Detailed Description
Hereinafter, only certain exemplary embodiments are briefly described. As will be recognized by those skilled in the pertinent art, the described embodiments may be modified in numerous different ways without departing from the spirit or scope of the present application. Accordingly, the drawings and description are to be regarded as illustrative in nature, and not as restrictive.
In order to facilitate understanding of the technical solutions of the embodiments of the present application, the following describes related technologies of the embodiments of the present application. The following related technologies may be optionally combined with the technical solutions of the embodiments of the present application, which all belong to the protection scope of the embodiments of the present application.
Fig. 1 is a schematic diagram of an exemplary application scenario for implementing the method of the embodiment of the present application. The network access device may be an intelligent network card. Typically, one intelligent network card may communicate with multiple servers, such that each server may interact with the network via the intelligent network card. In FIG. 1, CN0 To CNn Can be used to represent n servers, n being a positive integer.
In fig. 1, a trusted platform module (TPM, trustedPlatformModule) chip or a trusted platform control module (TPCM, trustedPlatformControlModel) chip is embedded in the intelligent network card, so that the security of the intelligent network card is ensured. The TPM is an international standard for secure crypto processors, protecting hardware by integrating encryption keys into the device through a specialized microcontroller. The TPCM is used as a trusted source root implanted in autonomous controllable trusted nodes in China, and a trust root control function is added on the basis of the TPM, so that active control and measurement on the basis of passwords are realized. The TPCM chip may be started before a Central Processing Unit (CPU) and perform verification on a basic input/output system (BIOS, baseInputOutputSystem), so as to implement active control of the TPCM on the whole device, thereby changing the conventional thought that the TPM chip is used as a passive device, and the measurement process of the TPM chip or the TPCM chip may include running a related program of the TPM chip or the TPCM chip after the start, so as to complete measurement of the intelligent network card.
In a server, security chips are generally used to secure security. The security chip is used for all intents and purposes which are inaccessible outside the computer ecosystem, can protect the security of data and application programs, and is helpful for establishing trust of the whole software ecosystem. The security chip in the server may communicate with the BMC in the intelligent network card to inform each other of the trustworthiness. In the example shown in fig. 1, a TPM chip or TPCM chip needs to be deployed in the intelligent network card, while a security chip is deployed in each server to achieve security verification of the entire system. As such, there is a certain increase in cost.
In this regard, as shown in connection with fig. 2, the cost may be reduced by upgrading the authentication process of the entire system. Specifically, a TPM chip or a TPCM chip is embedded in the intelligent network card. The trust of the intelligent network card is realized through the measurement of the TPM chip or the TPCM chip. Thus, the intelligent network card can be used as a trusted root (ROT, rootOfTrust). The intelligent network card sends the self-trusted result to each server through a baseboard management controller (BMC, baseboardManagementController) of the intelligent network card. The server receives a result sent by the BMC of the intelligent network card through the BMC of the server, so that the server side can calculate the characteristic value to be measured of the server. And the calculated characteristic value to be measured of the server is sent to the BMC of the intelligent network card through the BMC of the server. And measuring the feature value to be measured of the server on the intelligent network card side. If the measured result is that the feature value to be measured is consistent with the pre-stored credible feature value, the authentication of the server can be indicated to pass.
Through the authentication process, the trusted intelligent network card is used as a trusted root, and information is transmitted through communication between the BMC of the intelligent network card and the BMC of the server, wherein the information comprises a verification result of the intelligent network card transmitted to the server, and a feature value to be detected transmitted to the intelligent network card by the server. And finally, measuring the characteristic value to be measured by the intelligent network card to finish authentication of the server. Thus, the authentication process can be implemented without deploying a security chip in the server. Because the whole system is generally composed of the intelligent network card and a plurality of servers, if a safety chip is not deployed in each server, the cost of the whole system can be reduced on the premise of ensuring safety.
An embodiment of the present application provides an authentication management method, as shown in fig. 3, which is a flowchart of an authentication management method according to an embodiment of the present application, where the method may be applied to a device that performs authentication, and the method may specifically include:
step S301: based on the trigger instruction, the specified component is measured.
