CN112906416A

CN112906416A - Safe communication module and safe communication method

Info

Publication number: CN112906416A
Application number: CN202110321023.2A
Authority: CN
Inventors: 苏琳琳; 徐敬周; 霍航宇
Original assignee: Ziguang Guoxin Microelectronics Co ltd
Current assignee: Ziguang Guoxin Microelectronics Co ltd
Priority date: 2021-03-25
Filing date: 2021-03-25
Publication date: 2021-06-04

Abstract

The embodiment of the application discloses a safe communication module and a safe communication method, wherein the safe communication module comprises: the device comprises a communication interface module and a main processing module. The communication interface module is used for receiving first data information and a safety operation instruction from the current equipment and/or external equipment. And the main processing module is used for acquiring the first data information and the safety operation instruction from the communication interface module, performing safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the communication interface module. The safety communication module is internally integrated with the main processing module with the safety function, and provides support for encryption and decryption, tamper resistance and safety authentication of identity of communication data.

Description

Safe communication module and safe communication method

Technical Field

The present application relates to the field of communications technologies, and in particular, to a secure communication module and a secure communication method.

Background

Currently, with the development of the technology of the internet of things, the terminal equipment of the internet of things is widely applied. The usage amount of communication modules in the terminal equipment of the Internet of things is synchronously increased.

The communication module enables the terminal equipment of the internet of things to have wireless and/or wired communication capability, but the existing communication module enables the transmitted communication data to have the problem of unsafe transmission.

Disclosure of Invention

In view of the above, embodiments of the present disclosure provide a secure communication module and a secure communication method, which enable communication data transmitted through the secure communication module to be more secure.

In order to solve the above problem, the technical solution provided by the embodiment of the present application is as follows:

a secure communications module, comprising:

the system comprises a communication interface module and a main processing module;

the communication interface module is used for receiving first data information and a safety operation instruction from current equipment and/or external equipment;

the main processing module is configured to obtain the first data information and the security operation instruction from the communication interface module, perform a security operation corresponding to the security operation instruction on the first data information, generate first security data, and transmit the first security data to the communication interface module;

the communication interface module is further configured to transmit the first security data to the current device and/or the external device.

In one possible implementation, the communication interface module includes: a secure communication module external interface and/or antenna module;

the safety communication module external interface is used for receiving first data information and a safety operation instruction from current equipment and/or external equipment and transmitting the first safety data to the current equipment and/or the external equipment;

the antenna module is used for receiving first data information and a safety operation instruction from external equipment and transmitting the first safety data to the external equipment.

In one possible implementation, the secure communication module further includes: a Near Field Communication (NFC) processing module;

the NFC processing module comprises: an NFC controller and an NFC antenna module;

the NFC controller is used for reading second security data stored in the main processor module and transmitting the second security data to the NFC antenna module;

the NFC antenna module is used for transmitting the second security data to the external equipment.

In a possible implementation manner, the NFC antenna module is further configured to receive second data information from the external device;

the NFC controller is further configured to acquire the second data information from the NFC antenna module, and transmit the second data information to the main processor module.

In a possible implementation manner, when the secure operation instruction is an encryption instruction, the main processing module is specifically configured to: acquiring the first data information and the safety operation instruction from the communication interface module, encrypting the first data information to generate first safety data, and transmitting the first safety data to the communication interface module;

when the secure operation instruction is a decryption instruction, the main processing module is specifically configured to: acquiring the first data information and the safety operation instruction from the communication interface module, decrypting the first data information to generate first safety data, and transmitting the first safety data to the communication interface module;

when the security operation instruction is an identity verification instruction, the main processing module is specifically configured to: acquiring the first data information and the safety operation instruction from the communication interface module, encrypting the first data information by using a first preset secret key to generate first safety data, and transmitting the first safety data to the communication interface module, wherein the first data information is a random number;

when the secure operation instruction is a data tamper-resistant instruction, the main processing module is specifically configured to: acquiring the first data information and the safety operation instruction from the communication interface module, and encrypting the first data information by using a second preset key to generate first safety data; and adding the first security data to the first data information and transmitting the first security data to the communication interface module.

