CN104021104B - A kind of cooperative system and its communication means based on dual-bus structure - Google Patents
A kind of cooperative system and its communication means based on dual-bus structure Download PDFInfo
- Publication number
- CN104021104B CN104021104B CN201410262251.7A CN201410262251A CN104021104B CN 104021104 B CN104021104 B CN 104021104B CN 201410262251 A CN201410262251 A CN 201410262251A CN 104021104 B CN104021104 B CN 104021104B
- Authority
- CN
- China
- Prior art keywords
- safe
- bus
- main control
- control module
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides a kind of cooperative system and its communication means based on dual-bus structure, and the system includes main control module, safe Co-processor Module and memory;The main control module application program, data are stored respectively in two block storages with safe Co-processor Module application program, data, and carry is on master bus and security module bus respectively.Methods described is communicated including (1) main control module with safe Co-processor Module by spi bus;(2) main control module initiates safe encryption and decryption or signature sign test operation;(3) safe handling order is sent;(4) feeding command operation data object and wait it is pending after data feedback.Dual-bus structure of the present invention is applied among the application frequently called for safe computing, reduce bus Congestion Level SPCC, memory bandwidth is improved there is provided security, passes through the safe and complete of the communication mode of agreement to(for) safe Co-processor Module and access control safeguards system critical data.
Description
Technical field
The present invention relates to a kind of electronic information technology, in particular to a kind of cooperative system based on dual-bus structure and its
Communication means.
Background technology
The progress of ICT accelerates the evolution and development of intelligent grid.It is progressively clear in intelligent grid concept,
Using under the background become increasingly abundant, for the requirement of communication apparatus and the ageing of movement device, reliability and confidentiality
All the more it is harsh.Power network it is strong be the national economic development important leverage.Protective relaying device is from order is received to action executing
Time it is shorter, the degree that electric net device is protected is also higher, this require master control processing unit for parsing information and
The speed issued is ordered to want enough blocks, that is, the performance of main control module needs to meet certain requirements, while also to there is enough meters
Calculation ability and the communication bandwidth with peripheral hardware.Further, since the information that the load, electricity consumption data and action command on power network are assigned
It is required that safe and reliable transmission, it is ensured that information completely, for third party is invisible, receiving party can verify source identity, believe
Breath source non-repudiation order issue action history.Therefore needs offer one kind introducing signature sign test etc. one in control device is
The technical scheme of row security mechanism.
The content of the invention
In view of the shortcomings of the prior art, this paper presents a kind of cooperative system based on dual-bus structure and its communication party
Method.General data processing, peripheral configuration on the responsible on-chip system (SoC) of main control module (CPU), interrupt response, task scheduling
Deng.Safe Co-processor Module (Security-MCU) is mainly responsible for the hardware-accelerated of security algorithm.Wherein main control module and safety
Each carry of Co-processor Module is in an independent bus (main bus Main-Bus/M-Bus and Security-Bus/S-Bus safety
Bus) on.Safe Co-processor Module turns into unique main equipment on S-Bus;Main control module, direct memory access controller (DMAC,
Direct Memory Access Controller) etc. turn into M-Bus on main equipment.Main control module AMBA high-speed buses lead to
Cross on bus bridge mounting AMBA low speed bus, low speed bus and mount numerous peripheral control units.
The purpose of the present invention is realized using following technical proposals:
A kind of cooperative system based on dual-bus structure, it is theed improvement is that, the system includes main control module, safety
Co-processor Module and memory;
The main control module application program, data are stored respectively in two pieces with safe Co-processor Module application program, data
In memory, carry is on master bus and security module bus respectively.
It is preferred that, the safe Co-processor Module is unique main equipment on safety bus Security-Bus/S-Bus;
The main control module is the main equipment on main bus Main-Bus/M-Bus;
The bus uses AMBA AHB/AXI.
It is preferred that, the high-speed bus of the main control module AMBA mounts AMBA low speed bus by bus bridge;The low speed
Peripheral control unit is mounted in bus.
