This U.S. non-provisional patent application claims priority under 35 U.S.C. § 119 to Chinese Patent Application No. 202211141834.5 filed on Sep. 20, 2022, in the Chinese Intellectual Property Office, the disclosure of which is incorporated by reference in its entirety herein.
The present disclosure relates to the field of secure data, and more specifically relates to a method, a device, an electronic apparatus for securely passing data.
The ARM TrustZone technology divides a program execution environment into a Trusted Execution Environment (TEE) and a Rich Execution Environment (REE), and ensures that the Rich Execution Environment cannot access resources of the Trusted Execution Environment, thereby protecting code and data in the Trusted Execution Environment from malicious tampering and theft.
An application running in the REE may be referred to as a Client Application (CA), and an application running in the TEE may be referred to as a Trust Application (TA). The CA can pass data to the TA using shared memory. The TA may validate data stored in the shared memory before it uses the data to perform an operation. However, when the TA reads data from the shared memory, a malicious CA can also access the shared memory and tamper with its contents. During a double fetch attack, the malicious CA attacks at the interval between the TA validating the data and using the data to bypass the validation so that malicious data can be passed to the shared memory for use by the TA.
Thus, there is need for a mechanism that allows data to be passed securely while preventing the double fetch attack.
At least one embodiment of the present disclosure provides a method, a device and an electronic apparatus for securely passing data, which may protect against the Double Fetch attack.
According to an embodiment of the present disclosure, a method for passing data is provided. The method includes: in response to a client application (CA) calling a trusted application (TA) entry to pass data to a TA, a secure operating system allocates a cache area in trusted execution environment (TEE) to the data; the secure operating system copies the data from a pre-allocated shared memory to the cache area; and the secure operating system runs the TA entry so that the TA obtains the data from the cache area.
In an embodiment, a call parameter for the CA calling the TA entry includes an address of the data in the shared memory and a size of the data; the secure operating system running the TA entry includes: the secure operating system updating the address of the shared memory carried in the call parameter to an address of the cache area; and the secure operating system running the TA entry, wherein the call parameter for the TA entry includes the address of the data in the cache area and the size of the data, so that the TA obtains the data from the cache area.
In an embodiment, the secure operating system allocating the cache area in the trusted execution environment (TEE) to the data further includes: the secure operating system determining whether the size of the data exceeds a preset value; if the size of the data exceeds the preset value, returning an error to the CA; and if the size of the data does not exceed the preset value, allocating the cache area.
In an embodiment, the method further includes: determining whether the call parameter for the CA calling the TA entry includes indication information, where the indication information is used to indicate that the TA obtains the data from the shared memory; if the call parameter for the CA calling the TA entry includes the indication information, the secure operating system runs the TA entry so that the TA obtains the data from the shared memory; and if the call parameter for the CA calling the TA entry does not include the indication information, the secure operating system allocates the cache area to the data.
In an embodiment, the indication information is included in a parameter type ParamType of the call parameter, and the indication information is further used by the TA to perform an obfuscation attack check.
According to an embodiment of the present disclosure, a device for passing data is provided. The device comprising: a cache management unit, configured to: in response to a client application (CA) calling a trusted application (TA) entry to pass data to a TA, allocate a cache area in trusted execution environment (TEE) to the data and copy the data from a pre-allocated shared memory to the cache area, by a secure operating system; and a processing unit, configured to run the TA entry by the secure operating system so that the TA obtains the data from the cache area. In an embodiment, a call parameter for the CA calling the TA entry includes an address of the data in the shared memory and a size of the data; the processing unit is configured to run the TA entry by: updating the address of the shared memory carried in the call parameter to address of the cache area by the secure operating system; and running the TA entry using the secure operating system, wherein the call parameter for the TA entry includes the address of the data in the cache area and the size of the data, so that the TA obtains the data from the cache area.
In an embodiment, the cache management unit allocates the cache area in the trusted execution environment (TEE) to the data by: determining whether the size of the data exceeds a preset value, using the secure operating system; if the size of the data exceeds the preset value, returning an error to the CA; and if the size of the data does not exceed the preset value, allocating the cache area.