The execution subject of the present embodiment may be a device that performs authentication. If referring to fig. 2, the intelligent network card may be used as a device for performing authentication, and the server may be used as a device to be authenticated. An intelligent network card can be connected with a plurality of servers at the same time to provide network services for the plurality of servers connected with the intelligent network card. In addition, if in other scenarios, the device performing authentication and the device to be authenticated may also be other electronic devices, and may specifically be determined based on the scenario.
Based on the trigger instruction, a specified component of the device performing authentication may be measured. The trigger instruction may be an instruction generated by detecting that the device executing authentication is powered on, may be an instruction generated once every a certain time interval, or may be an instruction generated after receiving information that the device to be authenticated performs component update. Taking a trigger instruction as an instruction generated by power-on as an example, responding to the trigger instruction, and starting the components in the equipment for executing authentication one by one according to a pre-configured starting flow. For example, as shown in connection with fig. 2, based on the trigger instruction, a programmable logic device (CPLD, complex ProgrammableLogicDevice) of the apparatus that performs authentication controls the component that performs the measurement to power up according to a pre-configured power-up timing.
The component performing the metrics may be a TPM chip or a TPCM chip. The measurement process may include running related programs of the TPM chip or the TPCM chip, and first taking the TPM chip or the TPCM chip as a trusted root, and measuring components or applications included in the device performing authentication step by step according to a start-up procedure. For example, the BIOS (BIOSFDASH in the corresponding graph) may be measured first, and then the system on Chip (SoC) may be measured if the measurement result is trusted, and then the BMC may be measured if the measurement result is trusted. And so on, thereby eventually completing the trust transfer process. All metric values are faithfully recorded in a platform configuration register (PCR, platformConfigurationRegisters) inside the TPM chip or TPCM chip. Correspondingly, the programmable logic device can be sequentially powered on based on the sequence of the metrics.
Step S302: and under the condition that the measurement result is credible, communicating with the equipment to be authenticated to receive the characteristic value to be tested of the equipment to be authenticated.
After all the verification is finished and the trusted measurement result is obtained, the whole equipment for executing the authentication can be used as a trusted root. Thus, the device performing authentication can communicate with the device to be authenticated. The purpose of the communication is to obtain the characteristic value to be tested of the equipment to be authenticated. Illustratively, the communication process may include: the device executing authentication sends the information that the measurement result of the device is credible to the device to be authenticated in a point-to-point communication mode or a broadcast communication mode. After receiving the notification, the device to be authenticated can calculate the characteristic value to be detected.
Taking the device to be authenticated as a server as an example, the server typically includes a plurality of components. Wherein one part of the components is a component for which the trustworthiness is pending and the other part of the components is a known trusted component. The known trusted component is a component that does not require a metric, while the component whose trust is pending is a component that requires a metric. Generally, the components such as BIOS and BMC are components with pending trust. The feature value to be measured may be a result of performing a hash operation on a feature value such as an identification of a component for which credibility is to be determined. By way of example, the algorithm of the hash operation may be a SHA-1 algorithm, a SHA256 algorithm, an SM3 algorithm, or the like. Finally, the device to be authenticated sends the result of the hash operation as a notification response to the device for performing authentication, and the communication between the device to be authenticated and the device for performing authentication is completed, so that the device for performing authentication receives the feature value to be tested of the device to be authenticated.
Step S303: and measuring the received characteristic value to be tested of the equipment to be authenticated.
The measurement of the received feature value to be measured of the device to be authenticated may be performed by comparing the feature value to be measured with the trusted feature value to achieve the measurement. The trusted characteristic value may be pre-stored or may be obtained from a trusted third party authority. If obtained from a third party authority, the trusted feature value may be asymmetrically encrypted data for improved security. For example, the third party authority may encrypt the trusted feature value using a public key, and after receiving the encrypted trusted feature value, the device performing authentication decrypts using a private key to obtain the data. Therefore, the received characteristic value to be tested of the equipment to be authenticated can be measured based on the trusted characteristic value, so that a measurement result is obtained.
