阅读说明：本技术 一种检测内核数据完整性的终端和方法 (Terminal and method for detecting integrity of kernel data ) 是由 王旭光 王永清 荆楠楠 于 2020-04-15 设计创作，主要内容包括：本发明公开了一种检测内核数据完整性的终端和方法,用以解决现有技术中存在的无法保证内核数据检测的安全性的问题。本发明的终端确定满足触发条件后,向运行在可信空间的KIMM-TA发送度量完整性请求,KIMM-TA接收到KIMM发送的完整性度量请求后,对内存中的内核镜像进行哈希运算,得到哈希值,然后将哈希运算得到的哈希值与第一基准值进行比对,根据比对结果确定内核数据的完整性,其中,第一基准值为终端的系统首次启动时KIMM-TA对内存中的内核镜像进行哈希运算得到的。由于在可信空间进行内核数据的完整性检测,可信空间是移动设备主处理器上的一个安全的区域,从而能够提高检测内核数据完整的安全性。(The invention discloses a terminal and a method for detecting the integrity of kernel data, which are used for solving the problem that the safety of kernel data detection cannot be ensured in the prior art. The method comprises the steps that after a terminal determines that a trigger condition is met, a measurement integrity request is sent to a KIMM-TA running in a trusted space, after the KIMM-TA receives the integrity measurement request sent by the KIMM, Hash operation is carried out on a kernel image in a memory to obtain a Hash value, then the Hash value obtained by the Hash operation is compared with a first reference value, and the integrity of kernel data is determined according to a comparison result, wherein the first reference value is obtained by Hash operation of the KIMM-TA on the kernel image in the memory when a system of the terminal is started for the first time. As the integrity detection of the kernel data is carried out in the trusted space, the trusted space is a safe area on the main processor of the mobile equipment, thereby improving the security of detecting the integrity of the kernel data.)

1. A terminal for detecting integrity of kernel data, the terminal being applied to a trusted space and comprising a memory and a processor:

the memory is used for storing data or program codes used when the terminal equipment runs;

the processor is configured to execute the program code to implement the following processes:

after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space, carrying out hash operation on a kernel image in a memory to obtain a hash value;

and comparing the hash value obtained by operation with a first reference value, and determining the integrity of the kernel data according to the comparison result, wherein the first reference value is obtained by performing hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

2. The terminal of claim 1, wherein after the hash value obtained by the hash operation is used as the first reference value and before the hash value obtained by the hash operation is compared with the first reference value, the processor is further configured to:

if the KIMM mark is contained in the integrity measurement request, comparing a Hash value obtained by carrying out Hash operation on a KIMM image in the memory with a second reference value, and determining that the data of the KIMM is complete according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client identifier, comparing a hash value obtained by carrying out hash operation on the KIMM-Client image in the memory with a third reference value, and determining the data integrity of the KIMM-Client according to a comparison result, wherein the third reference value is obtained by carrying out hash operation on the KIMM-Client image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

3. The terminal of claim 2, wherein after comparing the hash value obtained by hashing the KIMM image in the memory with the second reference value, the processor is further configured to:

if the data of the KIMM is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client; or

And if the data of the KIMM-TA is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client.

4. The terminal of claim 1, wherein the processor is further configured to:

and periodically receiving a measurement integrity request which is sent by the KIMM and contains the KIMM identification.

5. A terminal for detecting the integrity of kernel data, the terminal being applied to a kernel space and comprising a memory and a processor:

the memory is used for storing data or program codes used when the terminal equipment runs;

the processor is configured to execute the program code to implement the following processes:

determining that a trigger condition is met;

sending a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so as to enable the KIMM-TA to determine the integrity of kernel data.

6. The terminal of claim 5, wherein if the trigger condition is to start a system of the terminal, the processor is specifically configured to:

and sending a measurement integrity request carrying the KIMM identification to the KIMM-TA.

7. The terminal of claim 5, wherein the processor is further configured to:

and periodically sending a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the processor according to the corresponding relation between the occupancy rate of the processor and the period.

8. The terminal of claim 5, wherein if the triggering condition is that the KIMM receives a processing metric request sent by a KIMM-Client, the processor is specifically configured to:

and sending a measurement integrity request carrying the KIMM-Client identifier to the KIMM-TA.

9. A method for detecting the integrity of kernel data is characterized in that the method is applied to a terminal and comprises the following steps:

after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space, a kernel integrity measurement trusted application KIMM-TA running in a trusted space performs hash operation on a kernel image in a memory to obtain a hash value;

and the KIMM-TA compares the hash value obtained by operation with a first reference value, and determines the integrity of the kernel data according to the comparison result, wherein the first reference value is obtained by carrying out hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

10. The method of claim 9, wherein the KIMM-TA further comprises, after taking the hashed value as the first reference value and before comparing the hashed value with the first reference value:

if the integrity measurement request contains a KIMM identifier, the KIMM-TA compares a Hash value obtained by carrying out Hash operation on the KIMM image in the memory with a second reference value, and determines the integrity of the data of the KIMM according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client identifier, the KIMM-TA compares a hash value obtained by carrying out hash operation on the KIMM-Client image in the memory with a third reference value, and determines the data integrity of the KIMM-Client according to the comparison result, wherein the third reference value is obtained by carrying out hash operation on the KIMM-Client image in the memory when the system of the terminal is started for the first time.