In one possible implementation, the main processing module includes: a baseband chip and a security chip;

the baseband chip is used for acquiring the first data information and the safety operation instruction from the communication interface module and transmitting the first data information and the safety operation instruction to the safety chip;

the safety chip is used for carrying out safety operation corresponding to the safety operation instruction on the first data information to generate first safety data and transmitting the first safety data to the baseband chip;

the baseband chip is further configured to transmit the first security data to the communication interface module.

In one possible implementation, the secure communication module further includes: an NFC processing module;

the NFC controller is specifically configured to read second security data stored in the secure chip, and transmit the second security data to the NFC antenna module;

the NFC controller is further configured to acquire the second data information from the NFC antenna module, and transmit the second data information to the baseband chip.

In a possible implementation manner, when the secure operation instruction is an encryption instruction, the secure chip is specifically configured to: encrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip;

when the secure operation instruction is a decryption instruction, the secure chip is specifically configured to: decrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip;

when the secure operation instruction is an identity verification instruction, the secure chip is specifically configured to: encrypting the first data information by using a first preset secret key to generate first safety data, and transmitting the first safety data to the baseband chip, wherein the first data information is a random number;

when the secure operation instruction is a data tamper-resistant instruction, the secure chip is specifically configured to: encrypting the first data information by using a second preset key to generate first security data;

the baseband chip is specifically configured to: and adding the first security data to the first data information and transmitting the first security data to the communication interface module.

In one possible implementation, the secure chip includes: the system comprises a safety chip external interface, a processor and a safety operation module;

the secure chip external interface is used for acquiring the first data information and the secure operation instruction from the baseband chip;

the processor is configured to obtain the first data information and the security operation instruction from the security chip external interface, call the security operation module to perform a security operation corresponding to the security operation instruction on the first data information, generate first security data, and transmit the first security data to the security chip external interface;

the secure chip external interface is used for transmitting the first security data to the baseband chip.

In a possible implementation manner, when the secure operation instruction is an encryption instruction, the processor is specifically configured to: acquiring the first data information and the safety operation instruction from the safety chip external interface, calling the safety operation module to encrypt the first data information to generate first safety data, and transmitting the first safety data to the safety chip external interface;

when the secure operation instruction is a decryption instruction, the processor is specifically configured to: acquiring the first data information and the safety operation instruction from the safety chip external interface, calling the safety operation module to decrypt the first data information, generating first safety data, and transmitting the first safety data to the safety chip external interface;

when the secure operation instruction is an identity authentication instruction, the processor is specifically configured to: acquiring the first data information and the safety operation instruction from the safety chip external interface, calling the safety operation module to encrypt the first data information by using a first preset secret key to generate first safety data, and transmitting the first safety data to the safety chip external interface;

when the secure operation instruction is a data tamper-resistant instruction, the processor is specifically configured to: and acquiring the first data information and the safety operation instruction from the safety chip external interface, calling the safety operation module to encrypt the first data information by using a second preset secret key to generate first safety data, and transmitting the first safety data to the safety chip external interface.

A secure communication method is applied to a secure communication module, and the secure communication module comprises the following steps: the system comprises a communication interface module and a main processing module; the method comprises the following steps:

the communication interface module receives first data information and a safety operation instruction from current equipment and/or external equipment;

the main processing module acquires the first data information and the safety operation instruction from the communication interface module; the main processing module carries out safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and the first safety data are transmitted to the communication interface module;

the communication interface module transmits the first security data to the current device and/or the external device.

In one possible implementation, the secure communication module further includes: NFC processing module: the NFC processing module comprises: an NFC controller and an NFC antenna module; the method further comprises the following steps:

the NFC controller reads second security data stored in the main control module and transmits the second security data to the NFC antenna module;

the NFC antenna module transmits the second security data to the external device.

In a possible implementation manner, when the security operation instruction is an encryption instruction, the main processing module performs a security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the communication interface module, including:

the main processing module encrypts the first data information to generate first safety data, and transmits the first safety data to the communication interface module;

when the security operation instruction is a decryption instruction, the main processing module performs a security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the communication interface module, including:

the main processing module decrypts the first data information to generate first safety data, and transmits the first safety data to the communication interface module;

when the security operation instruction is an identity authentication instruction, the main processing module performs security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the communication interface module, including:

the main processing module encrypts the first data information by using a first preset key to generate first safety data, and transmits the first safety data to the communication interface module, wherein the first data information is a random number;

when the security operation instruction is a data tamper-proof instruction, the main processing module performs a security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the communication interface module, including:

the main processing module encrypts the first data information by using a second preset key to generate first safety data; and adding the first security data to the first data information and transmitting the first security data to the communication interface module.

