WO2021109654A1 - 安全任务处理方法和电子设备 - Google Patents

安全任务处理方法和电子设备 Download PDF

Info

Publication number
WO2021109654A1
WO2021109654A1 PCT/CN2020/113469 CN2020113469W WO2021109654A1 WO 2021109654 A1 WO2021109654 A1 WO 2021109654A1 CN 2020113469 W CN2020113469 W CN 2020113469W WO 2021109654 A1 WO2021109654 A1 WO 2021109654A1
Authority
WO
WIPO (PCT)
Prior art keywords
safety
operating system
security
processor
subtasks
Prior art date
Application number
PCT/CN2020/113469
Other languages
English (en)
French (fr)
Inventor
朱丙营
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021109654A1 publication Critical patent/WO2021109654A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes

Definitions

  • One or more embodiments of this specification relate to the computer field, and more particularly to a security task processing method and electronic equipment.
  • the electronic devices may include a secure operating system and a basic operating system.
  • the target processor used to process security tasks on electronic devices runs the basic operating system by default.
  • the operating system can be switched from the basic operating system to the secure operating system. Perform security tasks in the system environment of a secure operating system.
  • This manual proposes a security task processing method and electronic equipment.
  • a security task processing method is provided, the method is applied to an electronic device, the electronic device includes a plurality of processors; wherein, the plurality of processors includes at least one for processing a security task
  • the target processor of the method includes:
  • the target processor responds to the monitored security task processing request, switching the operating system running on the target processor to a secure operating system;
  • the target processor splits the security task corresponding to the security task processing request into a plurality of security subtasks in the system environment of the security operating system, and executes the splitting in the system environment of the security operating system
  • the security subtasks that are generated and storing the multiple security subtasks in a shared storage space;
  • the other processors other than the target processor that meet the preset conditions switch the operating system running on the other processor to the secure operating system, and execute from the shared storage space in the system environment of the secure operating system.
  • the read safety subtask is
  • the method further includes:
  • the target processor after storing the multiple safety subtasks in the shared storage space, sends a safety subtask processing request;
  • Switching the operating system running by other processors other than the target processor that meets preset conditions to a secure operating system includes:
  • the other processor that meets the condition responds to the security subtask processing request, and switches the operating system running by the other processor to the secure operating system.
  • switching the operating system running on other processors other than the target processor that meets preset conditions to a secure operating system includes:
  • the other processors that meet the conditions detect that the processor meets the conditions for entering the sleep state
  • the preset conditions include:
  • the processor load is less than a preset threshold
  • storing the multiple safety subtasks in a shared storage space includes:
  • the safety subtask linked list is stored in the storage space.
  • the splitting the safety task corresponding to the safety task processing request into multiple safety subtasks includes:
  • the method further includes:
  • the operating system running on the target processor is switched to the basic operating system.
  • the method further includes:
  • an electronic device includes a plurality of processors; wherein the plurality of processors includes at least one target processor for processing security tasks;
  • the target processor is configured to switch the operating system running on the target processor to a secure operating system in response to a monitored security task processing request; in the system environment of the secure operating system, process the security task Request the corresponding security task to be split into multiple security subtasks, and execute the split security subtasks in the system environment of the security operating system; and store the multiple security subtasks in a shared storage space;
  • processors that meet preset conditions than the target processor are used to switch the operating system running by the other processor to a secure operating system, and execute the shared storage in the system environment of the secure operating system.
  • the safety subtask read in the space.
  • the target processor is further configured to issue a safety subtask processing request after storing the multiple safety subtasks in a shared storage space;
  • the other processors that meet the conditions are configured to respond to the security subtask processing request to switch the operating system running on the other processors to the secure operating system.
  • the other processor that meets the condition is used to detect that the processor meets the condition for entering the sleep state; if so, the operating system running on the other processor is switched to a safe operating system.
  • the preset conditions include:
  • the processor load is less than a preset threshold
  • the target processor is configured to construct the safety subtasks into a safety subtask linked list according to the execution order; and store the safety subtasks linked list in the storage space.
  • the target processor is configured to detect whether the safety task can be split; if so, split the safety task corresponding to the safety task processing request into multiple safety subtasks.
  • the target processor is further configured to switch the operating system running on the target processor to a basic operating system after it is monitored that all the safety subtasks in the storage space have been executed.
  • the other processors that meet the conditions are also used to switch the operating system running on the processor to the basic operating system after monitoring that all the security subtasks in the storage space are completed, and enter Sleep state.
  • the target processor splits the security task and stores the split security subtasks in the shared storage space, so that other processors that meet the conditions other than the target processor can read and execute the security task. Security subtasks in shared storage space. Since the target processor no longer handles the safety task alone, but multiple processors jointly handle the safety task, the processing efficiency of the safety task can be greatly improved.
  • Fig. 1 is a schematic diagram of an electronic device shown in an exemplary embodiment of this specification
  • Fig. 2 is a flowchart of a security task processing method shown in an exemplary embodiment of this specification
  • Fig. 3 is a flowchart of a security task processing method shown in an exemplary embodiment of this specification
  • Fig. 4 is a flowchart of another security task processing method shown in an exemplary embodiment of this specification.
  • the steps of the corresponding method may not be executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
  • An electronic device usually includes multiple processors, but each processor independently runs its own operating system and performs its own tasks under the operating system it runs. Each processor does not affect each other's task processing. In other words, each processor handles its own tasks and does not handle the tasks of other processors.
  • the target processor for processing the security task in the electronic device detects the security task triggered by the user, the operating system can be switched from the basic operating system to the security operating system, and the security task is executed in the system environment of the security operating system.
  • the safety task is complex and numerous, only the target processor processing the safety task will greatly reduce the processing efficiency of the safety task.
  • the target processor used to process the safety task in the electronic device can respond to the monitored safety task processor request and switch the operating system running on the target processor to Secure operating system;
  • the target processor splits the security task corresponding to the security task processing request into a plurality of security subtasks in the system environment of the security operating system, and executes the separated security tasks in the system environment of the security operating system.
  • Safety subtasks and storing the multiple safety subtasks in a shared storage space;
  • processors other than the target processor that meet the preset conditions switch the operating system running by the other processor to a secure operating system, and execute the read from the shared storage space in the system environment of the secure operating system To the safety subtask.
  • the target processor splits the safety task, and stores the split safety subtasks in the shared storage space, so that other processors that meet the conditions other than the target processor can read and Perform security subtasks in the shared storage space. Since the target processor no longer handles the safety task alone, but multiple processors jointly handle the safety task, the processing efficiency of the safety task can be greatly improved.
  • Fig. 1 is a schematic diagram of an electronic device according to an exemplary embodiment of this specification.
  • the electronic device includes multiple processors, network interfaces, storage media, and buses. Of course, in practical applications, the electronic device may also include other hardware, such as logic chips, input/output interfaces, and so on. Here, the hardware of the electronic device is only exemplarily described, and it is not specifically limited.
  • multiple processors, network interfaces, and storage media can communicate with each other through a bus.
  • the above-mentioned processor may be an ARM (Advanced RISC Machines, advanced RISC processor chip) chip (such as ARMv8), or an Intel x86 (Intel x86) chip, etc.
  • ARM Advanced RISC Machines, advanced RISC processor chip
  • Intel x86 Intel x86
  • the aforementioned storage medium may be any electronic, magnetic, optical, or other physical storage device, and may contain storage information, such as executable instructions, data reading and writing, and so on.