The measurement results comprise trusted or untrusted, and based on different measurement results, corresponding coping modes can be adopted subsequently. For example, if the measurement result is trusted, the server may be notified of a normal start; otherwise, if the measurement result is not trusted, an alarm or further authentication processing is required.
Through the above process, the device to be authenticated does not need to measure locally, but sends the feature value to be measured to the device which has undergone local measurement and performs authentication, and the device which performs authentication measures the device to be authenticated. On the one hand, the requirements on security can be met through authentication, and on the other hand, a security chip is not required to be deployed in equipment to be authenticated, so that the cost can be reduced.
In one embodiment, the measuring the received feature value of the device to be authenticated in step S301 may include:
step S3011: acquiring a trusted characteristic value of equipment to be authenticated; the trusted characteristic value is pre-stored.
Before measurement, a pre-stored trusted characteristic value is needed to be obtained as a measurement reference. The trusted characteristic value may be stored in advance in the device performing authentication. The trusted characteristic value may be a characteristic value of the device to be authenticated in a trusted state. The trusted state may be a characteristic value calculated in the first operating state of the device to be authenticated; the characteristic value calculated in the state that the equipment to be authenticated is deployed into the machine room for the first time; the feature value calculated in the application state of the device to be authenticated is installed for the first time, that is, the trusted state may correspond to a state in which no attack occurs.
Step S3012: and comparing the characteristic value to be measured with the credible characteristic value to measure.
Taking the device to be authenticated as a server as an example, more common attack may include stealing private data stored on the server; hijacking the server such that at least one component in the server is not operational, etc. The attack on the server may be performed by actions such as maliciously implanting the infected component, installing an unauthorized component, replacing normal updates with counterfeit components that bypass any existing protection mechanisms during the automatic updating of the component, etc. Based on this, if the comparison result of the feature value to be measured and the trusted feature value is consistent, it may indicate that the measurement component on the server is not attacked, and the server is trusted. Otherwise, if the comparison result of the feature value to be detected and the trusted feature value is inconsistent, the server can be indicated to be attacked in a large probability, and the server is not trusted.
In one embodiment, the communicating with the device to be authenticated involved in step S302 to receive the feature value to be measured of the device to be authenticated may include:
step S3021: and controlling the first baseboard management controller to send a notification to the second baseboard management controller, wherein the first baseboard management controller is the baseboard management controller of the equipment for executing authentication, and the second baseboard management controller is the baseboard management controller of the equipment to be authenticated, and the notification is used for representing the credibility of the equipment for executing authentication.
After all the verification is finished and the trusted measurement result is obtained, the device which performs authentication can be represented as trusted. Thus, the device performing authentication can be regarded as a trusted root. Inside the device performing authentication, the device communicates with the BMC through the TPM chip or the TPCM chip to send the trusted measurement result to the BMC. Wherein, the BMC in the device performing authentication may be referred to as a first BMC (first baseboard management controller).
The first BMC can be used as a communication bridge between the device for executing authentication and the device to be authenticated, and the BMC for characterizing the credibility of the device for executing authentication is sent to the device to be authenticated. To distinguish from the first BMC in the device performing authentication, the BMC in the device to be authenticated may be referred to as a second BMC (second baseboard management controller). Illustratively, communication between the first BMC and the second BMC may be achieved through a serial connection, a USB connection, or the like.
Step S3022: and taking the characteristic value received by the first baseboard management controller as a characteristic value to be detected of the equipment to be authenticated, wherein the characteristic value to be detected is sent by the equipment to be authenticated in response to the notification.
In one scenario, a device to be authenticated may receive a trigger instruction at the same time as the device performing authentication. Based on the above, after the device to be authenticated is started based on the trigger instruction, the programmable logic device in the device to be authenticated can start the second BMC preferentially according to the pre-configured power-on sequence. After the second BMC receives the notification which is sent by the first BMC and used for representing that the equipment for executing authentication is credible, the notification can be used as a starting command, and a main control unit of the equipment to be authenticated is started to calculate the characteristic value of the part with credibility to be determined. The trusted component may be one or more. For example, the second BMC, BIOS, etc. may be the component for which trust is pending.