11. The method of claim 9, wherein after comparing the hash value obtained by hashing the KIMM image in the memory with the second reference value, the KIMM-TA further comprises:

the KIMM-TA determines that the data of the KIMM is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client; or

And the KIMM-TA determines that the data of the KIMM-TA is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client.

12. The method of claim 9, further comprising:

the KIMM-TA period receives a measurement integrity request which is sent by the KIMM and contains a KIMM identification.

13. A method for detecting the integrity of kernel data is characterized in that the method is applied to a terminal and comprises the following steps:

a kernel integrity measurement module KIMM running in a kernel space determines that a triggering condition is met;

the KIMM sends a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so that the KIMM-TA determines the integrity of kernel data.

14. The method of claim 13, wherein the KIMM sends a metric integrity request carrying the KIMM identity to the KIMM-TA if the triggering condition is to start a system of the terminal.

15. The method of claim 14, further comprising:

and the KIMM period sends a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the KIMM according to the corresponding relation between the occupancy rate of the processor of the terminal and the period.

16. The method of claim 13, wherein if the triggering condition is that the KIMM receives a processing metric request sent by a KIMM-Client, the KIMM sends a metric integrity request carrying a KIMM-Client identity to the KIMM-TA.

Technical Field

The invention relates to the technical field of computers, in particular to a terminal and a method for detecting the integrity of kernel data.

Background

The kernel data integrity detection is to detect whether the kernel image loaded into the memory is maliciously tampered, and if the kernel image loaded into the memory is maliciously tampered, the running result is changed.

Currently, when detecting the integrity of kernel data, periodic detection is performed by a kernel measurement module operating in a kernel space.

However, since the kernel space is vulnerable, the security of kernel data detection cannot be guaranteed.

Disclosure of Invention

The invention provides a terminal and a method for detecting the integrity of kernel data, which are used for solving the problem that the safety of kernel data detection cannot be ensured in the prior art.

In a first aspect, an embodiment of the present invention provides a terminal for detecting integrity of kernel data, which is applied to a trusted space, and the terminal includes a memory and a processor:

the memory is used for storing data or program codes used when the terminal equipment runs;

the processor is configured to execute the program code to implement the following processes:

after receiving a measurement integrity request sent by a KIMM (Kernel integrity measure Module) running in a Kernel space, performing hash operation on a Kernel image in a memory to obtain a hash value;

and comparing the hash value obtained by operation with a first reference value, and determining the integrity of Kernel data according to the comparison result, wherein the first reference value is obtained by performing hash operation on a Kernel image in a memory by a KIMM-TA (Kernel integrity measure-Trusted Application) when a system of the terminal is started for the first time.

The terminal receives a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space in a trusted space, performs Hash operation on a kernel image in the kernel to obtain a Hash value, compares the Hash value obtained by operation with a first reference value, and determines the integrity of kernel data according to a comparison result, wherein the first reference value is obtained by performing Hash operation on the kernel image in a memory by the KIMM-TA when a system of the terminal is started for the first time. As the integrity detection of the kernel data is carried out in the trusted space, the trusted space is a safe area on the main processor of the mobile equipment, thereby improving the security of detecting the integrity of the kernel data.

In a possible implementation manner, after the hash value obtained by the hash operation is used as the first reference value, and before the hash value obtained by the hash operation is compared with the first reference value, the processor is further configured to:

if the KIMM mark is contained in the integrity measurement request, comparing a Hash value obtained by carrying out Hash operation on a KIMM image in the memory with a second reference value, and determining that the data of the KIMM is complete according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client (Kernel integrity measure Client) identifier, comparing a hash value obtained by performing hash operation on a KIMM-Client image in a memory with a third reference value, and determining that the data of the KIMM-Client is complete according to a comparison result, wherein the third reference value is obtained by performing hash operation on the KIMM-Client image in the memory when the system of the terminal is started for the first time.

Before the integrity of the kernel data is determined, the terminal determines the integrity of the KIMM data or determines the integrity of the KIMM-Client data, so that the safety of detecting the integrity of the kernel data can be further improved.

In a possible implementation manner, after comparing the hash value obtained by performing the hash operation on the KIMM image in the memory with the second reference value, the processor is further configured to:

if the data of the KIMM is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client; or

And if the data of the KIMM-TA is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client.

And the terminal sends a message for stopping the started system to the KIMM-Client when determining that the data of the KIMM is incomplete or the data of the KIMM-TA is incomplete, so that the risk of tampering the kernel is reduced.

In one possible implementation, the processor is further configured to:

and periodically receiving a measurement integrity request which is sent by the KIMM and contains the KIMM identification.

The terminal periodically receives a measurement integrity request containing a KIMM identifier sent by the KIMM and periodically detects the integrity of the kernel data, so that the risk of the kernel being tampered is further reduced.

In a second aspect, an embodiment of the present invention provides a terminal for detecting integrity of kernel data, which is applied to a kernel space, and the terminal includes a memory and a processor:

the memory is used for storing data or program codes used when the terminal equipment runs;

the processor is configured to execute the program code to implement the following processes:

determining that a trigger condition is met;

sending a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so as to enable the KIMM-TA to determine the integrity of kernel data.

After the kernel space is determined to meet the triggering condition, the terminal sends a measurement integrity request to a kernel integrity measurement application KIMM-TA running in a trusted space, so that the KIMM-TA determines the integrity of kernel data. As the integrity detection of the kernel data is carried out in the trusted space, the trusted space is a safe area on the main processor of the mobile equipment, thereby improving the security of detecting the integrity of the kernel data.