  • the processor readable and writable storage medium may be: a volatile memory, a non-volatile memory, or a similar storage medium.
  • FIG 2 is a flowchart of a safety task processing method shown in an exemplary embodiment of this specification. The method can be applied to the electronic device shown in Figure 1.
  • the safety task processing method can include the following Steps shown.
  • Step 202 In response to the monitored security task processing request, the target processor switches the operating system running on the target processor to the secure operating system.
  • the target processor refers to a processor used to process security tasks among multiple processors of an electronic device.
  • the target processor can be a pre-designated processor for processing the safety task, or the processor that detects the safety task processing request first. It is not specifically limited here.
  • safety tasks refer to tasks with high safety requirements.
  • users complete tasks related to bill or order payment through security applications (such as payment apps, etc.).
  • security applications such as payment apps, etc.
  • the user performs the task of user information authentication through the security application.
  • the safety task is only exemplified here, and it is not specifically limited.
  • the driver of a security application when the driver of a security application (such as an Alipay application, etc.) detects that the user triggers a security task on the security application, the driver of the security application may initiate a security task processing request.
  • a security application such as an Alipay application, etc.
  • the target processor may respond to the safety task processing request and obtain the safety task corresponding to the safety task processing request.
  • the safety task processing request carries the safety task
  • the target processor may parse the safety task processing request to obtain the safety task carried in the safety task processing request.
  • the safety task processing request carries the identifier of the safety task.
  • the safety task can be recorded in the cache.
  • the target processor may parse the safety task processing request, obtain the safety task identifier carried in the safety task processing request, and read the safety task in the cache based on the safety task identifier.
  • the target processor can also switch the operating system running on the target processor from a basic operating system to a secure operating system.
  • the processor may call the switching logic recorded in the switching module in the storage medium, and switch the operating system of the processor from a basic operating system to a secure operating system.
  • a Secure monitor module is stored in the storage medium of the electronic device.
  • the target processor can call the switching logic in the Secure monitor module to switch the operating system running on the target processor from a basic operating system to a secure operating system.
  • the operating system switching mode is only exemplarily described, and it is not specifically limited.
  • Step 204 In the system environment of the safety operating system, the target processor splits the safety task corresponding to the safety task processing request into multiple safety subtasks, and executes the splitting in the system environment of the safety operating system.
  • the security subtasks and storing the multiple security subtasks in a shared storage space.
  • Step 204 is described in detail below through step 2041 to step 2043.
  • Step 2041 The target processor splits the safety task corresponding to the safety task processing request into multiple safety subtasks in the system environment of the safety operating system.
  • the target processor may detect whether the acquired safety task corresponding to the safety task processing request is a detachable safety task. If the safety task is a divisible safety task, the target processor may divide the safety task into multiple independently executable safety subtasks. If the safety task is an inseparable safety task, the safety task is not split, and the target processor still processes the safety task.
  • Method 1 The security task carries a detachable identifier.
  • the target processor may detect the value of the detachable identifier, and if the value of the detachable identifier is a first preset value (for example, 1), it may determine that the safety task is a detachable safety task. If the value of the detachable flag is a second preset value (for example, 0), it can be determined that the safety task is an undivisible safety task.
  • a first preset value for example, 1
  • a second preset value for example, 0
  • the target processor can detect whether the safety task is a detachable safety task according to a preset strategy.
  • the target processor may determine whether the safety task is a detachable safety task according to the task type of the safety task.
  • the security task may include multiple independently executable sub-steps, and a preset keyword is configured at the end or the beginning of each sub-step.
  • the target processor may also determine whether the safety task is a detachable safety task based on whether the number of preset keywords is carried in the safety task.
  • the target processor determines that the number of preset keywords carried by the safety task is greater than 1, it is determined that the safety task is a detachable safety task.
  • the number of preset keywords carried by the safety task is equal to 1, it is determined that the safety task is an inseparable safety task.
  • the "detecting whether the safety task is a detachable safety task” is only exemplified, and it is not specifically limited.
  • the target processor can split the safety task into multiple safety subtasks that can run independently based on a preset split strategy.
  • a safety task may include multiple independently executable sub-steps, and a preset keyword is configured at the end or the beginning of each sub-step.
  • the target processor can split the safety task into multiple safety subtasks based on preset keywords in the safety task.
  • the "splitting the safety task corresponding to the safety task processing request into multiple safety subtasks" is only exemplified, and it is not specifically limited.
  • Step 2042 The target processor stores the split multiple security subtasks in the shared storage space.
  • the storage medium in FIG. 1 opens up a shared storage space. All processors in the electronic device can write data to the shared storage space and can also read data from the shared storage space.
  • the target processor may directly store the multiple security subtasks that have been split into the shared storage space.
  • the safety subtasks need to be executed in order.
  • the target processor may construct the multiple safety subtasks into a safety subtask linked list according to the execution order of the safety subtasks, and store the safety subtask linked list in the shared storage space.
  • safety subtasks separated by the safety task include: safety subtask 1, safety subtask 2, and safety subtask 3.
  • Safety subtask 1, safety subtask 2 and safety subtask 3 need to be executed in sequence. For example, you need to rely on the result of processing safety subtask 1 to process safety subtask 2, and you need to rely on the result of processing safety subtask 2 to process safety subtask 3. At this time, the execution sequence of the safety subtasks are: safety subtask 1, safety subtask 2, and safety subtask 3.
  • the target processor can construct the safety subtask 1, the safety subtask 2 and the safety subtask 3 into a safety subtask linked list according to the execution sequence, and store the safety subtask linked list in the shared storage space.
  • Step 2043 The target processor may execute the separated security subtasks in the system environment of the security operating system.
  • the security subtasks to be processed are stored in the shared storage space.
  • the target processor can read the to-be-processed safety subtask from the shared storage space. If the target processor can read the to-be-processed safety subtask, it is determined that the safety task has not been executed. At this time, the target processor can execute the to-be-processed safety subtask in the system environment of the safety operating system. After the target processor completes the safety subtask, the target processor may delete the safety subtask from the shared storage space.
  • the target processor can switch the operating system running on the processor from a secure operating system to a basic operating system.
  • the shared storage unit stores all safety subtasks.
  • Each safety subtask is marked as a pending safety subtask or a processed safety subtask.
  • the target processor can read the safety subtask that is marked as pending processing, and if the target processor can read the pending safety subtask, it is determined that the safety task has not been completed. At this time, the target processor can execute the to-be-processed safety subtask in the system environment of the safety operating system. After the target processor finishes processing the pending safety subtask, it may mark the safety subtask as a processed safety subtask.
  • the target processor can switch the operating system running on the processor from a secure operating system to a basic operating system.
  • the target processor can add a processed mark to the processed safety task, so that the safety with the processed mark is regarded as a processed safety task, and the The safety tasks with the processed mark are pending safety tasks.
  • the target processor can also configure a processing identifier for each safety subtask in the shared storage space.
  • the processing identifier takes the first preset value (for example, 0)
  • the processing identifier takes the second preset value (for example, 1), it indicates that the safety subtask is a processed safety subtask.
  • Step 206 other processors other than the target processor that meet the preset conditions switch the operating system running on the other processor to a secure operating system, and execute the shared operation in the system environment of the secure operating system.
  • the safety subtask read in the storage space.
  • the preset condition may include: the processor load is less than a preset threshold; and/or, there is no task to be processed.