In one possible implementation, the main control module includes a baseband chip and a security chip;

the main processing module obtains the first data information and the safety operation instruction from the communication interface module, and includes:

the baseband chip acquires the first data information and the safety operation instruction from the communication interface module and transmits the first data information and the safety operation instruction to the safety chip;

the main processing module performs a security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the communication interface, including:

and the safety chip carries out safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and the first safety data are transmitted to the baseband chip.

In a possible implementation manner, when the secure operation instruction is an encryption instruction, the secure chip performs a secure operation corresponding to the secure operation instruction on the first data information to generate first secure data, and transmits the first secure data to the baseband chip, including:

encrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip;

when the security operation instruction is a decryption instruction, the security chip performs security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the baseband chip, including:

decrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip;

when the security operation instruction is an identity verification instruction, the security chip performs security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the baseband chip, including:

encrypting the first data information by using a first preset secret key to generate first safety data, and transmitting the first safety data to the baseband chip, wherein the first data information is a random number;

when the secure operation instruction is a data tamper-proof instruction, the secure chip performs a secure operation corresponding to the secure operation instruction on the first data information to generate first secure data, and transmits the first secure data to the baseband chip, including:

encrypting the first data information by using a second preset key to generate first security data;

the baseband chip transmits the first security data to the communication interface module, including:

and adding the first security data to the first data information and transmitting the first security data to the communication interface module.

Therefore, the embodiment of the application has the following beneficial effects:

the embodiment of the application provides a safe communication module and a safe communication method, wherein the safe communication module comprises: the device comprises a communication interface module and a main processing module. The communication interface module is used for receiving first data information and a safety operation instruction from the current equipment and/or external equipment. And the main processing module is used for acquiring the first data information and the safety operation instruction from the communication interface module, performing safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the communication interface module. The safety communication module is internally integrated with the main processing module with the safety function, and provides support for encryption and decryption, tamper resistance and safety authentication of identity of communication data.

Drawings

Fig. 1 is a schematic structural diagram of a secure communication module according to an embodiment of the present disclosure;

fig. 2 is a schematic structural diagram of another secure communication module according to an embodiment of the present disclosure;

fig. 3 is a schematic structural diagram of another secure communication module according to an embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of another secure communication module according to an embodiment of the present disclosure;

fig. 5a is a schematic diagram illustrating a secure communication module according to an embodiment of the present application, where the secure communication module implements communication based on an NFC function;

fig. 5b is a schematic diagram of another secure communication module according to an embodiment of the present application, which implements communication based on an NFC function;

fig. 6 is a schematic diagram of an internal structure of a security chip according to an embodiment of the present disclosure;

fig. 7 is a schematic diagram of an internal structure of another security chip provided in the embodiment of the present application;

fig. 8 is a schematic diagram illustrating a secure communication module according to an embodiment of the present application;

fig. 9 is a schematic diagram illustrating another embodiment of the present application, which uses a secure communication module to implement communication;

fig. 10 is a schematic diagram illustrating another embodiment of the present application, which uses a secure communication module to implement communication;

fig. 11 is a flowchart of a secure communication method according to an embodiment of the present application.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the drawings are described in detail below.

In order to facilitate understanding and explaining the technical solutions provided by the embodiments of the present application, a description will be made of a background technology of the embodiments of the present application.

With the gradual commercialization of the fifth-generation mobile communication technology, the application of a block chain and the opening of the application of the embedded smart card in the field of internet of things of three operators, the internet of things will meet greater development opportunities and wider market prospects. Meanwhile, the usage amount of the communication module widely applied to the terminal equipment of the Internet of things is synchronously increased.

The communication module enables the terminal equipment of the Internet of things to carry out wireless and/or wired communication. However, the current internet of things terminal device including a communication module and the system thereof generally have some problems related to safety, which mainly include: first, communication data on the communication link is easily leaked and illegally used. Secondly, the communication data is easy to be tampered, and the tampered data is not accurate any more. And thirdly, the identity authentication function of the terminal equipment of the internet of things cannot be realized.