In a possible implementation manner, if the trigger condition is to start a system of the terminal, the processor is specifically configured to:

and sending a measurement integrity request carrying the KIMM identification to the KIMM-TA.

The terminal sends a measurement integrity request carrying the KIMM identifier to the KIMM-TA so that the KIMM-TA can determine that the data for detecting the KIMM is complete according to the KIMM identifier and then detect the integrity of the kernel data, and therefore the safety for detecting the integrity of the kernel data can be further improved.

In one possible implementation, the processor is further configured to:

and periodically sending a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the processor according to the corresponding relation between the occupancy rate of the processor and the period.

The terminal determines the period of sending the measurement integrity request, so that the measurement integrity request is periodically sent to the KIMM-TA, the KIMM-TA periodically detects the integrity of the kernel data, and the risk of tampering the kernel is further reduced.

In a possible implementation manner, if the trigger condition is that the KIMM receives a processing metric request sent by a KIMM-Client, the processor is specifically configured to:

and sending a measurement integrity request carrying the KIMM-Client identifier to the KIMM-TA.

The terminal sends a measurement integrity request carrying the KIMM-Client identifier to the KIMM-TA so that the KIMM-TA determines that the data for detecting the KIMM-Client is complete according to the KIMM-Client identifier and then detects the integrity of the kernel data, thereby further improving the security for detecting the completeness of the kernel data.

In a third aspect, an embodiment of the present invention provides a method for detecting integrity of kernel data, where the method is applied in a terminal, and the method includes:

after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space, a kernel integrity measurement trusted application KIMM-TA running in a trusted space performs hash operation on a kernel image in a memory to obtain a hash value;

and the KIMM-TA compares the hash value obtained by operation with a first reference value, and determines the integrity of the kernel data according to the comparison result, wherein the first reference value is obtained by carrying out hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

In a possible implementation manner, after the KIMM-TA takes the hash value obtained by the hash operation as the first reference value, before comparing the hash value obtained by the hash operation with the first reference value, the method further includes:

if the integrity measurement request contains a KIMM identifier, the KIMM-TA compares a Hash value obtained by carrying out Hash operation on the KIMM image in the memory with a second reference value, and determines the integrity of the data of the KIMM according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client identifier, the KIMM-TA compares a hash value obtained by carrying out hash operation on the KIMM-Client image in the memory with a third reference value, and determines the data integrity of the KIMM-Client according to the comparison result, wherein the third reference value is obtained by carrying out hash operation on the KIMM-Client image in the memory when the system of the terminal is started for the first time.

In a possible implementation manner, after the comparing, by the KIMM-TA, the hash value obtained by performing the hash operation on the KIMM image in the memory with the second reference value, the method further includes:

the KIMM-TA determines that the data of the KIMM is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client; or

And the KIMM-TA determines that the data of the KIMM-TA is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client.

In one possible implementation, the method further includes:

the KIMM-TA period receives a measurement integrity request which is sent by the KIMM and contains a KIMM identification.

In a fourth aspect, an embodiment of the present invention provides a method for detecting integrity of kernel data, where the method is applied in a terminal, and the method includes:

a kernel integrity measurement module KIMM running in a kernel space determines that a triggering condition is met;

the KIMM sends a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so that the KIMM-TA determines the integrity of kernel data.

In a possible implementation manner, if the trigger condition is to start a system of the terminal, the KIMM sends a measurement integrity request carrying the KIMM identity to the KIMM-TA.

In one possible implementation, the method further includes:

and the KIMM period sends a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the KIMM according to the corresponding relation between the occupancy rate of the processor of the terminal and the period.

In a possible implementation manner, if the triggering condition is that the KIMM receives a processing metric request sent by a KIMM-Client, the KIMM sends a metric integrity request carrying the KIMM-Client identifier to the KIMM-TA.

In a fifth aspect, the present application further provides a computer storage medium having a computer program stored thereon, where the computer program when executed by a processing unit implements the steps of detecting the integrity of a kernel according to any one of the third to fourth aspects.

In addition, for technical effects brought by any one implementation manner of the third aspect to the fourth aspect, reference may be made to technical effects brought by different implementation manners of the first aspect, and details are not described here.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic structural diagram of a terminal for detecting integrity of kernel data according to an embodiment of the present invention;

fig. 2 is a block diagram of a software structure of a terminal for detecting integrity of kernel data according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of an end user interface for checking kernel data integrity according to an embodiment of the present invention;

FIG. 4 is a schematic structural diagram of a system for checking integrity of kernel data according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a display interface of the terminal displaying the restart system;

fig. 6 is a flowchart illustrating a method for determining a kernel integrity measurement reference value according to an embodiment of the present invention;

FIG. 7 is a flowchart illustrating a complete method for checking kernel data integrity according to an embodiment of the present invention;

fig. 8 is a schematic flowchart of a method for determining, by a KIMM module, that an integrity measurement request carrying a KIMM-Client identifier is sent to a KIMM-TA according to an embodiment of the present invention;

fig. 9 is a flowchart illustrating a method for detecting integrity of kernel data according to an embodiment of the present invention;

fig. 10 is a flowchart illustrating another method for detecting integrity of kernel data according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

In the embodiment of the invention, "determine B according to a" does not mean that B is determined only according to a, but may also be determined according to a and other information. "A includes B" does not mean that A includes only B, and A may also include other information, such as C, D, etc.