  • Other processors that meet the preset condition include: processors with a processor load less than a preset threshold, and/or processors with no tasks to be processed.
  • the purpose of setting such preset conditions is to enable a relatively idle processor (for example, a processor with a small number of tasks to be processed or a processor with no tasks to be processed) to assist the target processor to jointly complete the processing of the safety task. Since multiple processors jointly complete the processing of the safety task, the processing efficiency of the safety task is greatly improved.
  • the preset condition can be set according to actual conditions.
  • the preset condition can also be all other processors except the target processor, or any number of other processors designated in advance.
  • the preset conditions are only exemplified here, and they are not specifically limited.
  • the processor load can be characterized by load parameters such as CPU occupancy rate and memory occupancy rate of the processor.
  • load parameters such as CPU occupancy rate and memory occupancy rate of the processor.
  • the processor load is only exemplified, and the processor load is not specifically limited.
  • Step 206 will be described in detail below through step 2061 to step 2062.
  • Step 2061 another processor that meets the preset condition switches the operating system running on the other processor to a secure operating system.
  • the target processor may issue security subtask processing to other processors except the target processor. request.
  • the other processor can check whether it meets the above-mentioned preset conditions. If the other processor meets the above preset condition, the other processor can switch the operating system running on the processor from the basic operating system to the secure operating system, and execute step 2062. If the other processor does not meet the above preset conditions, it still maintains its current basic operating system.
  • processors when other processors detect that they meet preset conditions, they can detect whether their own processors meet the conditions for entering the sleep state. If the other processor detects that the processor meets the conditions for entering the sleep state, the operating system running in this process is switched to a secure operating system, and step 2062 is executed. If the other processor detects that the processor does not meet the conditions for entering the sleep state, it still maintains its current basic operating system.
  • the existing method can be used for detection. For example, detecting whether the load of the processor is lower than a preset threshold value lower than the foregoing preset threshold value, or detecting that there is no task to be processed, etc. This is only an exemplary description, and no specific limitation is made.
  • Step 2062 other processors execute the security subtasks read from the shared storage space in the system environment of the security operating system.
  • the security subtasks to be processed are stored in the shared storage space.
  • Other processors can read the to-be-processed safety subtask from the shared storage space. If the other processor can read the to-be-processed safety subtask, it is determined that the safety task has not been executed. At this time, the other processor can execute the to-be-processed safety subtask in the system environment of the safety operating system. After the other processors complete the safety subtask, the other processors can delete the safety subtask from the shared storage space.
  • the shared storage unit stores all safety subtasks.
  • Each safety subtask is marked as a pending safety subtask or a processed safety subtask.
  • processors can read the safety subtask that is marked as pending. If other processors can read the pending safety subtask, it is determined that the safety task has not been executed. At this time, other processors can execute the to-be-processed safety subtask in the system environment of the safety operating system. After processing the pending safety subtask, other processors may mark the safety subtask as a processed safety subtask.
  • other processors detect that they meet the conditions for entering the hibernation state, and the other processors can enter the hibernation state after switching the operating system running on the processor from a secure operating system to a basic operating system.
  • the target processor splits the safety task, and stores the split safety subtasks in the shared storage space, so that other processors that meet the conditions other than the target processor can read and Perform security subtasks in the shared storage space. Since the target processor no longer handles the safety task alone, but multiple processors jointly handle the safety task, the processing efficiency of the safety task can be greatly improved.
  • the following uses the target processor as the processor 1 and other processors that meet the conditions as the processor 2, and in conjunction with FIG. 3 and FIG. 4, the method for processing the above-mentioned security task will be described in detail.
  • FIG. 3 is a flowchart of a method for processing a security task according to an exemplary embodiment of this specification. The method can be applied to the processor 1 for processing the security task and may include the following steps.
  • Step 302 In response to the monitored security task processing request, the processor 1 switches the operating system running on the processor 1 to the security operating system.
  • Step 304 The processor 1 obtains the safety task corresponding to the safety task processing request, and splits the safety task into multiple safety subtasks.
  • Step 306 The processor 1 stores the safety subtask in the shared storage space.
  • Step 308 The processor 1 reads the safety subtask from the shared storage space.
  • Step 310 The processor 1 detects whether the safety subtask is read
  • Step 312 If the processor 1 reads the safety subtask, it executes the read safety subtask in the system environment of the safety operating system, and deletes it from the shared storage space after the safety subtask is executed. The execution of the safety subtask is completed, and step 308 is returned.
  • Step 314 If the processor 1 does not read the secure subtask, switch the operating system of the processor 1 from the secure operating system to the basic operating system.
  • FIG. 4 is a flowchart of a method for processing a security task according to an exemplary embodiment of this specification. The method can be applied to the processor 2 for processing the security task, and may include the following steps.
  • Step 402 When the processor 2 determines that the processor meets the conditions for entering the sleep state, it switches the operating system running by the processor 2 to a secure operating system.
  • Step 404 The processor 2 reads the safety subtask from the shared storage space.
  • Step 406 The processor 2 detects whether the security subtask can be read from the shared storage space.
  • Step 408 If the processor 2 reads the safety subtask from the shared storage space, it executes the safety subtask in the system environment of the safety operating system, and after the safety subtask is executed, reads the safety subtask from the shared storage space Delete the executed safety subtask, and return to step 404 (that is, the processor 2 reads the safety subtask from the shared storage space).
  • Step 410 If the processor 2 does not read the secure subtask from the shared storage space, the processor 2 switches the operating system running on the processor 2 from the secure operating system to the basic operating system, and enters the sleep state.
  • this specification also provides an electronic device that includes multiple processors; wherein, the multiple processors include at least one target processor for processing security tasks;
  • the target processor is configured to switch the operating system running on the target processor to a secure operating system in response to a monitored security task processing request; in the system environment of the secure operating system, process the security task Request the corresponding security task to be split into multiple security subtasks, and execute the split security subtasks in the system environment of the security operating system; and store the multiple security subtasks in a shared storage space;
  • processors that meet preset conditions than the target processor are used to switch the operating system running by the other processor to a secure operating system, and execute the shared storage in the system environment of the secure operating system.
  • the safety subtask read in the space.
  • the target processor is further configured to issue a safety subtask processing request after storing the multiple safety subtasks in a shared storage space;
  • the other processors that meet the conditions are configured to respond to the security subtask processing request to switch the operating system running on the other processors to the secure operating system.
  • the other processor that meets the condition is used to detect that the processor meets the condition for entering the sleep state; if so, the operating system running on the other processor is switched to a safe operating system.
  • the preset conditions include:
  • the processor load is less than a preset threshold
  • the target processor is configured to construct the safety subtasks into a safety subtask linked list according to the execution order; and store the safety subtasks linked list in the storage space.
  • the target processor is configured to detect whether the safety task can be split; if so, split the safety task corresponding to the safety task processing request into multiple safety subtasks.
  • the target processor is further configured to switch the operating system running on the target processor to a basic operating system after it is monitored that all the safety subtasks in the storage space have been executed.
  • the other processors that meet the conditions are also used to switch the operating system running on the processor to the basic operating system after monitoring that all the security subtasks in the storage space are completed, and enter Sleep state.
  • the relevant part can refer to the part of the description of the method embodiment.
  • the device embodiments described above are merely illustrative, and the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement without creative work.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Hardware Redundancy (AREA)