Based on this, the embodiment of the present application provides a secure communication module and a secure communication method, where the secure communication module includes: communication interface module, baseband chip and security chip. The communication interface module is used for receiving first data information and a safety operation instruction from the current equipment and/or external equipment. The baseband chip is used for acquiring the first data information and the safety operation instruction from the communication interface module and transmitting the first data information and the safety operation instruction to the safety chip. The safety chip is used for carrying out safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the baseband chip. The baseband chip is further configured to transmit the first security data to the communication interface module, and the communication interface module is further configured to transmit the first security data to the current device and/or the external device. Therefore, the safety chip is arranged in the safety communication module to ensure the safety of the communication process.

In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, a secure communication module provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Referring to fig. 1, fig. 1 is a schematic structural diagram of a secure communication module according to an embodiment of the present application. As shown in fig. 1, the secure communication module includes: a communication interface module 1 and a main processing module 4.

The communication interface module 1 is responsible for the communication between the safety communication module and the current equipment and/or external equipment. Specifically, the communication interface module 1 is configured to receive first data information and a security operation instruction from the current device and/or the external device.

It can be understood that the secure communication module provided by the embodiment of the application can be arranged in the terminal device of the internet of things, and the current device refers to the terminal device of the internet of things provided with the secure communication module. The external device is other devices which are not the current device and communicate with the safety communication module, and the external device can be an internet of things terminal device, an internet of things platform, a mobile terminal device and the like. The current equipment and/or the external equipment can transmit the first data information and the safety operation instruction to the safety communication module, and the transmitted first data information and the safety operation instruction are received through the communication interface module 1 of the safety communication module. The first data information may be data to be transmitted or processed, and the security operation instruction may determine a type of security operation that needs to be performed on the first data information.

And the main processing module 4 is used for acquiring the first data information and the safety operation instruction from the communication interface module, performing safety operation corresponding to the safety operation instruction on the first data information, generating first safety data, and transmitting the first safety data to the communication interface module.

In the embodiment of the application, the main processing module with the safety function is arranged in the safety communication module, so that the first data information can be safely operated inside the safety communication module, and the data safety of the communication process is ensured.

The communication interface module 1 is further configured to transmit the first security data to the current device and/or the external device.

It should be noted that the communication interface module may receive first data information sent by the current device and/or the external device, and finally transmit the generated first security data to the current device and/or the external device. For example, the communication interface module may receive first data information sent by the current device and transmit the generated first security data to the external device. For another example, the communication interface module may receive first data information sent by the external device, and transmit the generated first security data to the current device. Other situations are not detailed, and the method can be applied according to actual scenes.

Therefore, through the secure communication module provided by the embodiment of the application, the main processing module with the security function and built in the secure communication module performs the security operation corresponding to the security operation instruction on the received first data information, and the obtained first security data is used for transmission and has security.

Referring to fig. 2, fig. 2 is a schematic structural diagram of another secure communication module according to an embodiment of the present application. As shown in fig. 2, the communication interface module 1 may include: a secure communication module external interface 11 and/or an antenna module 12.

And the secure communication module external interface 11 is used for receiving the first data information and the secure operation instruction from the current equipment and/or the external equipment and transmitting the first secure data to the current equipment and/or the external equipment.

And the antenna module 12 is used for receiving the first data information and the safety operation instruction from the external equipment and transmitting the first safety data to the external equipment.

As an example, the antenna module 12 includes an antenna interface, a radio frequency front end module, and a radio frequency transceiver chip. The antenna interface and the radio frequency front end module are used for being connected with an external antenna to realize the receiving and sending of communication signals under different frequencies. The antenna interface and the radio frequency front end module specifically comprise a radio frequency power amplifier, a radio frequency low noise amplifier, a radio frequency switch, a filter, a duplexer and the like. The radio frequency transceiver chip is used for modulating/demodulating, analog-to-digital/digital-to-analog converting and the like the communication signals received from the antenna interface and the radio frequency front end module, and then sending the processed communication signals to the main control module 4.