Some of the words that appear in the text are explained below:

1. the term TEE, trusted execution environment, also referred to as trusted space, in embodiments of the present invention, is a secure area on the mobile device host processor that ensures the security, confidentiality, and integrity of code and data loaded into the environment. The TEE is an isolated secure execution environment, providing security features including: isolated execution, integrity of trusted applications, confidentiality of trusted data, secure storage, and the like.

2. In the embodiment of the invention, the term RPMB, Replay Protected Memory Block is a partition with security characteristics in the eMMC. When data is written into the RPMB, the legality of the data can be checked, and only the specified Host can write the data; meanwhile, when data is read, a signature mechanism is provided, so that internal data in the RPMB is guaranteed when the data is read by the Host, and the data is not forged by an attacker.

It should be noted that the embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of terminal devices and methods consistent with certain aspects of the invention, as detailed in the appended claims.

The application scenario described in the embodiment of the present invention is for more clearly illustrating the technical solution of the embodiment of the present invention, and does not form a limitation on the technical solution provided in the embodiment of the present invention, and it can be known by a person skilled in the art that with the occurrence of a new application scenario, the technical solution provided in the embodiment of the present invention is also applicable to similar technical problems. Wherein, in the description of the present invention, unless otherwise indicated, "a plurality" means.

Fig. 1 shows a schematic structural diagram of a terminal 100.

The following describes an embodiment specifically by taking the terminal 100 as an example. It should be understood that the terminal 100 shown in fig. 1 is merely an example, and that the terminal 100 may have more or fewer components as shown in fig. 1, may combine two or more components, or may have a different configuration of components. The various components shown in fig. 1 may be implemented in hardware, software, or a combination of hardware and software, including one or more signal processing and/or application specific integrated circuits.

A block diagram of a hardware configuration of the terminal 100 according to an exemplary embodiment is exemplarily shown in fig. 1. As shown in fig. 1, the terminal 100 includes: the Wireless Fidelity (Wi-Fi) module 150, the Global Positioning System (GPS) module 160, the processor 170, the bluetooth module 151, the Radio Frequency (RF) circuit 180, the camera 190, and the power supply 210.

The memory 110 may be used for data or program codes used in the operation of the terminal 100. The processor 170 performs various functions of the terminal 100 and data processing by executing data or program codes stored in the memory 110. The memory 110 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The memory 110 stores an operating system that enables the terminal 100 to operate. The memory 110 may store an operating system and various application programs, and may also store codes for performing the methods described in the embodiments of the present application.

The display unit 120 may be used to receive input numeric or character information and generate signal input related to user settings and function control of the terminal 100, and particularly, the display unit 120 may include a touch screen 121 disposed on the front surface of the terminal 100 and may collect touch operations of a user thereon or nearby, such as clicking a button, dragging a scroll box, and the like.

The display unit 120 may also be used to display a Graphical User Interface (GUI) of information input by or provided to the user and various menus of the terminal 100. Specifically, the display unit 120 may include a display screen 122 disposed on the front surface of the terminal 100. The display screen 122 may be configured in the form of a liquid crystal display, a light emitting diode, or the like. The display unit 120 may be used to display various graphical user interfaces described herein.

The touch screen 121 may cover the display screen 122, or the touch screen 121 and the display screen 122 may be integrated to implement the input and output functions of the terminal 100, and the integrated touch screen may be referred to as a touch display screen for short. The display unit 120 in the present application may display the application programs and the corresponding operation steps.

The terminal 100 may further include at least one sensor 130, such as a temperature sensor 131, a humidity sensor 132, a wind speed sensor 133. The terminal 100 may also be configured with other sensors such as a gyroscope, barometer, infrared sensor, light sensor, motion sensor, and the like.

The audio circuitry 140, speaker 141, and microphone 142 may provide an audio interface between a user and the terminal 100. The audio circuit 140 may transmit the electrical signal converted from the received audio data to the speaker 141, and convert the electrical signal into a sound signal by the speaker 141 and output the sound signal. The terminal 100 may also be provided with a volume button for adjusting the volume of the sound signal. On the other hand, the microphone 142 converts the collected sound signals into electrical signals, which are received by the audio circuit 140 and converted into audio data, which may be output to the memory 110 for further processing. In the present application, the microphone 142 may capture the voice of the user.

Wi-Fi belongs to a short-distance wireless transmission technology, and the terminal 100 can help a user to send and receive e-mails, browse webpages, access streaming media, and the like through the Wi-Fi module 150, and provides wireless broadband internet access for the user.

The GPS module 160 may acquire geographical location information of the terminal 100.

The processor 170 is a control center of the terminal 100, connects various parts of the entire apparatus using various interfaces and lines, and performs various functions of the terminal 100 and processes data by running or executing software programs stored in the memory 110 and calling data stored in the memory 110. In some embodiments, processor 170 may include one or more processing units; the processor 170 may also integrate an application processor, which mainly handles operating systems, user interfaces, applications, etc., and a baseband processor, which mainly handles wireless communications. It will be appreciated that the baseband processor described above may not be integrated into the processor 170. In the present application, the processor 170 may run an operating system, an application program, a user interface display, a touch response, and the processing method described in the embodiments of the present application. Further, the processor 170 is coupled to the display unit 120.