Further, the peripheral control unit includes I2C bus control units, CAN controller, UART controller, piece
Outer NAND Flash controllers, real-time clock and house dog.
It is preferred that, the direct memory access controller is used to be responsible between peripheral hardware and main memory carrying block data.
It is preferred that, the main control module is deposited including Flash, read-only storage, static random-access on general processor, piece
Reservoir, synchronous dynamic random access memory, direct memory access controller, USB and ethernet controller;
The safe Co-processor Module and main control module isomorphism.
It is preferred that, the main control module carries out data buffering with safe Co-processor Module by FIFO, so as to realize clock
The isolation in domain.
It is preferred that, the main control module is connected with safe Co-processor Module using SPI interface.
A kind of communication means for cooperative system based on dual-bus structure that the present invention is provided based on another object, its feature
It is, methods described includes
(1) main control module is communicated with safe Co-processor Module by spi bus;
(2) main control module initiates safe encryption and decryption or signature sign test operation;
(3) safe handling order is sent;
(4) feeding command operation data object and wait it is pending after data feedback.
It is preferred that, the step (1) includes main control module and carries out half-duplex side by spi bus with safe Co-processor Module
Formula communicates.
It is preferred that, the step (2) includes main control module and initiates safe encryption and decryption or signature sign test operation, first or resets
Carrying out security related operations afterwards needs the availability of query safe Co-processor Module.
It is preferred that, the step (3) receives the usability feedback from safe Co-processor Module simultaneously including main control module
Confirm that related command sends specific safe handling order after being supported.
It is preferred that, the step (4) includes main control module and received after the order receiving feedback from safe Co-processor Module,
Feeding command operation data object and wait it is pending after data feedback.
Further, the safe Co-processor Module using the program being cured in advance in memory on safety bus with
And key data carries out safety-related calculating, while updating the sensitive datas such as user data in safety bus memory, or gives
The outbound message identity true and false indicates that main control module carries out next step action according to safety verification result.
It is preferred that, the safe Co-processor Module carrys out illegal computing or memory access order for being sent from main control module can be with
It is not responding to or returns error code.
Compared with the prior art, beneficial effects of the present invention are:
(1) dual-bus structure of the present invention is applied among the application frequently called for safe computing.Main control module and peace
Data exchange is carried out using FIFO between full Co-processor Module, the work clock of the two can be arranged to different frequencies according to application demand
Rate.Typical case is that plaintext to be encrypted is pushed into FIFO by main control module, after after some cycles (agreement regulation) from another
The ciphertext for producing safe Co-processor Module in FIFO is fetched, and gives response data memory or peripheral port.
(2) because the memory module accessed needed for main control module distinguishes carry in two buses, bus congestion is reduced
Degree, improves memory bandwidth.The application program and intermediate results of operations of security module can be arranged as required to visit simultaneously
Protection authority is deposited, and security module and external interface are only the communication interfaces with main control module, therefore further provide safety
Property.
(3) communication mode of agreement and access control safeguards system critical data to(for) safe Co-processor Module are passed through
It is safe and complete.
Brief description of the drawings
The main control module for the dual-bus structure that Fig. 1 provides for the present invention is illustrated with safe Co-processor Module collaborative work framework
Figure.
Main control module and safe Co-processor Module storage organization schematic diagram that Fig. 2 provides for the present invention.
Fig. 3 provides main control module and safe Co-processor Module communication flow diagram for the present invention.
Embodiment
The embodiment to the present invention is described in further detail below in conjunction with the accompanying drawings.
Memory used in main control module of the present invention and safe Co-processor Module (including instruction storage and data storage)
It is implemented separately, carry is in respective bus respectively, and such storage organization eliminates competition of the two processor to bandwidth of memory,
The design coupling of two son designs of main control module in Distributed Design is reduced simultaneously.And it is used as slave unit in Co-processor Module
Monobus design in, carry out safety-related calculating when, main control module need continue will instruction is sent to by bus at association
Module is managed, and main control module itself is also required to lasting progress value memory access simultaneously, so as to propose high requirement to bus bandwidth.
