure memory block can be safely accessed, thereby preventing the secure media stream from leaking from the secure memory block, and improving the security of the SMP.
  • the solutions of the secure access method provided in this application are introduced from the perspective of the physical structure of the electronic device hardware, the software architecture, and the actions performed by each software and hardware.
  • Those skilled in the art should easily realize that in combination with the establishment of the correspondence relationship described in the embodiments disclosed herein and the processing steps of performing detection according to the correspondence relationship, this application can not only be implemented in the form of hardware or a combination of hardware and computer software . Whether certain functions are executed by hardware or computer software-driven hardware depends on the specific application and design constraints of the technical solution. Professionals and technicians may use different methods to implement the described functions for each of the above specific applications, but such implementation should not be considered as going beyond the scope of the embodiments of the present application.
  • the above-mentioned electronic device 10 and the electronic device 20 may implement the above-mentioned functions in the form of functional modules.
  • the electronic device 70 may include a determination module 701, a judgment module 702, and a calling module 703.
  • the electronic device 70 can be used to execute part of the non-IOMMU security access method in any of the embodiments illustrated in FIG. 3, FIG. 6A, and FIG. 6B.
  • the determining module 701 is used to determine the target hardware module and the target memory block according to the detection request; the determining module 702 is used to determine whether the target hardware module and the target memory block belong to the same media path; the determining module 701 is also used to When the target hardware module and the target memory block belong to the same media path, determine whether the target hardware module has access rights to the target memory block; call the module 703 for access to the target memory block when the target hardware module When authorized, call the target hardware module to access the target memory block.
  • the electronic device 70 provided in the present application can provide the function of detecting whether the target hardware module and the target memory block belong to the same media channel, and whether the target hardware module has access rights to the target memory block, so that the target hardware module Before being triggered and the target memory block, double detection is performed, so that the target memory block can be safely accessed.
  • the electronic device 70 may also include an acquisition module, a detection module, a generation module, a configuration module, and an establishment module.
  • the above modules are used to implement different functions.
  • the acquiring module is configured to acquire the first path identifier of the target hardware module and the second path identifier of the target memory block, and the first path identifier indicates the media path corresponding to the target hardware module.
  • the second path identifier indicates the media path corresponding to the target memory block.
  • the obtaining module is used to obtain a request for creating a media path.
  • the detection module is used to detect whether the first path identifier and the second path identifier are the same.
  • the detection module is used to detect whether the third correspondence relationship is set with the module.
  • the identity identifier and the access authority identifier corresponding to the memory identifier, and the third correspondence relationship includes the corresponding relationship between the module identifier, the memory identifier, and the access authority identifier.
  • the generating module is also used to generate the path identifier of the media path.
  • the configuration module is also used to configure at least one hardware module and at least one memory block to obtain the module identity of the at least one hardware module and the memory identity of the at least one memory block, the at least one hardware module and the at least one memory block Compose the media channel.
  • the establishing module is further configured to establish the first correspondence relationship according to the path identifier, the module identity of the at least one hardware module, and the memory identity of the at least one memory block.
  • each module in the electronic device 70 For other functions of each module in the electronic device 70, reference may be made to the related descriptions in the embodiments corresponding to the method 100 to the method 300, which will not be repeated here.
  • the electronic device 71 includes a processor 711, a target hardware module 712, a target IOMMU 713, and a target memory block 714.
  • the target memory block 714 may be configured to store secure media streams.
  • the target hardware module 712 may be configured to access a memory block to write media stream data to the accessed memory block or to read media stream data from the accessed memory block.