In the embodiment of the present application, in the trusted space, the processor 170 is configured to perform hash operation on a kernel image in the memory to obtain a hash value after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM operating in the kernel space;

and comparing the hash value obtained by operation with a first reference value, and determining the integrity of the kernel data according to the comparison result, wherein the first reference value is obtained by performing hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

After the hash value obtained by the hash operation is used as the first reference value, and before the hash value obtained by the hash operation is compared with the first reference value, the processor 170 is further configured to:

if the KIMM mark is contained in the integrity measurement request, comparing a Hash value obtained by carrying out Hash operation on a KIMM image in the memory with a second reference value, and determining that the data of the KIMM is complete according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client identifier, comparing a hash value obtained by carrying out hash operation on the KIMM-Client image in the memory with a third reference value, and determining the data integrity of the KIMM-Client according to a comparison result, wherein the third reference value is obtained by carrying out hash operation on the KIMM-Client image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

After comparing the hash value obtained by performing the hash operation on the KIMM image in the memory with the second reference value, the processor 170 is further configured to:

if the data of the KIMM is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client; or

And if the data of the KIMM-TA is determined to be incomplete according to the comparison result, sending a message for stopping the started system to the KIMM-Client.

The processor 170 is further configured to:

and periodically receiving a measurement integrity request which is sent by the KIMM and contains the KIMM identification.

In the embodiment of the present application, in kernel space, the processor 170 is configured to determine that a trigger condition is satisfied;

sending a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so as to enable the KIMM-TA to determine the integrity of kernel data.

If the trigger condition is to start the system of the terminal, the processor 170 is specifically configured to:

and sending a measurement integrity request carrying the KIMM identification to the KIMM-TA.

The processor 170 is further configured to:

and periodically sending a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the processor according to the corresponding relation between the occupancy rate of the processor and the period.

If the triggering condition is that the KIMM receives a processing metric request sent by the KIMM-Client, the processor 170 is specifically configured to:

and sending a measurement integrity request carrying the KIMM-Client identifier to the KIMM-TA.

And the bluetooth module 151 is configured to perform information interaction with other bluetooth devices having a bluetooth module through a bluetooth protocol. For example, the terminal 100 may establish a bluetooth connection with a wearable electronic device (e.g., a smart watch) having a bluetooth module via the bluetooth module 151, so as to perform data interaction.

The RF circuit 180 may be used for receiving and transmitting signals during information transmission and reception or during a call, and may receive downlink data of a base station and then send the downlink data to the processor 170 for processing; the uplink data may be transmitted to the base station. Typically, the RF circuitry includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like.

Camera 190 may be used to capture still images or video. The object generates an optical image through the lens and projects the optical image to the photosensitive element. The photosensitive element may be a Charge Coupled Device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The light sensing elements convert the light signals into electrical signals which are then passed to the processor 170 for conversion into digital image signals.

The terminal 100 also includes a power supply 180 (e.g., a battery) to power the various components. The power supply 180 may be logically connected to the processor 170 through a power management system to manage charging, discharging, and power consumption functions through the power management system. The terminal 100 may also be configured with power buttons for powering on and off the terminal device, and locking the screen.

Fig. 2 is a block diagram of a software configuration of the terminal 100 according to the embodiment of the present invention.

The layered architecture divides the software into several layers, each layer having a clear role and division of labor. The layers communicate with each other through a software interface. In some embodiments, the Android system is divided into four layers, an application layer, an application framework layer, an Android runtime (Android runtime) and system library, and a kernel layer from top to bottom.

The application layer may include a series of application packages.

As shown in fig. 2, the application package may include applications such as camera, gallery, calendar, phone call, map, navigation, WLAN, bluetooth, music, video, short message, etc.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application program of the application layer. The application framework layer includes a number of predefined functions.

As shown in FIG. 2, the application framework layers may include a window manager, content provider, view system, phone manager, resource manager, notification manager, and the like.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like.

The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The view system includes visual controls such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide the communication function of the terminal device 100. Such as management of call status (including on, off, etc.).

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, text information is prompted in the status bar, a prompt tone is given, the communication terminal vibrates, and an indicator light flashes.

The Android Runtime comprises a core library and a virtual machine. The Android runtime is responsible for scheduling and managing an Android system.

The core library comprises two parts: one part is a function which needs to be called by java language, and the other part is a core library of android.

The application layer and the application framework layer run in a virtual machine. And executing java files of the application program layer and the application program framework layer into a binary file by the virtual machine. The virtual machine is used for performing the functions of object life cycle management, stack management, thread management, safety and exception management, garbage collection and the like.

The system library may include a plurality of functional modules. For example: surface managers (surface managers), Media Libraries (Media Libraries), three-dimensional graphics processing Libraries (e.g., OpenGL ES), 2D graphics engines (e.g., SGL), and the like.

The surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, and the like.

The three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The 2D graphics engine is a drawing engine for 2D drawing.

The kernel layer is a layer between hardware and software. The inner core layer at least comprises a display driver, a camera driver, an audio driver and a sensor driver.

The following describes exemplary workflow of the terminal 100 software and hardware in connection with capturing a photo scene.

When the touch screen 121 receives a touch operation, a corresponding hardware interrupt is issued to the kernel layer. The kernel layer processes the touch operation into an original input event (including touch coordinates, a time stamp of the touch operation, and other information). The raw input events are stored at the kernel layer. And the application program framework layer acquires the original input event from the kernel layer and identifies the control corresponding to the input event. Taking the touch operation as a touch click operation, and taking a control corresponding to the click operation as a control of a camera application icon as an example, the camera application calls an interface of an application framework layer, starts the camera application, further starts a camera drive by calling a kernel layer, and captures a still image or a video through the camera 190.