As shown in fig. 2, in a possible implementation, the secure communication module further includes: a Near Field Communication (NFC) processing module 5; the NFC processing module 5 includes: an NFC controller 51 and an NFC antenna module 52.

The NFC controller 51 is configured to read the second security data stored in the main processor, and transmit the second security data to the NFC antenna module.

And an NFC antenna module 52 for transmitting the second security data to the external device.

The second security data is in particular security-sensitive data stored in the main processing module 4. It should be noted that, after receiving the reading instruction of the second security data, the secure communication module triggers the NFC controller 51 to read the second security data stored in the main processor 4.

The safety communication module realizes the NFC function through the built-in NFC processing module 5. By utilizing the NFC function, the safety communication module can perform information interaction with external equipment in a near field wireless communication mode.

In addition, the NFC antenna module 52 is further configured to receive second data information from an external device; the NFC controller 51 is further configured to acquire second data information from the NFC antenna module, and transmit the second data information to the host processor. Therefore, the secure communication module acquires data from the external equipment in an NFC mode.

In the embodiment of the present application, when the secure communication module is actually applied, the main control module 4 in the secure communication module plays different roles according to the difference of the secure operation instruction.

When the security operation instruction is an encryption instruction, the main processing module 4 is specifically configured to: acquiring first data information and a safety operation instruction from the communication interface module, encrypting the first data information to generate first safety data, and transmitting the first safety data to the communication interface module;

when the security operation instruction is a decryption instruction, the main processing module 4 is specifically configured to: acquiring first data information and a safety operation instruction from the communication interface module, decrypting the first data information to generate first safety data, and transmitting the first safety data to the communication interface module;

when the security operation instruction is an authentication instruction, the main processing module 4 is specifically configured to: acquiring first data information and a safety operation instruction from a communication interface module, encrypting the first data information by using a first preset key to generate first safety data, and transmitting the first safety data to the communication interface module, wherein the first data information is a random number;

when the secure operation instruction is a data tamper-resistant instruction, the main processing module 4 is specifically configured to: acquiring first data information and a safety operation instruction from the communication interface module, and encrypting the first data information by using a second preset key to generate first safety data; and adding first safety data to the first data information and transmitting the first safety data to the communication interface module.

In the following embodiments, the description will be continued for the processes corresponding to the various types of security operation instructions.

As shown in fig. 2, the secure communication module further includes a memory 7 and a power management chip 6. The memory 7 is used for storing temporary or permanent data. The power management chip 6 is used for power management of the secure communication module.

The embodiment of the application provides a safe communication module, and this safe communication module includes: the device comprises a communication interface module and a main processing module. The communication interface module is used for receiving first data information and a safety operation instruction from the current equipment and/or external equipment. And the main processing module is used for acquiring the first data information and the safety operation instruction from the communication interface module, performing safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the communication interface module. The safety communication module is internally integrated with the main processing module with the safety function, and provides support for encryption and decryption, tamper resistance and safety authentication of identity of communication data.

Referring to fig. 3, fig. 3 is a schematic structural diagram of another secure communication module according to an embodiment of the present application. As shown in fig. 3, the secure communication module includes: the communication interface module 1, the main control module 4 includes baseband chip 2 and security chip 3.

The baseband chip 2 is used for baseband signal processing, protocol processing, and the like. Specifically, the baseband chip 2 is configured to obtain the first data information and the security operation instruction from the communication interface module 1, and transmit the first data information and the security operation instruction to the security chip 3.

And the safety chip 3 is used for performing safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the baseband chip 2.

In the embodiment of the application, the safety chip is arranged in the safety communication module, so that the first data information can be safely operated inside the safety communication module, and the data safety in the communication process is ensured.

The baseband chip 2 is further configured to transmit the first security data to the communication interface module 1.

In this embodiment, the functions of the communication interface module 1 are the same as those of the above embodiments, and for the relevant description, reference may be made to the above embodiments, which are not described herein again.

Therefore, through the secure communication module provided by the embodiment of the application, the secure chip built in the secure communication module performs the secure operation corresponding to the secure operation instruction on the received first data information, and the obtained first secure data is used for transmission and has security.