In an embodiment, the processing unit is further configured to: determine whether the call parameter for the CA calling the TA entry includes indication information, where the indication information is used to indicate that the TA obtains the data from the shared memory; if the call parameter for the CA calling the TA entry carries the indication information, running the TA entry by the secure operating system so that the TA obtains the data from the shared memory; and if the call parameter for the CA calling the TA entry does not include the indication information, allocating the cache area to the data by the secure operating system.
In an embodiment, the indication information is included in a parameter type ParamType of the call parameter, and the indication information is further used by the TA to perform an obfuscation attack check.
According to an embodiment of the present disclosure, a electronic apparatus is provided, the electronic apparatus including: at least one processor; and at least one storage storing computer-executable instructions, wherein, the computer-executable instructions, when executed by the at least one processor, cause the at least one processor to perform the method for passing data as described above.
According to an embodiment of the present disclosure, a computer-readable storage medium storing instructions is provided, wherein, the instructions, when executed by at least one processor, cause the at least one processor to perform the method for passing data as described above.
According to an embodiment of the present disclosure, an electronic apparatus is provided including a memory and a processor. The memory stores a first OS and the processor is configured to execute the first OS. The first OS is configured to receive a type from a second OS indicating whether to operate in a shadow buffer mode. The first OS is configured to copy data stored in a shared memory by a first application and shared between the first application and a second application to a shadow buffer, change an address used by the second application and referencing the data in the shared memory to reference the copied data in the shadow buffer, when the type indicates to operate in the shadow buffer mode.
In an embodiment, the first OS is a secure OS and the second OS is rich OS. In an embodiment, the first application is a client application (CA) and the second application is a trusted application (TA). In an embodiment, the second application reads the data from the shadow buffer when the type indicates to operate in the shadow buffer mode using the changed address, in response to receiving a call from the first application to pass the data to the second application. In an application, the second application reads the data from the shared memory when the type does not indicate to operate in the shadow buffer mode, in response to receiving a call from the first application to pass the data to the second application. In an embodiment, the call includes an address of the data in the shared memory and a size of the data. In an embodiment, the first OS performs a logical AND operation on the type to determine whether to operate in the shadow buffer mode. In an embodiment, the type includes a first parameter not supported by the global platform (GP) specification when a result of the logical AND operation determines to operate in the shadow buffer mode. In an embodiment, the type further includes a second parameter supported by the GP. In an embodiment, the shadow buffer is located inside the first OS and the shared memory is located outside the first OS.
In an embodiment, the secure operating system, allocates a cache area (i.e., a shadow), and before entering the TA, copies the data, which is to be passed by the CA to the TA, from the shared memory to the cache area. As a result, when the TA accesses the shared memory, it actually accesses its corresponding cache area. In this way, the data checked by the TA and the data finally obtained (Double Fetch) are all from the data copied to the cache area, and the data in the cache area is located in the TEE, which is a trusted environment, and a problem of being attacked due to the data double fetched by the TA from the shared memory being inconsistent will not occur. Thus, even if the attacker tampers with the data in the shared memory in the REE, the TA can identify the tampered data during the checking phase, making the TA safe from attacks.
In an embodiment the present disclosure, the work of copying the data in the shared memory to the TEE area in advance is handed over to the secure operating system instead of each TA, to let the secure operating system build a barrier to protect various TAs running on the upper level, which can effectively avoid the Double Fetch vulnerability in TA from being attacked.
In addition, an embodiment of the present disclosure is compatible with a zero-copy shared memory mechanism while providing a secure shared memory mechanism for realizing a data pass through the cache area (i.e., a shadow cache or buffer), and has both increased security and performance. In an embodiment, the secure shared memory mechanism is adopted for all CAs and TAs (that is, allocating the cache area in the TEE to cache the data from the shared memory), and when the zero-copy shared memory mechanism needs to be used, additional settings may be be made to applications (for example, the ParamType can be marked with a ZEROCOPY mask). Therefore, the technical solution proposed in the present disclosure can be easily and quickly applied to real products, and is especially friendly to applications that conform to the GP specification. That is to say, for regular TA services, secure protection can be obtained without modifying any code; for large data volume services that require high performance (that is, services that need to transmit a large amount of data and are sensitive to processing delays, such as decrypting digital media streams in DRM services), it is only necessary to mark the shared memory type in the corresponding CA and TA with a special mark (that is, add the ZEROCOPY mask), to make them follow the zero-copy method, that is, directly map to TA. In this service scenario, the data transmitted to the TA is usually only used for calculation, and the value of the data will not affect the TA's process, and it will not pose a threat even if the data is tampered with. Although an attacker may deliberately set this special mark in an attempt to bypass the above cache area (i.e., shadow cache), at least one of the above methods proposed can ensure that such an attack will not succeed.