The terminal 100 in this embodiment may be a mobile phone, a tablet computer, a wearable device, a notebook computer, a television, and a device having an operating environment such as a kernel space, a user space, and a TEE space.

Fig. 3 is a schematic diagram for illustrating a user interface on a terminal (e.g., the communication terminal 100 of fig. 1). In some implementations, a user can open a corresponding application by touching an application icon on the user interface, or can open a corresponding folder by touching a folder icon on the user interface and then touching an icon in the folder to open the corresponding application.

In the embodiment of the invention, when a user opens a third-party application program, the KIMM-Client running in the user space detects that the started program is an application program with potential threat; then, the KIMM-Client sends a kernel integrity measurement request to the KIMM running in the kernel space in an ioctl mode, so that the KIMM sends a request for detecting the integrity of kernel data to the KIMM-TA running in the trusted space, and the KIMM-TA detects the integrity of the kernel data.

Specifically, when the KIMM-TA detects the integrity of the kernel data, firstly, a measurement integrity request sent by a kernel integrity measurement module KIMM running in the kernel space is received in a trusted space, then, the kernel image in the kernel is subjected to hash operation to obtain a hash value, finally, the hash value obtained by the operation is compared with a first reference value, and the integrity of the kernel data is determined according to a comparison result, wherein the first reference value is obtained by performing the hash operation on the kernel image in the memory by the KIMM-TA when a system of the terminal is started for the first time. As the integrity detection of the kernel data is carried out in the trusted space, the trusted space is a safe area on the main processor of the mobile equipment, thereby improving the security of detecting the integrity of the kernel data.

The following describes a method for detecting the integrity of kernel data in a specific embodiment.

Referring to fig. 4, a system for detecting kernel data integrity according to an embodiment of the present invention includes: a kernel integrity metric trusted application (KIMM-TA)10, a Kernel Integrity Metric Module (KIMM) 20.

A kernel integrity measurement trusted application (KIMM-TA)10, configured to perform a hash operation on a kernel image in a memory to obtain a hash value after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space; and comparing the hash value obtained by operation with a first reference value, and determining the integrity of the kernel data according to the comparison result, wherein the first reference value is obtained by performing hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time.

A Kernel Integrity Metric Module (KIMM)20 for determining that a trigger condition is satisfied; sending a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space so as to enable the KIMM-TA to determine the integrity of kernel data.

According to the embodiment of the invention, after the KIMM running in the kernel space is determined to meet the triggering condition, a measurement integrity request is sent to the KIMM-TA running in the trusted space, after the KIMM-TA receives the integrity measurement request sent by the KIMM, the KIMM-TA carries out Hash operation on the kernel image in the memory to obtain a Hash value, then the Hash value obtained by the Hash operation is compared with a first reference value, and the integrity of kernel data is determined according to the comparison result, wherein the first reference value is obtained by carrying out Hash operation on the kernel image in the memory by the KIMM-TA when the system of the terminal is started for the first time. As the integrity detection of the kernel data is carried out in the trusted space, the trusted space is a safe area on the main processor of the mobile equipment, thereby improving the security of detecting the integrity of the kernel data.

The trigger condition may be a system that starts the terminal, or may be a processing metric request sent by a KIMM-Client operating in the user space for the KIMM, which will be described below.

If the triggering condition is to start the system of the terminal, the KIMM sends a measurement integrity request carrying a KIMM identifier to the KIMM-TA.

Correspondingly, after the KIMM-TA receives the measurement integrity request carrying the KIMM identifier, before the integrity of the kernel data is detected, in order to further improve the security of the kernel data, the security of the data of the KIMM is detected.

Specifically, the KIMM-TA acquires a KIMM image from the memory, then performs hash operation on the acquired KIMM image to obtain a hash value, compares the obtained hash value with a second reference value stored in the RPMB, and if the comparison result is the same, determines that the data of the KIMM is complete; and if the comparison result is different, determining that the data of the KIMM is incomplete.

It should be noted that the second reference value is obtained by loading a KIMM mirror image in the memory when the system of the terminal is first started, performing a hash operation on the KIMM mirror image to obtain the second reference value, and storing the second reference value in the RPMB.

Optionally, if it is determined that the KIMM data is complete, detecting whether the kernel data is complete; if the KIMM data is determined to be incomplete, the KIMM-TA sends a message to the KIMM-Client to stop the started system.

Correspondingly, the KIMM-Client stops the running of the started system after receiving the message of stopping the started system.

Specifically, after the KIMM-Client receives a message to stop the started system, the terminal may restart the system.

Since the mirror image is loaded into the memory before the mirror image is a boot. Img files are read-only and cannot be modified. The image loaded into memory can be modified, causing changes to the program execution logic. If the system is restarted, the image is reloaded in the memory, so that the restart system can prevent the kernel data from being tampered.

As shown in fig. 5, a schematic diagram of the restart system is displayed on a display interface of the terminal.

And displaying a safety prompt on a terminal display interface, wherein the system kernel has the risk of being tampered and please restart the mobile phone.

In an optional implementation manner, when the triggering condition is to start a system of the terminal, a KIMM cycle sends a measurement integrity request carrying the KIMM identifier to a KIMM-TA, where the cycle is determined by a correspondence between an occupancy of a processor of the terminal and the cycle.