Abstract

本说明书提供一种安全任务处理方法及电子设备,该电子设备包括多个处理器;其中,多个处理器包括至少一个用于处理安全任务的目标处理器,该方法包括:目标处理器响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统,并在安全操作系统的系统环境中,将安全任务处理请求对应的安全任务拆分为多个安全子任务,并执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,并在安全操作系统的系统环境中执行从共享存储空间中读取到的安全子任务。使用本说明书提供的方法,可以提高安全任务的处理效率。

Description

安全任务处理方法和电子设备 技术领域
本说明书一个或多个实施例涉及计算机领域,尤其涉及一种安全任务处理方法和电子设备。
背景技术
为了满足用户采用电子设备进行支付等安全需求,电子设备可包括安全操作系统和基础操作系统。通常,电子设备上用于处理安全任务的目标处理器默认运行的是基础操作系统,当目标处理器检测到用户触发的安全任务时,可将操作系统由基础操作系统切换为安全操作系统,在安全操作系统的系统环境中执行安全任务。
发明内容
本说明书提出一种安全任务处理方法和电子设备。
根据本说明书的第一方面,提供一种安全任务处理方法,所述方法应用于电子设备,所述电子设备包括多个处理器;其中,所述多个处理器包括至少一用于处理安全任务的目标处理器,所述方法包括:
所述目标处理器响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统;
所述目标处理器在所述安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
可选的,所述方法还包括:
所述目标处理器,在将所述多个安全子任务存储至共享存储空间后,发出安全子任务处理请求;
所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,包括:
所述满足条件的其他处理器响应于所述安全子任务处理请求,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,包括:
所述满足条件的其他处理器检测本处理器是满足进入休眠状态的条件;
若是,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述预设条件包括:
处理器负载小于预设阈值;和/或,
没有待处理的任务。
可选的,所述将所述多个安全子任务存储至共享存储空间,包括:
将所述安全子任务按照执行顺序构造成安全子任务链表;
将所述安全子任务链表储存在所述存储空间。
可选的,所述将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,包括:
检测所述安全任务是否可被拆分;
若是,则将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
可选的,所述方法还包括:
所述目标处理器在监测到所述存储空间中的所有安全子任务均执行完成后,将所述目标处理器运行的操作系统切换为基础操作系统。
可选的,所述方法还包括:
所述满足条件的其他处理器在监测到所述存储空间中的所有安全子任务均执行完成后,将本处理器运行的操作系统切换为基础操作系统,并进入休眠状态。
根据本说明书的第二方面,提供一种电子设备,所述电子设备包括多个处理器;其中,所述多个处理器包括至少一个用于处理安全任务的目标处理器;
所述目标处理器,用于响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统;在所述安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
所述目标处理器以外的满足预设条件的其它处理器,用于将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
可选的,所述目标处理器,还用于在将所述多个安全子任务存储至共享存储空间后,发出安全子任务处理请求;
所述满足条件的其他处理器,用于响应于所述安全子任务处理请求,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述满足条件的其他处理器,用于检测本处理器是满足进入休眠状态的条件;若是,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述预设条件包括:
处理器负载小于预设阈值;和/或,
没有待处理的任务。
可选的,所述目标处理器,用于将所述安全子任务按照执行顺序构造成安全子任务链表;将所述安全子任务链表储存在所述存储空间。
可选的,所述目标处理器,用于检测所述安全任务是否可被拆分;若是,则将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
可选的,所述目标处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将所述目标处理器运行的操作系统切换为基础操作系统。
可选的,所述满足条件的其他处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将本处理器运行的操作系统切换为基础操作系统,并进入休眠状态。
由上述描述可知,目标处理器将安全任务进行拆分,并将拆分得到的安全子任务储存在共享存储空间中,使得该目标处理器以外的满足条件的其他处理器可以读取并执行该共享存储空间中的安全子任务。由于不再是由目标处理器单独处理安全任务,而是 由多个处理器共同处理安全任务,所以可以大大提高安全任务的处理效率。
附图说明
图1是本说明书一示例性实施例示出的一种电子设备的示意图;
图2是本说明书一示例性实施例示出的一种安全任务处理方法的流程图;
图3是本说明书一示例性实施例示出的一种安全任务的处理方法的流程图;
图4是本说明书一示例性实施例示出的另一种安全任务的处理方法的流程图。
具体实施方式
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。
电子设备通常包括多个处理器,但每个处理器独立运行各自的操作系统,并在其运行的操作系统下执行各自的任务。各处理器之间互不影响各自的任务处理。换句话来说,各处理器处理各自的任务,并且不会处理其他处理器的任务。
当电子设备中用于处理安全任务的目标处理器检测到用户触发的安全任务时,可将操作系统由基础操作系统切换为安全操作系统,在安全操作系统的系统环境中执行安全任务。而当安全任务复杂繁多时,仅由该目标处理器处理该安全任务就会大大降低安全任务的处理效率。
有鉴于此,本说明书提出一种安全任务处理方法,电子设备中的用于处理安全任务的目标处理器可以响应于监测到的安全任务处理器请求,并将目标处理器运行的操作系统切换为安全操作系统;
所述目标处理器在安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
由上述描述可以看出,目标处理器将安全任务进行拆分,并将拆分得到的安全子任务储存在共享存储空间中,使得该目标处理器以外的满足条件的其他处理器可以读取并执行该共享存储空间中的安全子任务。由于不再是由目标处理器单独处理安全任务,而是由多个处理器共同处理安全任务,所以可以大大提高安全任务的处理效率。
参见图1,图1是本说明书一示例性实施例示出的一种电子设备的示意图。
该电子设备包括多个处理器、网络接口、存储介质和总线。当然,在实际应用中,该电子设备还可包括其他硬件,比如逻辑芯片、输入/输出接口等。这里只是对电子设备的硬件进行示例性地说明,不对其进行具体地限定。
其中,多个处理器、网络接口、存储介质可通过总线完成相互间的通信。
上述处理器可以是ARM(Advanced RISC Machines,先进RISC处理器芯片)芯片(比如ARMv8),也可以是Intel x86(英特尔x86)芯片等。这里只是对处理器的型号进行示例性地说明,不对该处理器型号进行具体地限定。
上述存储介质可以是任何电子、磁性、光学或其它物理存储装置,可以包含存储信息,如可执行指令、数据读写,等等。例如,处理器可读写存储介质可以是:易失存储器、非易失性存储器或者类似的存储介质。