Referring to fig. 4, fig. 4 is a schematic structural diagram of another secure communication module provided in the embodiment of the present application. As shown in fig. 4, the communication interface module 1 comprises a secure communication module external interface 11 and/or an antenna module 12.

The secure communication module external interface 11 is configured to receive first data information and a secure operation instruction from the current device and/or the external device, and transmit first security data to the current device and/or the external device.

That is, the secure communication module external interface 11 may be used to transmit and receive data to and from the current device and/or the external device, and the antenna module 12 may be used to transmit and receive data to and from the external device.

As an example, the antenna module 12 includes an antenna interface, a radio frequency front end module, and a radio frequency transceiver chip. The antenna interface and the radio frequency front end module are used for being connected with an external antenna to realize the receiving and sending of communication signals under different frequencies. The antenna interface and the radio frequency front end module specifically comprise a radio frequency power amplifier, a radio frequency low noise amplifier, a radio frequency switch, a filter, a duplexer and the like. The radio frequency transceiver chip is used for modulating/demodulating, analog-to-digital/digital-to-analog converting and the like the communication signals received from the antenna interface and the radio frequency front end module, and then sending the processed communication signals to the baseband chip 2.

As shown in fig. 4, the secure communication module further includes: an NFC processing module 5; the NFC processing module 5 includes: an NFC controller 51 and an NFC antenna module 52.

The NFC controller 51 is configured to read the second security data stored in the secure chip 3, and transmit the second security data to the NFC antenna module 52.

The second security data is in particular security sensitive data stored in the security chip 3. It should be noted that, after receiving the reading instruction of the second security data, the secure communication module triggers the NFC controller 51 to read the second security data stored in the secure chip 3.

In order to facilitate understanding of the NFC function of the secure communication module, an exemplary process of the secure communication module using the built-in NFC controller 51 and the NFC antenna module 52 to implement communication is described below. Referring to fig. 5a, fig. 5a is a schematic diagram illustrating that a secure communication module according to an embodiment of the present application implements communication based on an NFC function. As shown in fig. 5a, the communication process includes steps S501-S506:

s501: and the external equipment sends a reading instruction for reading the second security data in the security chip to the NFC antenna module.

Specifically, the external device sends a reading instruction for reading the second security data in the security chip to the NFC antenna module through the internal module with the NFC function.

As an example, the external device includes other NFC terminals.

S502: and the NFC antenna module sends the reading instruction for reading the second security data to the NFC controller.

As an example, the NFC antenna module is embodied as an NFC antenna interface.

S503: and the NFC controller sends an instruction for reading the second security data to the security chip.

S504: the secure chip returns the second security data to the NFC controller.

S505: the NFC controller returns the second security data to the NFC antenna module.

S506: the NFC antenna module transmits the second security data to the external device.

In addition, the NFC antenna module 52 is further configured to receive second data information from an external device. The NFC controller 51 is further configured to obtain second data information from the NFC antenna module 52, and transmit the second data information to the baseband chip 2. Therefore, the secure communication module acquires data from the external equipment in an NFC mode.

Referring to fig. 5b, fig. 5b is a schematic diagram of another secure communication module according to an embodiment of the present application, implementing communication based on an NFC function. As shown in fig. 5b, the communication process includes steps S507-S512:

s507: and the baseband chip sends a reading instruction for reading the second data information to the NFC controller.

S508: and the NFC controller sends the reading instruction for reading the second data information to the NFC antenna module.

S509: and the NFC antenna module sends the reading instruction for reading the second data information to the external equipment.

S510: and the external equipment sends the second data information to the NFC antenna module, and the NFC antenna module receives the second data information from the external equipment.

S511: and the NFC antenna module sends the second data information to the NFC controller.

S512: and the NFC controller sends the second data information to the baseband chip.

Therefore, the baseband chip is triggered to read the second data information, and the secure communication module acquires the second data information from the external equipment in an NFC mode.

As shown in fig. 4, the secure communication module further includes a memory 7 and a power management chip 6. The memory 7 is used for storing temporary or permanent data. The power management chip 6 is used for power management of the secure communication module.

In order to facilitate understanding of the internal structure of the security chip, the embodiment of the present application provides a schematic diagram of the internal structure of the security chip 3. Specifically, referring to fig. 6, fig. 6 is a schematic diagram of an internal structure of a security chip provided in the embodiment of the present application. As shown in fig. 6, the secure chip 3 includes: a secure chip external interface 31, a processor 32, and a secure operating module 33.