It should be noted that, the corresponding relationship between the occupancy rate of the CPU and the period of sending the measurement integrity request may be preset, and then the period of sending the measurement integrity request may be determined according to the current occupancy rate of the CPU.

For example, if the current occupancy rate of the CPU is 0 to 20%, the period for sending the measurement integrity request is 2 s; and if the current occupancy rate of the CPU is 20% -40%, the period for sending the measurement integrity request is 5 s.

In an implementation, the occupancy of the CPU to the period over which the measurement integrity request is sent may correspond to one integrity measurement period per 10% of the occupancy of the CPU. This correspondence may be fixed in the form of a table. Because the architecture and performance of the CPU of each platform are different, the correspondence relationship of each platform is also different. The determination of the corresponding relation is obtained through experiments, and the kernel integrity measurement operation can not obviously influence the normal operation of the system.

In one possible implementation, the KIMM may dynamically adjust the period of sending the metric integrity request according to the current occupancy of the CPU.

The work pressure of the CPU can be reduced by dynamically adjusting the period for sending the measurement integrity request.

The above is a description of a system in which the trigger condition is the activation of the terminal, and the following description is a description of a process metric request in which the trigger condition is the reception of the KIMM by the KIMM-Client.

And if the triggering condition is that the KIMM receives the processing measurement request sent by the KIMM-Client, the KIMM sends a measurement integrity request carrying a KIMM-Client identifier to the KIMM-TA.

In implementation, the KIMM-Client running in the user space is started, when the KIMM-Client detects that there are potential dangerous actions in behaviors such as execution of a shell script in a program in the user space, starting of unknown application, use of a shell running command and the like, the KIMM-Client sends a processing measurement request to the KIMM, and then the KIMM sends a measurement integrity request carrying a KIMM-Client identifier to the KIMM-TA.

Correspondingly, after receiving the integrity measurement request carrying the KIMM-Client identifier, the KIMM-TA can detect the integrity of the kernel data first, and can also detect the integrity of the kernel data after determining that the data of the KIMM-Client is complete.

Specifically, when the data of the KIMM-Client is determined to be complete, the KIMM-TA acquires a KIMM-Client mirror image from a memory, then carries out hash operation on the acquired KIMM-Client mirror image to obtain a hash value, compares the obtained hash value with a third reference value stored in the RPMB, and if the comparison result is the same, determines that the data of the KIMM-Client is complete; and if the comparison result is different, determining that the data of the KIMM-Client is incomplete.

It should be noted that the third reference value is obtained by loading a KIMM-Client image in the memory when the system of the terminal is first started, performing a hash operation on the KIMM-Client image to obtain the third reference value, and storing the third reference value in the RPMB.

Optionally, if the data of the KIMM-Client is determined to be complete, detecting whether the kernel data is complete; if the data of the KIMM-Client is determined to be incomplete, the KIMM-TA sends a message to the KIMM-Client to stop the started system.

Correspondingly, the KIMM-Client stops the running of the started system after receiving the message of stopping the started system.

The specific implementation is the same as that in the above embodiments, and details are not described here.

When the integrity of the kernel data is determined, the embodiment of the invention firstly carries out hash operation on the kernel mirror image in the memory to obtain a hash value, then compares the obtained hash value with a first reference value, and determines the integrity of the kernel data according to the comparison result.

Specifically, if the comparison results are the same, the kernel data is determined to be complete, and if the comparison results are different, the comparison results are determined to be different, and the KIMM-TA sends a message for stopping the started system to the KIMM-Client.

The specific operation of the KIMM-Client after receiving the message to stop the started system is the same as the implementation manner in the above embodiment, and is not described herein again.

The present invention will be described below in detail with reference to specific embodiments.

Example 1:

fig. 6 is a flowchart illustrating a method for determining a kernel integrity measurement reference value according to an embodiment of the present invention.

S600, starting a secureboot function by the system;

the system starts the secureboot function to ensure the correctness of the system mirror image loading.

S601, starting the system for the first time, loading the bootimage into the memory and starting the bootimage;

s602, the KIMM module sends a command for calculating the integrity measurement reference value to the KIMM-TA;

s603, acquiring a kernel mirror image in the memory by the KIMM-TA;

s604, performing Hash operation on the obtained kernel mirror image by using the KIMM-TA, and taking the obtained Hash value as an integrity measurement reference value;

s605, the KIMM-TA stores the integrity measurement reference value into the RPMB.

Because the default value in the RPMB is a null value, the default value cannot be modified for the second time after being written, thereby ensuring the uniqueness of the reference value.

Example 2:

fig. 7 is a schematic flowchart of a complete method for detecting kernel data integrity according to an embodiment of the present invention.