下面参见图2并结合图1,对本说明书提供的安全任务处理方法进行详细地说明。
参见图2,图2是本说明书一示例性实施例示出的一种安全任务处理方法的流程图,该方法可应用在如图1所示的电子设备上,该安全任务处理方法可包括如下所示的步骤。
步骤202:目标处理器响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统。
其中,目标处理器是指电子设备的多个处理器中、用于处理安全任务的处理器。该目标处理器可以是预先指定的一个用于处理安全任务的处理器,也可以是最先监测到 安全任务处理请求的处理器。这里不对其进行具体地限定。
其中,安全任务是指安全性要求高的任务。比如,用户通过安全应用(比如支付类的APP等)完成账单或者订单支付相关的任务。用户通过安全应用进行用户信息认证的任务等。这里只是对安全任务进行示例性地说明,不对其进行具体地限定。
在本说明书实施例中,当安全应用(比如支付宝应用等)的驱动监测到用户触发安全应用上的安全任务时,安全应用的驱动可发起安全任务处理请求。
目标处理器可以响应该安全任务处理请求,获取该安全任务处理请求对应的安全任务。
在一种可选的获取方式中,该安全任务处理请求中携带了安全任务,目标处理器可以对该安全任务处理请求进行解析,获取该安全任务处理请求中携带的安全任务。
在另一种可选的获取方式中,该安全任务处理请求携带了安全任务的标识。当用户触发该安全任务后,该安全任务可以记录在缓存中。目标处理器可以对该安全任务处理请求进行解析,获取该安全任务处理请求携带的安全任务的标识,并基于该安全任务的标识在缓存中读取该安全任务。
此外,目标处理器还可将该目标处理器运行的操作系统由基础操作系统切换为安全操作系统。
在实现切换时,处理器可以调取存储介质中的切换模块中记录的切换逻辑,将该处理器的操作系统由基础操作系统切换为安全操作系统。
例如,当该目标处理器为ARMv8处理器时,该电子设备的存储介质中存储有Secure monitor(安全监控器)模块。目标处理器可以调用Secure monitor模块中的切换逻辑,将该目标处理器运行的操作系统由基础操作系统切换为安全操作系统。
这里只是对操作系统切换方式进行示例性地说明,不对其进行具体地限定。
步骤204:目标处理器在安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间。
下面通过步骤2041至步骤2043对步骤204进行详细地说明。
步骤2041:目标处理器在安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
在一种可选的实现方式中,目标处理器可检测获取到的该安全任务处理请求对应的安全任务是否为可拆分的安全任务。若该安全任务为可拆分的安全任务,目标处理器可将该安全任务拆分为多个可独立执行的安全子任务。若该安全任务为不可拆分的安全任务,则不对该安全任务进行拆分,仍由目标处理器来处理该安全任务。
下面介绍下“检测该安全任务是否为可拆分的安全任务”的实现方式。
方式一:该安全任务中携带了可拆分标识。
目标处理器可检测该可拆分标识的取值,若该可拆分标识的取值为第一预设值(比如1)时,可确定该安全任务为可拆分的安全任务。若该可拆分标识的取值为第二预设值(比如0)时,可确定该安全任务为不可拆分的安全任务。
方式二:目标处理器可依据预设的策略检测该安全任务是否为可拆分的安全任务。
比如目标处理器可依据安全任务的任务类型确定该安全任务是否为可拆分的安全任务。
当然,安全任务中可能包括多个可独立执行的子步骤,每个子步骤结束或者开始时配置有预设关键字。目标处理器还可基于该安全任务中是否携带有预设关键字的个数,来确定该安全任务是否是可拆分的安全任务。
例如,当目标处理器确定安全任务携带的预设关键字的个数大于1时,确定该安全任务是可拆分的安全任务。当该安全任务携带的预设关键字的个数等于1时,确定该安全任务是不可拆分的安全任务。
这里只是对“检测该安全任务是否为可拆分的安全任务”进行示例性地说明,不对该其进行具体地限定。
在对安全任务进行拆分时,目标处理器可以基于预设的拆分策略,将该安全任务拆分为多个可独立运行的安全子任务。
例如,安全任务中可能包括多个可独立执行的子步骤,每个子步骤结束或者开始时配置有预设关键字。
目标处理器可以基于安全任务中的预设关键字,将安全任务拆分为多个安全子任务。
这里只是对“将所述安全任务处理请求对应的安全任务拆分为多个安全子任务”进行示例性地说明,不对其进行具体地限定。
步骤2042:目标处理器将拆分出的多个安全子任务存储至共享存储空间中。
在本说明书实施例中,图1中的存储介质开辟了共享存储空间。该电子设备中的所有处理器可以向该共享存储空间中写入数据,也可从该共享存储空间中读取数据。
在一种可选的实现方式中,目标处理器可将拆分出的多个安全子任务直接存储至共享存储空间中。
在另一种可选的实现方式中,安全子任务需要按照顺序执行的。目标处理器可以按照安全子任务的执行顺序,将该多个安全子任务构造成安全子任务链表,并将该安全子任务链表储存在共享存储空间中。
例如,假设安全任务拆分出的安全子任务包括:安全子任务1、安全子任务2和安全子任务3。
安全子任务1、安全子任务2和安全子任务3需要顺序执行。比如,需要依赖处理安全子任务1的结果才能处理安全子任务2,需要依赖处理安全子任务2的结果才能处理安全子任务3。此时,安全子任务的执行顺序分别为:安全子任务1、安全子任务2、安全子任务3。
然后,目标处理器可按照该执行顺序,将安全子任务1、安全子任务2和安全子任务3构造成安全子任务链表,并将该安全子任务链表储存在共享存储空间。
步骤2043:目标处理器可以在安全操作系统的系统环境下,执行拆分出的安全子任务。
在一种可选的实现方式中,共享存储空间中存储了待处理的安全子任务。目标处理器可从该共享存储空间中读取该待处理的安全子任务。若目标处理器可以读取到待处理的安全子任务,则确定该安全任务未被执行完。此时,目标处理器可以在安全操作系统的系统环境下,执行该待处理的安全子任务。在目标处理器完安全子任务后,目标处理器可将该安全子任务从共享存储空间中删除。
若该目标处理器从该共享存储空间中读取不到待处理的安全子任务,则确定完成了该安全任务的处理。目标处理器可将本处理器运行的操作系统由安全操作系统切换为基础操作系统。
在另一种可选的实现方式中,共享存储单元储存了所有安全子任务。各安全子任务被标记为待处理的安全子任务或已处理的安全子任务。
目标处理器可以读取被标记为待处理的安全子任务,若目标处理器可以读取到待处理的安全子任务,则确定该安全任务未被执行完。此时,目标处理器可以在安全操作系统的系统环境下,执行该待处理的安全子任务。目标处理器在处理完该待处理的安全子任务后,可将该安全子任务标记为已处理的安全子任务。
若该目标处理器从该共享存储空间中读取不到待处理的安全子任务,则确定完成了该安全任务的处理。目标处理器可将本处理器运行的操作系统由安全操作系统切换为基础操作系统。
在标记安全任务是待处理的安全任务或者已处理的安全任务时,目标处理器可以为已处理的安全任务添加已处理标记,使得带有已处理标记的安全认为为已处理的安全任务,未带有已处理标记的安全任务为待处理的安全任务。
当然,目标处理器还可为共享存储空间中的每个安全子任务配置一个处理标识。当该处理标识取值为第一预设值(如0)时,表明该安全子任务为待处理的安全子任务。当该处理标识取值为第二预设值(如1)时,表明该安全子任务为已处理的安全子任务。
步骤206:所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
其中,预设条件可包括:处理器负载小于预设阈值;和/或,没有待处理的任务。满足预设条件的其他处理器包括:处理器负载小于预设阈值的处理器,和/或,没有待处理的任务的处理器。
设置这样的预设条件目的是使得较为空闲的处理器(比如有少量任务需要处理的处理器或者没有任务需要处理的处理器)可以协助目标处理器,共同完成安全任务的处理。由于由多个处理器共同完成该安全任务的处理,所以大大提高了安全任务的处理效率。