The feature value to be measured may be the result of a hash operation on a feature value such as a feature code or an identification of the component for which the reliability is to be determined. Finally, the device to be authenticated sends the result of the hash operation as a response of the notification to the device performing authentication. And the first BMC of the device executing authentication takes the received characteristic value sent by the second BMC as the characteristic value to be tested of the device to be authenticated.
In one embodiment, the process of sending a notification to the second baseboard management controller and receiving the characteristic value is performed by the first baseboard management controller in a trusted execution environment.
A rich execution environment (REE, richExecutionEnvironment) and a trusted execution environment (TEE, trustedExecutionEnvironment) may be included in the first BMC. The rich execution environment is an open environment, and is easy to attack by malicious software, such as that sensitive data is stolen, digital rights are abused, mobile payment is stolen, and the like. The trusted execution environment may include a general purpose security kernel, a trusted user interface (TUI, trustedUserInterface), and an operating system of the trusted execution environment, which is a stand-alone operating environment that runs outside of a general operating system. The trusted user interface may provide an interface with input or output secure interaction capabilities for the trusted application and the user within the trusted execution environment, whereby communication interaction of the first BMC with the second BMC may be achieved. The trusted execution environment may provide security services to and be isolated from the rich execution environment, i.e., the rich execution environment and applications thereon cannot directly access hardware and software resources of the trusted execution environment. The trusted application can be executed in the trusted execution environment, the trusted application provides a trusted execution environment for the rich execution environment, and the end-to-end security is ensured through confidentiality and integrity protection and data access authority control. Further, the trusted execution environment may run in parallel with the rich execution environment. The trusted execution environment may interact with the rich execution environment through a secure application programming interface (API, applicationProgrammingInterface).
Thus, when the first baseboard management controller is controlled to send the notification to the second baseboard management controller, the notification can be sent in the trusted execution environment of the first baseboard management controller, and the data security can be ensured.
In one embodiment, the method may further include:
and sending information passing authentication to the equipment to be authenticated under the condition that the measurement result of the feature value to be tested is credible.
The information that authentication is passed can be used to enable the device to be authenticated to be started up normally. For example, when the device performing authentication is an intelligent network card and the device to be authenticated is a server, the server can be powered on and started after the intelligent network card confirms that the server passes the trusted identity authentication, and the server accesses the network through the intelligent network card. For example, the server can establish a data transmission channel with a computing node providing service in the network through the intelligent network card, and perform data transmission based on the data transmission channel, so as to achieve the purpose of data interaction when the server accesses the network.
In one embodiment, the method may further include:
determining an untrusted reason under the condition that the measurement result of the feature value to be measured is untrusted; the reason for the unreliability includes the unreliability caused by the change of the components in the device to be authenticated or the unreliability caused by the unlawful authentication of the device to be authenticated.
If the to-be-detected characteristic value of the equipment to be authenticated is inconsistent with the trusted characteristic value, the measurement result of the to-be-detected characteristic value can be represented as unreliable. There may be various reasons for the unreliability, for example, the reasons for the unreliability may include the unreliability caused by the attack of the device to be authenticated, the unreliability caused by the change of the components in the device to be authenticated, the unreliability caused by the failure of the stored trusted characteristic value to update in time, and the like. Therefore, when the measurement result of the measured characteristic value is not credible, the early warning action can be started.
The early warning action may include sending a result that the measurement result is not trusted to the device to be authenticated, rejecting or cutting off communication with the device to be authenticated, and so on. Additionally, the pre-warning action may also include determining a reason for the device to be authenticated to measure untrusted. The reason for the unreliability may include the unreliability caused by the change of the components in the device to be authenticated, or the unreliability caused by the unlawful operation of the device to be authenticated. And the determination process of the untrustworthy reasons can be determined by analyzing and judging the log of the accessed equipment to be authenticated.