Step 700, starting a system, loading the bootimage into a memory and starting the bootimage;

step 701, loading and starting a KIMM module;

step 702, calculating a measurement period by the KIMM module according to the current load of the system;

step 703, the KIMM module sends a measurement integrity request carrying a KIMM identifier to the KIMM-TA according to the measurement period;

step 704, loading the KIMM-TA into a TEE safe trusted environment for operation;

step 705, the integrity of the KIMM module is determined by the KIMM-TA;

step 706, calculating the hash value of the kernel mirror image in the memory by the KIMM-TA;

step 707, the KIMM-TA compares the hash value obtained by calculation with an integrity measurement reference value stored in the RPMB;

step 708, returning the comparison result to the client of the user space;

709, if the comparison result is different, the client in the user space pops up a box to prompt the user to restart the mobile phone;

step 710, starting up a KIMM-Client in the user space;

step 711, detecting that dangerous actions exist by the KIMM-Client;

step 712, the KIMM-Client sends a processing measurement request to the KIMM module;

step 713, after receiving the processing measurement request, the KIMM module determines to send an integrity measurement request carrying a KIMM-Client identifier to the KIMM-TA according to the content in the request and the execution state of the measurement command in the current system;

714, determining the integrity of the KIMM-Client module by the KIMM-TA;

715, calculating a hash value of the kernel image in the memory by the KIMM-TA;

step 716, the KIMM-TA compares the hash value obtained by calculation with the integrity measurement reference value stored in the RPMB;

step 717, returning the comparison result to the client of the user space;

step 718, if the comparison result is different, the client in the user space pops up a box to prompt the user to restart the mobile phone.

Example 3:

as shown in fig. 8, a flowchart of a method for determining, by a KIMM module, to send an integrity measurement request carrying a KIMM-Client identifier to a KIMM-TA according to an embodiment of the present invention is shown.

S800, starting an unknown third-party application program A;

s801, detecting that the started program A is an application program with potential threat by a KIMM-Client module running in a user space;

s802, the KIMM-Client module sends a kernel integrity measurement request to the KIMM module in an ioctl mode;

s803, after receiving the request from the KIMM-Client module, the KIMM module determines the time for sending the measurement command according to the conditions (the current load of the system, the sending time of the previous measurement command, the type of the process started by the user space and the like);

it should be noted that the metric command sent by the KIMM module to the KIMM-TA module carries a parameter (also referred to as an identifier) identifying that the command is from the user space.

S804, the KIMM-TA module executes the kernel integrity measurement action, sequentially checks the integrity of the KIMM-Client module, the integrity of the KIMM module and the integrity of kernel data, and feeds back the result to the KIMM-Client module.

As shown in fig. 9, a method for detecting integrity of kernel data provided in an embodiment of the present invention is applied to a terminal, and the method includes:

s900, after receiving a measurement integrity request sent by a kernel integrity measurement module KIMM running in a kernel space, performing hash operation on a kernel image in a memory to obtain a hash value by a kernel integrity measurement trusted application KIMM-TA running in the trusted space;

s901, the KIMM-TA compares the hash value obtained by operation with a first reference value, and determines the integrity of kernel data according to the comparison result, wherein the first reference value is obtained by carrying out hash operation on a kernel image in a memory by the KIMM-TA when a system of a terminal is started for the first time.

Optionally, after the KIMM-TA takes the hash value obtained by the hash operation as the first reference value, before comparing the hash value obtained by the operation with the first reference value, the method further includes:

if the integrity measurement request contains a KIMM identifier, the KIMM-TA compares a Hash value obtained by carrying out Hash operation on the KIMM image in the memory with a second reference value, and determines the integrity of the data of the KIMM according to a comparison result, wherein the second reference value is obtained by carrying out Hash operation on the KIMM image in the memory by the KIMM-TA when the system of the terminal is started for the first time; or

If the measurement integrity request comprises a KIMM-Client identifier, the KIMM-TA compares a hash value obtained by carrying out hash operation on the KIMM-Client image in the memory with a third reference value, and determines the data integrity of the KIMM-Client according to the comparison result, wherein the third reference value is obtained by carrying out hash operation on the KIMM-Client image in the memory when the system of the terminal is started for the first time.

Optionally, after the KIMM-TA compares the hash value obtained by performing the hash operation on the KIMM image in the memory with the second reference value, the method further includes:

the KIMM-TA determines that the data of the KIMM is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client; or

And the KIMM-TA determines that the data of the KIMM-TA is incomplete according to the comparison result, and then sends a message for stopping the started system to the KIMM-Client.

Optionally, the method further includes:

the KIMM-TA period receives a measurement integrity request which is sent by the KIMM and contains a KIMM identification.

As shown in fig. 10, another method for detecting kernel data integrity provided in the embodiment of the present invention is applied to a terminal, and the method includes:

s1000, determining that a kernel integrity measurement module KIMM running in a kernel space meets a trigger condition;

s1001, the KIMM sends a measurement integrity request to a kernel integrity measurement trusted application KIMM-TA running in a trusted space, so that the KIMM-TA determines the integrity of kernel data.

Optionally, if the triggering condition is to start a system of the terminal, the KIMM sends a measurement integrity request carrying the KIMM identity to the KIMM-TA.

Optionally, the method further includes:

and the KIMM period sends a measurement integrity request carrying the KIMM identifier to the KIMM-TA, wherein the period is determined by the KIMM according to the corresponding relation between the occupancy rate of the processor of the terminal and the period.

Optionally, if the triggering condition is that the KIMM receives a processing metric request sent by the KIMM-Client, the KIMM sends a metric integrity request carrying a KIMM-Client identifier to the KIMM-TA.

Further, embodiments of the present invention also provide a computer-readable medium on which a computer program is stored, where the computer program is executed by a processor to implement the steps of any one of the methods described above.

The present application is described above with reference to block diagrams and/or flowchart illustrations of methods, apparatus (systems) and/or computer program products according to embodiments of the application. It will be understood that one block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, and/or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer and/or other programmable data processing apparatus, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.

Accordingly, the subject application may also be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). Furthermore, the present application may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. In the context of this application, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.