In addition, at least one embodiment provided herein does not introduce new secure threats. Even if an attacker attempts to frequently call the TA entry to let the secure operating system allocate a large amount of cache area (i.e., a shadow cache or buffer) to exhaust the memory space of the secure operating system, given that the GP specification (see TEE Internal Core API Specification Version 1.1.2.50 chapter 2.1.3 for details) stipulates that a entry of a TA must be completed before the next one can be executed, therefore, when entering a TA entry, the previously allocated shadow cache has been released, and there is no problem of resource exhaustion. At the same time, the secure operating system may check a size of data of the shared memory included in the called TA entry. If the size of the data exceeds a preset value, the secure operating system may return an error to a CA to avoid possible attacks.
The above and other objects and features of the present disclosure will become apparent by describing in detail embodiments thereof with reference to the accompanying drawings.
Below, embodiments of the present disclosure will be described in detail and clearly to such an extent that one skilled in the art may implement these embodiments. In the following description, specific details such as detailed components and structures are merely provided to assist the overall understanding of embodiments of the present disclosure. Therefore, it should be apparent to those skilled in the art that various changes and modifications of the embodiments described herein may be made without departing from the scope and spirit of the disclosure. The terms described in the specification are terms defined in consideration of the functions in the present disclosure and are not limited to a specific function.
Components that are described in the detailed description with reference to the terms “circuit”, “block”, etc. may be implemented with software, hardware, or a combination thereof. For example, the software may be a machine code, firmware, an embedded code, and application software. For example, the hardware may include an electrical circuit, an electronic circuit, a processor, a computer, integrated circuit cores, a pressure sensor, an inertial sensor, a micro electro mechanical system (MEMS), a passive element, or a combination thereof.
It should be noted that the terms “first” and “second” and so on in the specification and claims of the present disclosure and the above drawings are used to distinguish similar objects, and not necessarily used to describe a specific order or sequence. It should be understood that data used in this way may be interchanged under appropriate circumstances so that the embodiments of the present disclosure described herein may be implemented in an order other than those illustrated or described herein. The implementations described in the following embodiments do not represent all implementations consistent with the present disclosure. On the contrary, they are merely examples of devices and methods consistent with some aspects of the present disclosure as detailed in the appended claims.
It should be noted here that “at least one of several items” appearing in the present disclosure may mean three parallel cases: “any one of the several items”, “a combination of any multiple of the several items”, and “the entirety of the several items”. For example, “including at least one of A and B”, that is, includes the following three parallel cases: (1) including A; (2) including B; and (3) including A and B. For another example, “executing at least one of Step 1 and Step 2”, that is, indicates the following three parallel cases: (1) executing Step 1; (2) executing Step 2; and (3) executing Step 1 and Step 2.
Although use of the shared memory 102 avoids copying of data between the CA 101 and the TA 103, it also introduces security risks. Specifically, because of the shared nature of the shared memory 102, when the TA 103 accesses the shared memory 102, a malicious CA can tamper with the shared memory 102 at the same time (for example, through multi-thread concurrency of multi-core processors). In addition, if the tampering occurs between the process of the TA 103 checking data and the process of the TA 103 using the data, the process of the TA 103 checking data can be bypassed, and then malicious data may be passed into the TA 103 controlling an operation of the TA 103 operation and even controlling the entire TEE. This tampering may be referred to as a double fetch attack or a time-of-check to time-of-use (TOCTOU) attack.