In one embodiment, determining the reason for the non-trustworthiness may include:
Determining a change record of the designated component of the device to be authenticated;
based on the change log, a cause of the unreliability is determined.
The designated component in the device to be authenticated may be a component for which trust is to be determined. The change record for a given component is typically recorded in a log of the device to be authenticated. The log of the device to be authenticated may be obtained through communication with the device to be authenticated. Under the condition that the log of the equipment to be authenticated is obtained, the log of the equipment to be authenticated can be analyzed so as to inquire the change record of the appointed component.
If the inquiry result indicates that the designated component is changed, the inquiry can be communicated with the equipment to be authenticated to confirm whether the change behavior is the active change of the server operator. For example, query information specifying a component change may be sent to the device to be authenticated, and upon receipt of an active change behavior characterizing the specified component change to a server operator, an untrusted cause may be determined as an untrusted cause of the component change in the device to be authenticated. Thus, the trusted characteristic value can be updated, so that the occurrence of false authentication is avoided in the next authentication.
Otherwise, if the response of the query information is that the specified component change is not the active change behavior of the server operator, or if the related information of the specified component change is not detected in the log of the device to be authenticated, it may be determined that the untrusted cause is the untrusted cause of the device to be authenticated being illegitimate.
An embodiment of the present application provides an authentication management method, as shown in fig. 4, which is a flowchart of an authentication management method according to an embodiment of the present application, where the method may be applied to a device to be authenticated, and the method may specifically include:
step S401: monitoring a notification sent by equipment for executing authentication based on the trigger instruction; the device used to characterize the performing of the authentication is informed as trusted.
The execution subject of the present embodiment may be a device to be authenticated. If referring to fig. 2, the intelligent network card may be used as a device for performing authentication, and the server may be used as a device to be authenticated. An intelligent network card can be connected with a plurality of servers at the same time to provide network services for the plurality of servers connected with the intelligent network card.
The trigger instruction may be an instruction generated by powering up the device to be authenticated, or may be an instruction generated by generating a trigger instruction at a certain interval, or may be an instruction generated by updating a component of the device to be authenticated. Taking the triggering instruction as an example, the instruction generated by powering up is taken as a trigger instruction, and responding to the triggering instruction can be that the programmable logic device is powered up first. Thereafter, the programmable logic device controls the power-up of the component that performs the monitoring according to the power-up timing sequence configured in advance to monitor the notification sent by the device that performs the authentication. The notification may be used to characterize the device performing the authentication as trusted, that is, the notification may be sent to the device to be authenticated only if the device performing the authentication is a trusted device.
Step S402: and under the condition of receiving the notification, sending the calculated characteristic value to be tested of the equipment to be authenticated to the equipment for executing authentication.
And under the condition that the monitoring component of the equipment to be authenticated receives the notification, the main control component can calculate the characteristic value to be detected of the equipment to be authenticated. Taking the device to be authenticated as a server as an example, it is common for the server to include a plurality of components. Wherein one part of the components is a component for which the trustworthiness is pending and the other part of the components is a known trusted component. The known trusted component is a component that does not require a metric, while the component whose trust is pending is a component that requires a metric. Generally, the components important for BIOS, BMC, etc. are all components with pending trust. The feature value to be measured may be a result of performing a hash operation on a feature value such as an identification of a component for which credibility is to be determined. By way of example, the algorithm of the hash operation may be a SHA-1 algorithm, a SHA256 algorithm, an SM3 algorithm, or the like. The device to be authenticated will send the result of the hash operation as a response to the notification to the device performing authentication. Finally, the equipment for executing authentication completes the authentication of the equipment to be authenticated through the measurement of the characteristic value to be tested.
Through the above process, the device to be authenticated does not need to measure locally, but sends the feature value to be measured to the device which has undergone local measurement and performs authentication, and the device which performs authentication measures the device to be authenticated. On one hand, the authentication requirement can be met, and on the other hand, a security chip is not required to be deployed in equipment to be authenticated, so that the cost can be reduced.