And use independent memory module, storage and computing resource for safe Co-processor Module end for safe Co-processor Module
Access call can only by special interface and specific communication mode, improve safe processor end for illegal memory access and
The resistance of the behaviors such as flooding.
As shown in figure 1, wherein:
Main control module includes flash memory (Flash), read-only storage (ROM, Read-Only on general processor (CPU), piece
Memory), static random-access memory (SRAM, Static Random Access Memory), synchronous dynamic random access
Memory etc., direct memory access controller (DMAC) is responsible between peripheral hardware and main memory carrying block data.General processor is with DMA
Unique main equipment in main control module bus.Other peripheral control units such as USB (USB, Universal Serial
Bus) controller, Ethernet (ETHERNET) controller, Serial Peripheral Interface (SPI) (SPI, Serial Peripheral) controller are made
For the slave unit in bus, communication every time is initiated by main equipment, slave unit response.Bus is AMBA (Advanced
Microcontroller Bus Architecture)AHB(Advanced High-performance Bus)/AXI
(Advanced eXtensible Interface) bus, can be configured to 32/64/128.
Main control module AMBA high-speed buses are mounted by bus bridge and mount numerous peripheral hardwares on AMBA low speed bus, low speed bus
Controller, including I2The outer NAND Flash controllers of C bus control units, CAN controller, UART controller, piece, it is real-time when
Clock, house dog etc..
Safe Co-processor Module module and the basic isomorphism of main control module, bus use AMBA AHB/AXI, can be according to application
Demand is configured to different bit wides.Safe Co-processor Module module only has minimal amount of Peripheral Interface, is mainly used in and main control module
Communication.Data buffering is carried out by FIFO between primary module and security module, it is achieved thereby that the isolation of clock zone.If master control
Module is suitable with security module data mutual capacity, it is recommended to use SPI interface is connected, and interface signal quantity is few and agreement light weight.
As shown in figure 3, main control module carries out half-duplex mode communication with safe Co-processor Module by spi bus.
Safe encryption and decryption is initiated by main control module or signature sign test is operated, if carrying out security related operations for the first time needs
Want the availability (needing to inquire about again after reset) of query safe Co-processor Module.
When main control module receives the usability feedback from safe Co-processor Module while after confirming that related command is supported
Specific safe handling order, such as symmetric cryptography, public key encryption, digital signature, authentication and message integrity can be sent
Checking etc..
After main control module receives the order receiving feedback from safe Co-processor Module, command operation data can be sent into
Object (be usually to be encrypted plaintext, ciphertext to be decrypted, message of identity to be verified etc.), and wait it is pending after data it is anti-
Feedback.
Safe Co-processor Module is using the program being cured in advance in memory on safety bus, and the data such as key
Safety-related calculating is carried out, while updating the sensitive datas such as user data in safety bus memory, or message identity is provided
The true and false indicates that main control module carries out next step action according to safety verification result.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, institute
The those of ordinary skill in category field with reference to above-described embodiment still can to the present invention embodiment modify or
Equivalent substitution, these any modifications or equivalent substitution without departing from spirit and scope of the invention are applying for this pending hair
Within bright claims.