当然,在实际应用中,该预设条件可以依据实际情况进行设定,比如该预设条件还可以是除目标处理器外的所有其他处理器,或者是预先指定的任意几个其他处理器。这里只是对预设条件进行示例性地说明,不对其进行具体地限定。
其中,处理器负载可以由处理器的CPU占用率,内存占用率等负载参数进行表征。这里只是对处理器负载进行示例性地说明,不对其进行具体地限定。
下面通过步骤2061至步骤2062对步骤206进行详细地说明。
步骤2061:满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统。
在一种可选的实现方式中,当目标处理器将拆分出的多个安全子任务储存在共享存储空间后,目标处理器可向除目标处理器外的其他处理器发出安全子任务处理请求。
对于每一个其他处理器,该其他处理器在接收到该安全子任务处理请求后,可检查自身是否满足上述的预设条件。若该其他处理器满足上述预设条件,其他处理器可将该处理器运行的操作系统由基础操作系统切换为安全操作系统,并执行步骤2062。若该其他处理器不满足上述预设条件,则仍维持自身当前的运行的基础操作系统。
在另一种可选的实现方式中,其他处理器在检测到自身满足预设条件时,可检测本处理器是否满足进入休眠状态的条件。若该其他处理器检测到本处理器满足进入休眠状态的条件,则将本处理的运行的操作系统切换为安全操作系统,并执行步骤2062。若该其他处理器检测到本处理器不满足进入休眠状态的条件,则仍维持自身当前的运行的基础操作系统。
其中,检测本处理器是否满足进入休眠状态的条件,可采用现有的方式进行检测。比如检测本处理器的负载是否低于比上述预设阈值更低的预设阈值,或者检测到没有待处理的任务等。这里只是示例性地说明,不进行具体地限定。
步骤2062:其它处理器在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
在一种可选的实现方式中,共享存储空间中存储了待处理的安全子任务。其他处理器可从该共享存储空间中读取该待处理的安全子任务。若该其他处理器可以读取到待处理的安全子任务,则确定该安全任务未被执行完。此时,该其他处理器可以在安全操作系统的系统环境下,执行该待处理的安全子任务。在该其他处理器完安全子任务后,其他处理器可将该安全子任务从共享存储空间中删除。
若该其他处理器从该共享存储空间中读取不到待处理的安全子任务,则确定完成了该安全任务的处理。其他处理器可将本处理器运行的操作系统由安全操作系统切换为基础操作系统。
在另一种可选的方式中,共享存储单元储存了所有安全子任务。各安全子任务被标记为待处理的安全子任务或已处理的安全子任务。
其他处理器可以读取被标记为待处理的安全子任务,若其他处理器可以读取到待 处理的安全子任务,则确定该安全任务未被执行完。此时,其他处理器可以在安全操作系统的系统环境下,执行该待处理的安全子任务。其他处理器在处理完该待处理的安全子任务后,可将该安全子任务标记为已处理的安全子任务。
若该其他处理器从该共享存储空间中读取不到待处理的安全子任务,则确定完成了该安全任务的处理。其他处理器可将本处理器运行的操作系统由安全操作系统切换为基础操作系统。
在本说明书实施例中,在其他处理器将自身运行的操作系统由安全操作系统切换为基础操作系统后,可继续执行在切换前所要做的操作。
例如,在切换前,其他处理器检测到自身满足进入休眠状态的条件,则其他处理器将本处理器运行的操作系统由安全操作系统切换为基础操作系统后,可进入休眠状态。
由上述描述可以看出,目标处理器将安全任务进行拆分,并将拆分得到的安全子任务储存在共享存储空间中,使得该目标处理器以外的满足条件的其他处理器可以读取并执行该共享存储空间中的安全子任务。由于不再是由目标处理器单独处理安全任务,而是由多个处理器共同处理安全任务,所以可以大大提高安全任务的处理效率。
下面以目标处理器为处理器1,以满足条件的其他处理器为处理器2,并结合图3和图4,对上述安全任务的处理方法进行详细地说明。
参见图3,图3是本说明书一示例性实施例示出的一种安全任务的处理方法的流程图,该方法可应用在用于处理安全任务的处理器1上,可包括如下所示步骤。
步骤302:处理器1响应于监测到的安全任务处理请求,将处理器1运行的操作系统切换为安全操作系统。
步骤304:处理器1获取该安全任务处理请求对应的安全任务,并将该安全任务拆分为多个安全子任务。
步骤306:处理器1将安全子任务存储在共享存储空间中。
步骤308:处理器1从共享存储空间中读取安全子任务。
步骤310:处理器1检测是否读取到安全子任务;
步骤312:若处理器1读取到安全子任务,则在安全操作系统的系统环境下,执行读取到的安全子任务,并在执行完安全子任务后,从所述共享存储空间中删除该执行完的安全子任务,并返回步骤308。
步骤314:若处理器1未读取到安全子任务,则将处理器1的操作系统由安全操作系统切换为基础操作系统。
参见图4,图4是本说明书一示例性实施例示出的一种安全任务的处理方法的流程图,该方法可应用在用于处理安全任务的处理器2上,可包括如下所示步骤。
步骤402:处理器2在确定本处理器满足进入休眠状态的条件时,将处理器2运行的操作系统切换为安全操作系统。
步骤404:处理器2从共享存储空间中读取安全子任务。
步骤406:处理器2检测是否可以从共享存储空间读取到安全子任务。
步骤408:若处理器2从共享存储空间中读取到了安全子任务,则在安全操作系统的系统环境下,执行该安全子任务,并在执行完该安全子任务后,从共享存储空间中删除该执行完的安全子任务,并返回步骤404(即处理器2从共享存储空间中读取安全子任务)。
步骤410:若处理器2从共享存储空间中未读取到安全子任务,则处理器2将处理器2运行的操作系统由安全操作系统切换为基础操作系统,并进入休眠状态。
此外,本说明书还提供了一种电子设备,所述电子设备包括多个处理器;其中,所述多个处理器包括至少一用于处理安全任务的目标处理器;
所述目标处理器,用于响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统;在所述安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
所述目标处理器以外的满足预设条件的其它处理器,用于将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
可选的,所述目标处理器,还用于在将所述多个安全子任务存储至共享存储空间后,发出安全子任务处理请求;
所述满足条件的其他处理器,用于响应于所述安全子任务处理请求,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述满足条件的其他处理器,用于检测本处理器是满足进入休眠状态的 条件;若是,将该其他处理器运行的操作系统切换为安全操作系统。
可选的,所述预设条件包括:
处理器负载小于预设阈值;和/或,
没有待处理的任务。
可选的,所述目标处理器,用于将所述安全子任务按照执行顺序构造成安全子任务链表;将所述安全子任务链表储存在所述存储空间。
可选的,所述目标处理器,用于检测所述安全任务是否可被拆分;若是,则将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
可选的,所述目标处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将所述目标处理器运行的操作系统切换为基础操作系统。
可选的,所述满足条件的其他处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将本处理器运行的操作系统切换为基础操作系统,并进入休眠状态。
上述装置中各个模块的功能和作用的实现过程具体详见上述方法中对应步骤的实现过程,在此不再赘述。
对于装置实施例而言,由于其基本对应于方法实施例,所以相关之处参见方法实施例的部分说明即可。以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本说明书方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼 此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。