In one embodiment, the listening of the notification sent by the device performing authentication in step S401 and the listening and sending of the feature value to be measured in step S402 are performed by a baseboard management controller controlling the device to be authenticated in a trusted execution environment.
In the current embodiment, the device performing the listening may be a BMC. The programmable logic device of the device to be authenticated controls the power-on time sequence, the BMC is started first, and after the BMC operates normally, the BIOS (BIOSFESH in the corresponding diagram) is powered on to finish the starting of the operating system. In the current embodiment, after the BMC is started, monitoring may be performed in the trusted execution environment until a notification indicating that the device performing authentication is trusted, which is sent by the device performing authentication, is received. Referring to fig. 2, a Multiplexer (MUX) is connected between the CPU and the BIOS (corresponding to the BIOSFDSH in the figure), and the Multiplexer is used to make the CPU read only to the BIOS. Alternatively, the multiplexer may be used to make the CPU read only to the BIOS before the device to be authenticated is authenticated. In addition, the multiplexer can also be connected between the BMC and the BIOS to meet the access of the BMC to the BIOS in the trusted execution environment.
And after receiving the notification, sending the calculated characteristic value to be tested of the equipment to be authenticated to the equipment for executing authentication. The transmission process is also performed in a trusted execution environment. Therefore, the receiving and sending processes are in a trusted execution environment, and the received information and the sent information are ensured not to be tampered.
Corresponding to the application scene and the method of the method provided by the embodiment of the application, the embodiment of the application also provides an authentication management device. Fig. 5 is a block diagram of an authentication management apparatus according to an embodiment of the present application, where the authentication management apparatus may include:
a measurement module 501, configured to measure the specified component based on the trigger instruction;
the communication module 502 is configured to communicate with the device to be authenticated to receive a feature value to be tested of the device to be authenticated, where the result of the measurement is trusted;
the measurement module 501 is further configured to measure the received feature value to be measured.
In one embodiment, the metrology module 501 may include:
the trusted characteristic value acquisition sub-module is used for acquiring the trusted characteristic value of the equipment to be authenticated; the trusted characteristic value is pre-stored;
and the comparison sub-module is used for comparing the characteristic value to be measured with the credible characteristic value so as to measure.
In one embodiment, the communication module 502 may include:
a notification transmission control sub-module, configured to control a first baseboard management controller to transmit a notification to a second baseboard management controller, where the first baseboard management controller is a baseboard management controller of a device that performs authentication, and the second baseboard management controller is a baseboard management controller of a device to be authenticated, and notifies a device that performs authentication to be trusted;
and the to-be-detected characteristic value receiving sub-module is used for taking the characteristic value received by the first baseboard management controller as the to-be-detected characteristic value of the to-be-authenticated equipment, wherein the characteristic value is sent by the to-be-authenticated equipment in response to the notification.
In one embodiment, the process of sending a notification to the second baseboard management controller and receiving the characteristic value is performed by the first baseboard management controller in a trusted execution environment.
In one embodiment, the communication module 502 may also be configured to:
and sending information passing authentication to the equipment to be authenticated under the condition that the measurement result of the feature value to be tested is credible.
In one embodiment, the method may further include: the unreliable reason determining module is used for determining an unreliable reason under the condition that the measurement result of the feature value to be measured is unreliable; the reason for the unreliability includes the unreliability caused by the change of the components in the device to be authenticated or the unreliability caused by the unlawful authentication of the device to be authenticated.
In one embodiment, the untrusted cause determination module may include:
a change record determination submodule for determining a change record of the designated component in the device to be authenticated;
and the unreliable reason determining and executing sub-module is used for determining the unreliable reason according to the change record.
Corresponding to the application scene and the method of the method provided by the embodiment of the application, the embodiment of the application also provides an authentication management device. Fig. 6 is a block diagram of an authentication management apparatus according to an embodiment of the present application, which may include:
a monitoring control module 601, configured to monitor, based on a trigger instruction, a notification sent by a device that performs authentication; notifying that the device for characterizing performing the authentication is trusted;
and the to-be-detected characteristic value sending module 602 is configured to send the calculated to-be-detected characteristic value of the to-be-authenticated device to the device performing authentication when receiving the notification.