Some services pass data of a large volume to the TA 103 via shared memory 102 and demand zero-copy for high performance such as during digital rights management (DRM) content decryption. Applying the shadow buffer 110 to this kind of service brings overhead due the data copy performed. To address this issue, an embodiment of the disclosure uses a shared memory type for the developer of the TA 103 to mark so it can be determined whether zero-copy is needed. A zero-copy scheme is chosen when the shared memory type is marked and otherwise the shadow buffer scheme is chosen.
The shadow buffer 110 may be a secure memory temporally allocated in the secure OS 105. The shadow buffer 110 backs up data from the shared memory 102 associated with the TEE and/or REE). Without knowledge of the TA 103, an access by the TA 103 to the shared memory 102 is re-directed to the shadow buffer 110 in certain cases.
The shadow buffer manager 115 may be in control of all operations of the shadow buffer 110 such as allocating, freeing, copying and mapping (i.e., to map a physical address to a user space of the TA 103).
The TA Param Update unit 117 may replace an address of the shared memory 102 in the parameter Param with a user address of the shadow buffer 110. For example, a TA Param Update unit 117 may change an address stored in a parameter stored in the TA 103 that is used by the TA 103 to access the shared memory 102. The TA 103 is not aware of this change and makes an access using the changed address in the parameter. Therefore, even though the TA 1.03 may assume it is accessing the shared memory 102 when it, uses the address in the parameter, the TA 103 is actually accessing the shadow buffer 110 since the address has been changed by the TA Param Update unit 117 to instead reference the shadow buffer 110. Therefore, the TA 103 is stealthily redirected to the shadow buffer 110 without having to modify executable code of the TA 103.
The switcher 120 judges the shared memory type (e.g., ParamType) and makes a choice between the shadow buffer scheme and the zero-copy scheme. The Rich OS 104 may provide the shared memory type to the switcher 120. For example, if the ParamType includes a type label such as SHM_ZEROCOPY or a flag indicating the zero-copy scheme, the switcher 120 can conclude that a zero-copy scheme is needed. For example, if the ParamType does not include the type label or has a flag indicating the shadow buffer scheme, the switcher 120 can conclude that the shadow buffer scheme is needed. The type label may be combined in the ParamType with other existing types supported by the GP specification such as SHM_INPUT via a bitmap OR operation. For example, a shared memory with the existing type SHM_INPUT (i.e., TEEC_MEMREF_PARTUAL_INPUT in GP specification) can be marked as zero-copy by setting its type as follows: ParamType=SHM_INPUT|SHM_ZEROCOPY. For the entries of the TA 103 which have no demand for zero-copy, the new type can just be omitted and the existing code (e.g., SHM_INPUT) can be retained unchanged. The switcher 120 may judge whether the ParamType has the SHM_ZEROCOPY mask or not, via a bitmap AND operation. If the switcher 120 determines the ParamType has the SHM_ZEROCOPY mask, the switcher 120 takes the program to the original process which maps the shared memory 102 to the TA 103 directly for zero-copy. Otherwise, the switcher 120 activates the shadow buffer scheme.
Referring to
In an exemplary embodiment of the present disclosure, before the CA 101 passes the data to the TA 103, the CA 101 allocates a memory area for the TA 103 in the REE as the shared memory 102, so as to pass the data to the TA 103. When the CA 101 calls the TA entry, the CA 101 passes the data, which it wants to pass to the TA 103, into this shared memory 102. As an example, the secure OS 105 may determine whether a call parameter for the CA 101 calling the TA entry of the TA 103 carries or includes indication information, which is used to indicate that the TA 103 obtains the data from the shared memory 102. If the call parameter for the CA 101 calling the TA entry carries or includes the indication information, the secure operating system runs the TA entry according to the indication information, so that the TA 103 obtains the data from the shared memory 102 directly. If the call parameter for the CA 101 calling the TA entry does not carry the indication information, the secure OS 105 allocates the cache area in the trusted execution environment (TEE) to the data as in step S210, so that TA 103 can use the cache area to obtain the data.