  • the processor 711 can execute the configuration of the hardware module and the memory block in the method 100 to the method 300, and the detection of the permissions of the target hardware module 712 and the target memory block 714.
  • the target IOMMU 713 can be coupled with an identification register 715.
  • the identification register 715 contains the memory identification of the memory block that the target hardware module 712 can access.
  • the target IOMMU 713 can determine whether the target hardware module 712 can access the target according to the configuration in the identification register 715.
  • the memory block 714 performs authentication.
  • the processor 711 may be configured to determine the target hardware module 712 and the target memory block 714 according to the detection request.
  • the processor 711 may also be used to determine whether the target hardware module 712 and the target memory block 714 belong to the same media path, and when the target hardware module 712 and the target memory block 714 belong to the same media path, determine the target Whether the hardware module 712 has access authority to the target memory block 714.
  • the target hardware module 712 is configured to access the target memory block 714 when the target hardware module 712 has access authority to the target memory block 714.
  • the target hardware module 712 after the target hardware module 712 receives an instruction to access the target memory block 714, it can obtain the memory identity of the target memory block 714. Then, the target IOMMU 713 searches for the memory identity in the read operation authority identification register and the write operation authority identification register of the target IOMMU 713, and then determines whether the target IOMMU 713 has read operation authority and the target memory block 714 according to the search result. / Or write operation permission.
  • the processor 711 in FIG. 7B can implement the functions of each software layer of the TEE in FIG. 2, the target hardware module 712 can implement the functions of the TEE hardware module in FIG. 2, and the target IOMMU 713 can implement the diagram For the function of the TEE IOMMU module in 2, the target memory block 714 can be equivalent to any secure memory block in FIG. 2.
  • the processor 711 in FIG. 7B can implement the functions of the software part in FIG. 5, the target hardware module 712 may be equivalent to any hardware module shown in FIG. 5, and the target IOMMU 71 is determined according to the target hardware module 712,
  • the target memory block 714 can be equivalent to any secure memory block in FIG. 5.
  • the application also provides a computer storage medium corresponding to the electronic device.
  • the computer storage medium provided in any device can store a program. When the program is executed, the security provided by the method 100 to the method 300 can be implemented. Access some or all of the steps in each embodiment of the processing method.
  • the storage medium in any device can be a magnetic disk, an optical disc, a read-only memory (read-only memory, ROM), or a random access memory (random access memory, RAM), etc.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a dedicated computer, a computer network, or other programmable devices.
  • the computer instruction can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium.
  • the computer instruction can be passed from a website, computer, server, or message center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a message storage device such as a server or a message center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).
  • the size of the sequence number of each process does not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, rather than the implementation process of the embodiment. Constitute any limitation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé d'accès sécurisé et un dispositif électronique. Le procédé d'accès sécurisé consiste : à déterminer un module matériel cible et un bloc tampon cible en fonction d'une demande de détection ; à déterminer si le module matériel cible et le bloc tampon cible appartiennent au même trajet multimédia ; lorsque le module matériel cible et le bloc tampon cible appartiennent au même trajet multimédia, à déterminer si le module matériel cible possède des droits d'accès au bloc tampon cible ; et lorsque le module matériel cible possède les droits d'accès au bloc tampon cible, à invoquer le module matériel cible pour accéder au bloc tampon cible. On peut observer, à l'aide de la solution technique de la présente invention, qu'un dispositif électronique effectue une détection double sur un module matériel et un bloc tampon avant que le module matériel n'accède au bloc tampon, de telle sorte que le bloc tampon puisse faire l'objet d'un accès de manière sûre, ce qui permet d'éviter la fuite d'un flux multimédia sécurisé depuis un bloc tampon sécurisé, et d'améliorer la sécurité d'un SMP.
PCT/CN2019/090478 2019-06-10 2019-06-10 Procédé d'accès sécurisé et dispositif électronique WO2020248088A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/090478 WO2020248088A1 (fr) 2019-06-10 2019-06-10 Procédé d'accès sécurisé et dispositif électronique
CN201980097157.1A CN113906398A (zh) 2019-06-10 2019-06-10 安全访问方法及电子设备