In one embodiment, the listening of the notification and the sending of the feature value to be tested are performed in a trusted execution environment by a baseboard management controller controlling the device to be authenticated.
The functions of each module in each device of the embodiment of the present application may be referred to the corresponding descriptions in the above methods, and have corresponding beneficial effects, which are not described herein.
Fig. 7 is a block diagram of an electronic device used to implement an embodiment of the application. As shown in fig. 7, the electronic device includes: a memory 710 and a processor 720, the memory 710 having stored thereon a computer program executable on the processor 720. The processor 720, when executing the computer program, implements the methods of the above-described embodiments. The number of memories 710 and processors 720 may be one or more.
The electronic device further includes:
and the communication interface 730 is used for communicating with external devices for data interactive transmission.
If memory 710, processor 720, and communication interface 730 are implemented independently, memory 710, processor 720, and communication interface 730 may be interconnected and communicate with each other via a bus. The bus may be an industry standard architecture (IndustryStandardArchitecture, ISA) bus, an external device interconnect (PeripheralComponent Interconnect, PCI) bus, or an extended industry standard architecture (ExtendedIndustryStandardArchitecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 7, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 710, the processor 720, and the communication interface 730 are integrated on a chip, the memory 710, the processor 720, and the communication interface 730 may communicate with each other through internal interfaces.
The embodiment of the application provides a computer readable storage medium storing a computer program which, when executed by a processor, implements the method provided in the embodiment of the application.
The embodiment of the application also provides a chip, which comprises a processor and is used for calling the instructions stored in the memory from the memory and running the instructions stored in the memory, so that the communication equipment provided with the chip executes the method provided by the embodiment of the application.
The embodiment of the application also provides a chip, which comprises: the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the processor is used for executing the method provided by the application embodiment.
It should be appreciated that the processor may be a central processing unit (CentralProcessingUnit, CPU), but may also be other general purpose processors, digital signal processors (DigitalSignalProcessor, DSP), application specific integrated circuits (ApplicationSpecificIntegratedCircuit, ASIC), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an advanced reduced instruction set machine (AdvancedRISCMachines, ARM) architecture.
Further alternatively, the memory may include a read-only memory and a random access memory. The memory may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may include Read-only memory (ROM), programmable Read-only memory (ProgrammableROM, PROM), erasable programmable Read-only memory (ErasablePROM, EPROM), electrically erasable programmable Read-only memory (ElectricallyEPROM, EEPROM), or flash memory, among others. Volatile memory can include random access memory (RandomAccessMemory, RAM), which acts as external cache. By way of example, and not limitation, many forms of RAM are available. For example, static Random Access Memory (SRAM), dynamic random access memory (DynamicRandomAccessMemory, DRAM), synchronous dynamic random access memory (SynchronousDRAM, SDRAM), double data rate synchronous dynamic random access memory (DoubleDataRateSDRAM, DDRSDRAM), enhanced synchronous dynamic random access memory (EnhancedSDRAM, ESDRAM), synchronous link dynamic random access memory (SynclinkDRAM, SLDRAM), and direct memory bus random access memory (DirectRambusRAM, DRRAM).
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. Computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
Any process or method described in flow charts or otherwise herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process. And the scope of the preferred embodiments of the present application includes additional implementations in which functions may be performed in a substantially simultaneous manner or in an opposite order from that shown or discussed, including in accordance with the functions that are involved.
Logic and/or steps described in the flowcharts or otherwise described herein, e.g., may be considered a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. All or part of the steps of the methods of the embodiments described above may be performed by a program that, when executed, comprises one or a combination of the steps of the method embodiments, instructs the associated hardware to perform the method.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules described above, if implemented in the form of software functional modules and sold or used as a stand-alone product, may also be stored in a computer-readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
The above description is merely an exemplary embodiment of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of various changes or substitutions within the technical scope of the present application, and these should be covered in the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.