Specifically, the call parameter for the CA 101 calling the TA entry may include an address of the data in the shared memory 102 and a size of the data. Besides, the call parameter may further include a parameter type, that is to say, the CA 101 stores a physical address paddr of the data in the shared memory 102 and the size of the data in the parameter Param, configures the parameter type ParamType, and then calls the TA entry by using the parameter Param and the parameter type ParamType. That is to say, the call parameter may include the parameter Param and the parameter type ParamType. The parameter type ParamType may be a series of parameters defined by the globalplatform (GP) specification for the CA 101 to call the TA 103, and exemplarily includes Input, Output, Reference, Value, etc. In addition, an embodiment of the present disclosure uses a new shared memory type. The new shared memory type adds indication information in the ParamType, and the indication information can be superimposed and combined with the memory shared types defined in the GP specification to perform a confusion attack check, and can also be used to indicate that TA 103 desires to obtain data from the shared memory 102.
For example, if the shared memory 102 needs to be used to pass data to the TA 103 directly, the CA 101 can mark the indication information for the ParamType by a bitwise OR operation according to the following equation (1), which can be referred to as a ZEROCOPY mask. That is to say, the above indication information may be included in the parameter type ParamType of the call parameter:
ParamType=INPUT_SHM|ZEROCOPY (1)
wherein, INPUT_SHM corresponds to TEEC_MEMREF_PARTIAL_INPUT in the GP specification.
In addition, if the cache area allocated by the secure OS 105 needs to be used to pass the data to the TA 103, the CA 101 can assign a value to the ParamType according to the following equation (2):
ParamType=INPUT_SHM (2)
At this time, the ParamType does not include the above indication information. That is, before the step S210, the method for passing data may further include: determining whether the call parameter for the CA 101 calling the TA entry includes the above-mentioned indication information used to indicate that the TA 103 obtains the data from the shared memory 102. Specifically, the secure OS 105 can determine whether the call parameter includes the above-mentioned indication information according to the parameter type ParamType (that is, whether the parameter type ParamType carries or includes the above-mentioned indication information). That is, the secure OS 105 can determine whether the ParamType contains the ZEROCOPY mask by performing the bitwise AND operation on the parameter type ParamType and the ZEROCOPY, that is, determine whether the above-mentioned indication information is carried or included. In detail, if ParamType & ZEROCOPY is equal to ZEROCOPY, it means that the ParamType contains the ZEROCOPY mask, that is, it carries the above-mentioned indication information; otherwise, it means that the ParamType does not contain the ZEROCOPY mask, that is, it does not carry the above-mentioned indication information.
If the call parameter of the CA 101 calling the TA entry does not carry the above-mentioned indication information, the secure OS 105 may allocate the cache area in the TEE as described in the step S210.
Thereafter, in step S220, the secure OS 105 copies the data from a pre-allocated shared memory 102 to the cache area, and in step S230, the secure OS 105 runs the TA entry so that the TA 103 obtains the data from the cache area. Steps S210 to S230 will be described in detail below with reference to an embodiment shown in
In step 1 of
For the step S210, the secure OS 105 allocating the cache area in the TEE to the data may comprise: the secure OS 105 determining whether the size of the data exceeds a preset value; returning an error to the CA 101 if the size of the data exceeds the preset value; and allocating the cache area if the size of the data does not exceed the preset value.
Specifically, as shown in
After the cache area is allocated, the secure OS 105 copies the data from the shared memory 102 to the cache area. In an embodiment of this process, it is first necessary to map the address of the shared memory 102 to a first virtual address space of the secure OS 105, and then copy the data from the shared memory 102 to the cache area.
Specifically, since the address of the data in the shared memory 102 obtained by the secure OS 105 from the CA 101 is the physical address paddr, and the secure OS 105 runs in the virtual address space, in order to read the data from the shared memory, the secure OS 105 needs to map the physical address of the shared memory into this virtual address space, and thus, in step 4 of
After copying the data from the shared memory 102 to the cache area, the secure OS 105 will run the TA entry. Specifically, the secure OS 105 running the TA entry may comprise: the secure OS 105 updating the address of the shared memory 102 carried in the call parameter to an address of the cache area; and the secure OS 105 running the TA entry, wherein the call parameter for the TA entry carries the address of the data in the cache area and the size of the data, so that the TA 103 obtains the data from the cache area.