Claims (16)

  1. 一种安全任务处理方法,所述方法应用于电子设备,所述电子设备包括多个处理器;其中,所述多个处理器包括至少一个用于处理安全任务的目标处理器,所述方法包括:
    所述目标处理器响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统;
    所述目标处理器在所述安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
    所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
  2. 根据权利要求1所述的方法,所述方法还包括:
    所述目标处理器,在将所述多个安全子任务存储至共享存储空间后,发出安全子任务处理请求;
    所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,包括:
    所述满足条件的其他处理器响应于所述安全子任务处理请求,将该其他处理器运行的操作系统切换为安全操作系统。
  3. 根据权利要求1所述的方法,所述目标处理器以外的满足预设条件的其它处理器,将该其他处理器运行的操作系统切换为安全操作系统,包括:
    所述满足条件的其他处理器检测本处理器是满足进入休眠状态的条件;
    若是,将该其他处理器运行的操作系统切换为安全操作系统。
  4. 根据权利要求1至3中任一所述的方法,所述预设条件包括:
    处理器负载小于预设阈值;和/或,
    没有待处理的任务。
  5. 根据权利要求1所述的方法,将所述多个安全子任务存储至共享存储空间,包括:
    将所述安全子任务按照执行顺序构造成安全子任务链表;
    将所述安全子任务链表储存在所述存储空间。
  6. 根据权利要求1所述的方法,将所述安全任务处理请求对应的安全任务拆分为 多个安全子任务,包括:
    检测所述安全任务是否可被拆分;
    若是,则将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
  7. 根据权利要求1所述的方法,所述方法还包括:
    所述目标处理器在监测到所述存储空间中的所有安全子任务均执行完成后,将所述目标处理器运行的操作系统切换为基础操作系统。
  8. 根据权利要求3所述的方法,所述方法还包括:
    所述满足条件的其他处理器在监测到所述存储空间中的所有安全子任务均执行完成后,将本处理器运行的操作系统切换为基础操作系统,并进入休眠状态。
  9. 一种电子设备,所述电子设备包括多个处理器;其中,所述多个处理器包括至少一个用于处理安全任务的目标处理器;
    所述目标处理器,用于响应于监测到的安全任务处理请求,将该目标处理器运行的操作系统切换为安全操作系统;在所述安全操作系统的系统环境中,将所述安全任务处理请求对应的安全任务拆分为多个安全子任务,并在所述安全操作系统的系统环境中执行拆分出的安全子任务;以及将所述多个安全子任务存储至共享存储空间;
    所述目标处理器以外的满足预设条件的其它处理器,用于将该其他处理器运行的操作系统切换为安全操作系统,并在所述安全操作系统的系统环境中执行从所述共享存储空间中读取到的安全子任务。
  10. 根据权利要求9所述的设备,所述目标处理器,还用于在将所述多个安全子任务存储至共享存储空间后,发出安全子任务处理请求;
    所述满足条件的其他处理器,用于响应于所述安全子任务处理请求,将该其他处理器运行的操作系统切换为安全操作系统。
  11. 根据权利要求9所述的设备,所述满足条件的其他处理器,用于检测本处理器是满足进入休眠状态的条件;若是,将该其他处理器运行的操作系统切换为安全操作系统。
  12. 根据权利要求9所述的设备,所述预设条件包括:
    处理器负载小于预设阈值;和/或,
    没有待处理的任务。
  13. 根据权利要求9所述的设备,所述目标处理器,用于将所述安全子任务按照执行顺序构造成安全子任务链表;将所述安全子任务链表储存在所述存储空间。
  14. 根据权利要求9所述的设备,所述目标处理器,用于检测所述安全任务是否可 被拆分;若是,则将所述安全任务处理请求对应的安全任务拆分为多个安全子任务。
  15. 根据权利要求9所述的设备,所述目标处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将所述目标处理器运行的操作系统切换为基础操作系统。
  16. 根据权利要求11所述的设备,所述满足条件的其他处理器,还用于在监测到所述存储空间中的所有安全子任务均执行完成后,将本处理器运行的操作系统切换为基础操作系统,并进入休眠状态。
PCT/CN2020/113469 2019-12-03 2020-09-04 安全任务处理方法和电子设备 WO2021109654A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911220540.XA CN111159782B (zh) 2019-12-03 2019-12-03 安全任务处理方法和电子设备
CN201911220540.X 2019-12-03