Claims (1)
1. a kind of cooperative system based on dual-bus structure, it is characterised in that the system includes main control module, safe association and handled
Module and memory;
The main control module application program, data are stored respectively in two pieces of storages with safe Co-processor Module application program, data
In device, carry is distinguished on master bus and security module bus,
The cooperative system uses a kind of communication means based on dual-bus structure, and the communication means includes:
(1) main control module is communicated with safe Co-processor Module by spi bus;
(2) main control module initiates safe encryption and decryption or signature sign test operation;
(3) safe handling order is sent;
(4) feeding command operation data object and wait it is pending after data feedback;
The safe Co-processor Module is unique main equipment on safety bus Security-Bus/S-Bus;
The main control module is the main equipment on main bus Main-Bus/M-Bus;
The bus uses AMBA AHB/AXI;
The high-speed bus of the main control module AMBA mounts AMBA low speed bus by bus bridge;Mounted on the low speed bus outer
If controller;
The peripheral control unit includes the outer NAND Flash controls of I2C bus control units, CAN controller, UART controller, piece
Device processed, real-time clock and house dog;
The main control module is dynamic including Flash, read-only storage, static random-access memory, synchronization on general processor, piece
State random access storage device, direct memory access controller, USB and ethernet controller;
The direct memory access controller is used to be responsible between peripheral hardware and main memory carrying block data;
The safe Co-processor Module and main control module isomorphism;
The main control module carries out data buffering with safe Co-processor Module by FIFO, so as to realize the isolation of clock zone;
The main control module is connected with safe Co-processor Module using SPI interface;
The step (1) includes main control module and carries out half-duplex mode communication by spi bus with safe Co-processor Module;
The step (2) includes main control module and initiates safe encryption and decryption or signature sign test operation, carries out safety first or after resetting
Associative operation needs the availability of query safe Co-processor Module;
The step (3) receives the usability feedback from safe Co-processor Module while confirming related command including main control module
Specific safe handling order is sent after being supported;
The step (4) includes main control module and received after the order receiving feedback from safe Co-processor Module, feeding order behaviour
Make data object and wait it is pending after data feedback;
The safe Co-processor Module is entered using the program being cured in advance and key data in memory on safety bus
Row is safety-related to be calculated, while updating the sensitive data in safety bus memory, or provides the instruction master control of the message identity true and false
Module carries out next step action according to safety verification result;
The safe Co-processor Module is for from main control module transmission, wrong generation can be returned to by carrying out illegal computing or memory access order
Code is not responding to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410262251.7A CN104021104B (en) | 2014-06-12 | 2014-06-12 | A kind of cooperative system and its communication means based on dual-bus structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410262251.7A CN104021104B (en) | 2014-06-12 | 2014-06-12 | A kind of cooperative system and its communication means based on dual-bus structure |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104021104A CN104021104A (en) | 2014-09-03 |
| CN104021104B true CN104021104B (en) | 2017-11-07 |
Family
ID=51437865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410262251.7A Active CN104021104B (en) | 2014-06-12 | 2014-06-12 | A kind of cooperative system and its communication means based on dual-bus structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104021104B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105550145B (en) * | 2015-12-09 | 2018-05-08 | 天津国芯科技有限公司 | A kind of transmission synchronizer between dual bus in system-on-a-chip |
| CN105790927B (en) | 2016-02-26 | 2019-02-01 | 华为技术有限公司 | A kind of bus graded encryption system |
| CN108270910A (en) * | 2016-12-30 | 2018-07-10 | 展讯通信(上海)有限公司 | Mobile terminal |
| CN107729278A (en) * | 2017-09-30 | 2018-02-23 | 郑州云海信息技术有限公司 | A kind of SPI controller and its control method based on AXI bus protocols |
| CN109862553B (en) * | 2017-11-30 | 2022-07-12 | 华为技术有限公司 | Terminal and communication method |
| CN108628791B (en) * | 2018-05-07 | 2020-05-19 | 北京智芯微电子科技有限公司 | High-speed security chip based on PCIE interface |
| CN109241784A (en) * | 2018-08-16 | 2019-01-18 | 深圳忆联信息系统有限公司 | A kind of close SM2 signature verification method of the state of SSD and system |