Specifically, although the TA 103 runs in the trusted execution environment where the secure OS 105 is located, the TA 103 uses a different virtual address space from that used by the secure OS 105. Therefore, it may be necessary to map the memory spaces used by both of them. As shown in
The method for passing data further includes: when the execution of the TA entry ends, releasing the mapping from the cache area to the second virtual address space, and releasing the cache area, by the secure OS 105.
Specifically, as shown in
In the above process, an embodiment of the present disclosure, through the secure OS 105, allocates the cache area (i.e., the shadow buffer 110), and before entering the TA 103, copies the data, which is to be passed by the CA 101 to the TA 103, from the shared memory 102 to the cache area. As a result, when the TA 103 accesses the shared memory 102, it actually accesses its corresponding cache area, and at this time, the attacker tampered with the data in the shared memory 102 in the REE, but the data checked by the TA 103 and the data finally obtained (Double Fetch) are all from the data copied to the cache area, and the data in the cache area is located in the TEE, which is a trusted environment, and the problem of being attacked due to the data double fetched by the TA 103 from the shared memory 102 is inconsistent will not occur. Thus, even if the attacker tampers with the data in the shared memory 102 in the REE, the TA 103 can identify the tampered data during the checking phase, making the TA 103 safe from attacks. In an embodiment of the present disclosure, the work of copying the data in the shared memory 102 to the TEE area in advance is handed over to the secure OS 105 instead of the TA 103, to let the secure OS 105 build a barrier to protect various TAs running on the upper level, which can effectively avoid the Double Fetch vulnerability in the TA 103 from being attacked.
In addition, an embodiment of the present disclosure is compatible with the existing zero-copy shared memory mechanism while providing the above secure shared memory mechanism, and has both increased security and performance. This is described in detail below.
That is to say, before the step S210, if it is determined that the call parameter for the CA 101 calling the TA entry carries the above-mentioned indication information for indicating that the TA 103 obtains the data from the shared memory 102, the secure OS 105 runs the TA entry so that the TA 103 obtains the data from the shared memory 102. This is described in detail below with reference to
Step 1, step 2 and step 4 in
After that, in step 7, the parameter type ParamType is checked by the TA 103, that is, on the basis of the original ParamType check, the check of the ZEROCOPY mask is added, that is, the confusion attack check is performed. If the check fails, the TA 103 terminates the process and returns to the CA 101, thereby preventing obfuscation attacks. If the check is successful, in step 8, the TA 103 obtains the data from the shared memory 102 according to the virtual address of the data in the second virtual address space. Then in step 9, the operation of the TA entry ends and returns to the secure OS 105, and in step 10 returns to the CA 101.
The above solution proposed in the present disclosure can be used for special marking of the shared memory 102 for services that need to transmit a large amount of data to the TA 103 and are sensitive to the TA's processing delays (such as decrypting digital media streams in DRM services), to make them follow the zero-copy method, that is, directly map to TA 103. In this service scenario, the data transmitted to the TA 103 is usually only used for calculation, and the value of the data will not affect the TA's process, and it will not pose a threat even if the data is tampered with. Although an attacker may deliberately set this special mark in an attempt to bypass the above cache area (i.e., shadow buffer 110), the above method proposed in the present disclosure can ensure that such an attack will not succeed.
Referring to
Call parameter for the CA 101 calling the TA entry carries an address of the data in the shared memory 102 and a size of the data. The processing unit 520 may be configured to run the TA entry by: updating the address of the shared memory 102 carried in the call parameter to address of the cache area by the secure OS 105; and running the TA entry by the secure OS 105, wherein the call parameter for the TA entry carries the address of the data in the cache area and the size of the data, so that the TA 103 obtains the data from the cache area.
The cache management unit 510 may allocate the cache area in the TEE to the data by: determining whether the size of the data exceeds a preset value, by the secure OS 105; returning an error to the CA 101 if the size of the data exceeds the preset value; and allocating the cache area if the size of the data does not exceed the preset value.
The processing unit 520 is further configured to: determine whether the call parameter for the CA 101 calling the TA entry carries indication information, where the indication information is used to indicate that the TA 103 obtains the data from the shared memory 102; if the call parameter for the CA 101 calling the TA entry carries the indication information, running the TA entry by the secure OS 105 so that the TA 103 obtains the data from the shared memory 102; and if the call parameter for the CA 101 calling the TA entry does not carry the indication information, allocating the cache area to the data by the secure OS 105.