Publications (1)

Publication Number Publication Date
WO2021109654A1 true WO2021109654A1 (zh) 2021-06-10

Family

ID=70556411

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/113469 WO2021109654A1 (zh) 2019-12-03 2020-09-04 安全任务处理方法和电子设备

Country Status (3)

Country Link
CN (1) CN111159782B (zh)
TW (1) TWI757741B (zh)
WO (1) WO2021109654A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159782B (zh) * 2019-12-03 2021-05-18 支付宝(杭州)信息技术有限公司 安全任务处理方法和电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101587449A (zh) * 2008-05-20 2009-11-25 北京飞天诚信科技有限公司 一种计算机外接设备负载分担的系统和方法
CN102546946A (zh) * 2012-01-05 2012-07-04 中国联合网络通信集团有限公司 移动终端处理任务的方法及装置
CN103514028A (zh) * 2012-06-14 2014-01-15 北京新媒传信科技有限公司 一种处理分布式事务的方法和装置
CN105095765A (zh) * 2014-05-14 2015-11-25 展讯通信(上海)有限公司 移动终端及其处理器系统、一种可信执行方法
CN111159782A (zh) * 2019-12-03 2020-05-15 支付宝(杭州)信息技术有限公司 安全任务处理方法和电子设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7586493B1 (en) * 2006-05-24 2009-09-08 Nvidia Corporation System and method for offloading application tasks in a multi-processor environment utilizing a driver
CN103714459A (zh) * 2013-12-26 2014-04-09 电子科技大学 一种智能终端安全支付系统及方法
CN104077533B (zh) * 2014-07-17 2017-09-15 北京握奇智能科技有限公司 一种操作敏感数据的方法和设备
CN108804377A (zh) * 2018-04-24 2018-11-13 桂林长海发展有限责任公司 一种总线任务处理方法及系统
CN108710535A (zh) * 2018-05-22 2018-10-26 中国科学技术大学 一种基于智能处理器的任务调度系统
TWI676148B (zh) * 2018-09-17 2019-11-01 中華電信股份有限公司 整合ict服務供裝與虛實資源監控之系統
CN110443695A (zh) * 2019-07-31 2019-11-12 中国工商银行股份有限公司 数据处理方法及其装置、电子设备和介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101587449A (zh) * 2008-05-20 2009-11-25 北京飞天诚信科技有限公司 一种计算机外接设备负载分担的系统和方法
CN102546946A (zh) * 2012-01-05 2012-07-04 中国联合网络通信集团有限公司 移动终端处理任务的方法及装置
CN103514028A (zh) * 2012-06-14 2014-01-15 北京新媒传信科技有限公司 一种处理分布式事务的方法和装置
CN105095765A (zh) * 2014-05-14 2015-11-25 展讯通信(上海)有限公司 移动终端及其处理器系统、一种可信执行方法
CN111159782A (zh) * 2019-12-03 2020-05-15 支付宝(杭州)信息技术有限公司 安全任务处理方法和电子设备

Also Published As

Publication number Publication date
TW202123002A (zh) 2021-06-16
CN111159782A (zh) 2020-05-15
CN111159782B (zh) 2021-05-18
TWI757741B (zh) 2022-03-11

Similar Documents

Publication Publication Date Title
CN108829350B (zh) 基于区块链的数据迁移方法和装置
US10311230B2 (en) Anomaly detection in distributed ledger systems
JP2018022529A5 (zh)
US9077728B1 (en) Systems and methods for managing access-control groups
CN111898139B (zh) 数据读写方法及装置、电子设备
TWI616762B (zh) 動態資料遮罩方法以及資料庫系統
US20150326531A1 (en) Mechanism for providing external access to a secured networked virtualization environment
US8108466B2 (en) Automated offloading of user-defined functions to a high performance computing system
JP6466476B2 (ja) マルチオペレーティングシステム装置に対するアクセス分離
CN106294440B (zh) 数据实时迁移的方法和装置
CN109660574B (zh) 数据提供方法及装置
TWI694700B (zh) 資料處理方法和裝置、用戶端
KR102646619B1 (ko) 컴포지트 메모리 장치를 포함하는 전자 장치에 파일 시스템을 제공하는 시스템 및 방법
TWI746511B (zh) 資料表連接方法及裝置
US9104859B1 (en) Systems and methods for scanning data stored on cloud computing platforms
JP2018532187A (ja) コンピューティングデバイスにおけるプロセスに対するソフトウェア攻撃の検出
CN108551764A (zh) 用于备份大型分布式横向扩展数据系统的系统和方法
WO2021109654A1 (zh) 安全任务处理方法和电子设备
TW202008762A (zh) 資料處理方法和裝置、客戶端、伺服器
US9092235B2 (en) Virtualizing integrated calls to provide access to resources in a virtual namespace
US9582340B2 (en) File lock
US10885453B2 (en) Calculation device, calculation method, and non-transitory computer-readable recording medium
US20150101042A1 (en) Tag based permission system and method for virtualized environments
CN102929770A (zh) 嵌入式linux系统用户态任务独占的监测定位方法
CN112596669A (zh) 一种基于分布式存储的数据处理方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20896396

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20896396

Country of ref document: EP

Kind code of ref document: A1