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/090478 WO2020248088A1 (fr) 2019-06-10 2019-06-10 Procédé d'accès sécurisé et dispositif électronique

Publications (1)

Publication Number Publication Date
WO2020248088A1 true WO2020248088A1 (fr) 2020-12-17

Family

ID=73781130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/090478 WO2020248088A1 (fr) 2019-06-10 2019-06-10 Procédé d'accès sécurisé et dispositif électronique

Country Status (2)

Country Link
CN (1) CN113906398A (fr)
WO (1) WO2020248088A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104169891A (zh) * 2013-10-29 2014-11-26 华为技术有限公司 一种访问内存的方法及设备
CN106469124A (zh) * 2015-08-20 2017-03-01 深圳市中兴微电子技术有限公司 一种存储器访问控制方法和装置
CN107851161A (zh) * 2015-07-20 2018-03-27 英特尔公司 对具有dma能力的i/o控制器的i/o数据进行密码保护
CN109766165A (zh) * 2018-11-22 2019-05-17 海光信息技术有限公司 一种内存访问控制方法、装置、内存控制器及计算机系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104169891A (zh) * 2013-10-29 2014-11-26 华为技术有限公司 一种访问内存的方法及设备
CN107851161A (zh) * 2015-07-20 2018-03-27 英特尔公司 对具有dma能力的i/o控制器的i/o数据进行密码保护
CN106469124A (zh) * 2015-08-20 2017-03-01 深圳市中兴微电子技术有限公司 一种存储器访问控制方法和装置
CN109766165A (zh) * 2018-11-22 2019-05-17 海光信息技术有限公司 一种内存访问控制方法、装置、内存控制器及计算机系统

Also Published As

Publication number Publication date
CN113906398A (zh) 2022-01-07

Similar Documents

Publication Publication Date Title
US20180267726A1 (en) Memory space management and memory access control method and apparatus
EP3191994B1 (fr) Commande de décodage de média avec gestion des droits numériques protégés par matériel
EP3103051B1 (fr) Système et procédé de surveillance d'un accès malveillant à un contenu protégé
JP5181139B2 (ja) コンピュータプログラム、共有オブジェクト制御装置及び共有オブジェクト制御方法
KR101837678B1 (ko) 신뢰실행환경 기반의 컴퓨팅 장치
US10691404B2 (en) Technologies for protecting audio data with trusted I/O
KR20130007659A (ko) 가상화를 이용한 비디오 컨텐츠 보호
US10693631B2 (en) Modifying a content descriptor to facilitate delivery of token-authorized encrypted data
US20130182842A1 (en) System and method for key space division and sub-key derivation for mixed media digital rights management content
US20150113620A1 (en) Proximity based dual authentication for a wireless network
US9515834B2 (en) Content protection continuity through authorized chains of components
WO2017118330A1 (fr) Procédé et dispositif d'isolement d'accès aux données de programme d'application
US20050228894A1 (en) Inter-device authentication system, inter-device authentication method, communication device, and computer program
WO2021203767A1 (fr) Procédé d'accés mémoire, système sur puce et dispositif électronique
CN114237817A (zh) 虚拟机数据读写方法及相关装置
US20160162858A1 (en) Screening architectures enabling revocation and update
US9264763B2 (en) Method for generating a communication link between devices, and apparatus for same
WO2020248088A1 (fr) Procédé d'accès sécurisé et dispositif électronique
WO2017128655A1 (fr) Procédé et dispositif de réalisation de filigrane vidéo
US20200288210A1 (en) Display device and control method therefor
US20120005485A1 (en) Storage device and information processing apparatus
US8707054B2 (en) Establishing a secure memory path in a unitary memory architecture
WO2021184181A1 (fr) Procédé de sortie sécurisé et dispositif électronique
Mohanty et al. Media data protection during execution on mobile platforms–A review
EP2699017B1 (fr) Unité de traitement de sécurité avec connexion sécurisée à un système de tête de réseau

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19932364

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19932364

Country of ref document: EP

Kind code of ref document: A1