| CN109347711B (en) * | 2018-09-26 | 2021-01-26 | 东南(福建)汽车工业有限公司 | Vehicle CAN bus multi-network-segment architecture |
| CN110389919B (en) * | 2019-07-04 | 2021-03-19 | 苏州浪潮智能科技有限公司 | RISC-V processor based asynchronous transceiver peripheral and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1647011A (en) * | 2002-04-18 | 2005-07-27 | 先进微装置公司 | A computer system including a secure execution mode - capable cpu and a security services processor connected via a secure communication path |
| CN1752894A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Dynamic power consumption management method in information safety SoC based on door control clock |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6496890B1 (en) * | 1999-12-03 | 2002-12-17 | Michael Joseph Azevedo | Bus hang prevention and recovery for data communication systems employing a shared bus interface with multiple bus masters |
| CN102710890B (en) * | 2012-04-06 | 2014-11-05 | 东莞中山大学研究院 | Video processing on-chip system of double AHB (Advanced High Performance Bus) buses |
-
2014
- 2014-06-12 CN CN201410262251.7A patent/CN104021104B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1647011A (en) * | 2002-04-18 | 2005-07-27 | 先进微装置公司 | A computer system including a secure execution mode - capable cpu and a security services processor connected via a secure communication path |
| CN1752894A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Dynamic power consumption management method in information safety SoC based on door control clock |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104021104A (en) | 2014-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104021104B (en) | A kind of cooperative system and its communication means based on dual-bus structure | |
| CN105095772B (en) | Method and apparatus for safely saving and restoring computing platform state | |
| CN107667347A (en) | The technology of the security service provided for virtualized access by fusion type manageability and security engine | |
| CN108628791B (en) | High-speed security chip based on PCIE interface | |
| CN103809517B (en) | The control system of Digit Control Machine Tool and encryption method thereof | |
| CN104391770B (en) | The on-line debugging of a kind of embedded data security system SOC and Upper machine communication module | |
| WO2022271222A1 (en) | Trusted memory sharing mechanism | |
| CN104951688A (en) | Special data encryption method and encryption card suitable for Xen virtualized environment | |
| CN109391694A (en) | Document transmission method and relevant device based on SFTP | |
| CN110096460A (en) | The method, apparatus and circuit of internal storage data protection | |
| CN106650411A (en) | Verification system for cryptographic algorithms | |
| CN107623699A (en) | A kind of encryption system based on cloud environment | |
| CN105981485A (en) | Memory card connector for electronic devices | |
| CN206505415U (en) | A kind of encryption authentication device based on PCIE | |
| CN102043918A (en) | Socket type trusted computer | |
| CN203102265U (en) | Solid state disk (SSD) control chip | |
| CN104378383A (en) | Online distribution line monitoring data terminal and safe and encrypted communication method of distribution lines | |
| CN209625214U (en) | A kind of encryption equipment based on Loongson processor | |
| CN104298486B (en) | A kind of randomizer of embedded data security system SOC | |
| Chen et al. | A RISC-V System-on-Chip Based on Dual-core Isolation for Smart Grid Security | |
| CN203102295U (en) | USB flash disk control chip | |
| CN204180105U (en) | distribution line online monitoring data terminal | |
| CN209570939U (en) | A kind of quantum cryptography USBkey | |
| CN103198258A (en) | Composite system and data transfer method | |
| CN103220133A (en) | Remote-control intelligent gas meter with information safety management function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Co.,Ltd. Patentee after: STATE GRID CORPORATION OF CHINA Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee before: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Patentee before: STATE GRID CORPORATION OF CHINA Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee after: GLOBAL ENERGY INTERCONNECTION Research Institute Patentee after: STATE GRID CORPORATION OF CHINA Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee before: STATE GRID SMART GRID Research Institute Patentee before: State Grid Corporation of China |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191105 Address after: Building 3, zone a, Dongsheng Science Park, Zhongguancun, No.66, xixiaokou Road, Haidian District, Beijing 102200 Co-patentee after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd. Patentee after: BEIJING SMARTCHIP MICROELECTRONICS TECHNOLOGY Co.,Ltd. Co-patentee after: STATE GRID CORPORATION OF CHINA Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Co-patentee before: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Co.,Ltd. Patentee before: STATE GRID CORPORATION OF CHINA |
|
| TR01 | Transfer of patent right |