The indication information is carried in a parameter type ParamType of the call parameter, and the indication information may be further used by the TA 103 to perform an obfuscation attack check.
Since the method for passing data shown in
Referring to
The processor 620 may include one or more processors. At this time, the one or more processors may be general-purpose processors, such as central processing units (CPUs), application processors (APs), etc., processors only used for graphics, such as graphics processing units (GPUs), vision processors (VPU) and/or AI-specific processors.
As an example, the electronic apparatus may be a PC computer, a tablet device, a personal digital assistant, a smart phone, or other devices capable of executing the above set of instructions. Here, the electronic apparatus does not have to be a single electronic apparatus and may also be any device or a collection of circuits that may execute the above instructions (or instruction sets) individually or jointly. The electronic apparatus may also be a part of an integrated control system or a system manager, or may be configured as a portable electronic apparatus interconnected by an interface with a local or remote (e.g., via wireless transmission).
In the electronic apparatus, the processor may include a central processing unit (CPU), a graphics processing unit (GPU), a programmable logic device, a dedicated processor system, a microcontroller, or a microprocessor. As an example, the processor may also include an analog processor, a digital processor, a microprocessor, a multi-core processor, a processor array, a network processor, and the like.
The processor 620 may execute instructions or codes stored in the memory, where the memory may also store data. Instructions and data may also be transmitted and received through a network via a network interface device, wherein the network interface device may use any known transmission protocol.
The memory may be integrated with the processor as a whole, for example, RAM or a flash memory is arranged in an integrated circuit microprocessor or the like. In addition, the memory may include an independent device, such as an external disk drive, a storage array, or other storage device that may be used by any database system. The memory and the processor may be operatively coupled, or may communicate with each other, for example, through an I/O port, a network connection, or the like, so that the processor may read files stored in the memory.
In addition, the electronic apparatus may also include a video display (such as a liquid crystal display) and a user interaction interface (such as a keyboard, a mouse, a touch input device, etc.). All components of the electronic apparatus may be connected to each other via a bus and/or a network.
According to an embodiment of the present disclosure, there may also be provided a computer-readable storage medium storing instructions, wherein the instructions, when executed by at least one processor, cause the at least one processor to execute the method for passing data according to the exemplary embodiment of the present disclosure. Examples of the computer-readable storage medium here include: Read Only Memory (ROM), Random Access Programmable Read Only Memory (PROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Random Access Memory (RAM), Dynamic Random Access Memory (DRAM), Static Random Access Memory (SRAM), flash memory, non-volatile memory, CD-ROM, CD-R, CD+R, CD-RW, CD+RW, DVD-ROM, DVD-R, DVD+R, DVD-RW, DVD+RW, DVD-RAM, BD-ROM, BD-R, BD-R LTH, BD-RE, Blu-ray or optical disc storage, Hard Disk Drive (HDD), Solid State Drive (SSD), card storage (such as multimedia card, secure digital (SD) card or extremely fast digital (XD) card), magnetic tape, floppy disk, magneto-optical data storage device, optical data storage device, hard disk, solid state disk and any other devices which are configured to store computer programs and any associated data, data files, and data structures in a non-transitory manner, and provide the computer programs and any associated data, data files, and data structures to the processor or the computer, so that the processor or the computer may execute the computer programs. The instructions and the computer programs in the above computer-readable storage mediums may run in an environment deployed in computer equipment such as a client, a host, an agent device, a server, etc. In addition, in one example, the computer programs and any associated data, data files and data structures are distributed on networked computer systems, so that computer programs and any associated data, data files, and data structures are stored, accessed, and executed in a distributed manner through one or more processors or computers.
While the present disclosure has been described with reference to embodiments thereof, it will be apparent to those of ordinary skill in the art that various changes and modifications may be made thereto without departing from the spirit and scope of the present disclosure as set forth in the following claims.
Number | Date | Country | Kind |
---|---|---|---|
202211141834.5 | Sep 2022 | CN | national |