The secure chip external interface 31 is configured to obtain the first data information and the secure operation instruction from the baseband chip 2. The processor 32 is configured to obtain the first data information and the security operation instruction from the security chip external interface 31, call the security operation module 33 to perform a security operation corresponding to the security operation instruction on the first data information, generate first security data, and transmit the first security data to the security chip external interface 31. A secure chip external interface 31 for transmitting the first security data to the baseband chip 2.

The security operation module 33 may implement various security operations corresponding to the security operation instruction, such as an encryption operation and a decryption operation.

Referring to fig. 7, fig. 7 is a schematic diagram of an internal structure of another security chip provided in the embodiment of the present application. It should be noted that the specific structure of the security chip is not limited to the structure shown in fig. 7, which is only one example of the internal structure of the security chip in the practical application process.

As shown in fig. 7, the security chip 3 includes a central processing unit CPU, a read only memory RAM, a non-volatile memory NVM, a one-time programmable memory OTP, a non-volatile memory ROM, an environment detection module, a bus, a cyclic redundancy check CRC, a true random number generator TRNG, an encryption engine CryptoEngine, a timer Timers, a watchdog WDT, an external interface, and a clock generator OSC/PLL. The secure chip external interface 31 in fig. 6 may be the external interface in fig. 7, the processor 32 in fig. 6 may be the CPU in fig. 7, and the secure operation module 33 in fig. 6 may include CryptoEngine, TRNG, RAM, NVM, and the like in fig. 7.

It should be noted that data in the RAM is lost after the device is powered down. After the equipment is powered down, data in the NVM is not lost and can be written repeatedly. The OTP is used to store write-once data. After the power of the equipment is cut off, the data in the ROM is not lost and can not be written repeatedly. The environment detection module is used for detecting external environment and giving an alarm for abnormal behaviors, such as voltage, frequency, light, temperature, burrs and the like. The bus is a transmission channel of data or instructions of each part. CryptoEngine provides a core encryption/decryption algorithm library implementation. The external interface includes various external communication interfaces, such as 7816 interface, serial peripheral interface SPI, I2C interface, general purpose input/output GPIO interface, UART interface, etc.

In fig. 7, the secure chip external interface is used to obtain the first data information and the secure operation instruction from the baseband chip 2. The CPU of the processor obtains first data information and a safety operation instruction from an external interface through a bus, then sends an instruction through the bus, calls safety operation modules such as CryptoEngine, TRNG, RAM, NVM and the like to perform safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and then transmits the first safety data to the external interface of the safety chip through the bus. The external interface transmits the first security data to the baseband chip 2.

In the embodiment of the application, when the secure communication module is actually applied, the secure chip in the secure communication module plays different roles according to different secure operation instructions. In order to facilitate understanding of the function of the security chip in the secure communication module to guarantee data security under different security operation commands, the following description will be made with reference to fig. 8 to 10.

When the security operation instruction is an encryption instruction, the security chip is specifically configured to: and encrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip.

When the secure operation instruction is a decryption instruction, the secure chip is specifically configured to: and decrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip. Namely, when the external device transmits the sensitive data to the current device, the sensitive data is decrypted through the security chip in the security communication module, and then the first security data is generated and then the subsequent processing is performed.

The communication process when the security operation instruction is an encryption instruction is exemplarily described with reference to fig. 8. Referring to fig. 8, fig. 8 is a schematic diagram illustrating a secure communication module for implementing communication according to an embodiment of the present application. As shown in fig. 8, the specific steps are as follows:

s801: the current equipment collects first data information and acquires an encryption instruction.

As an example, the current device is an internet of things terminal with a secure communication module inside. The first data information is the original information of the external environment or the system. The first data information is sensitive data and needs to be encrypted for transmission.

As an example, the current device collects first data information via a sensor.

S802: the current equipment transmits the first data information and the encryption instruction to a safety communication module in the current equipment.

When the security communication module is implemented specifically, the current device transmits the first data information and the encryption instruction to a communication interface module in the security communication module.

S803: the safety communication module transmits the first data information and the encryption instruction to a safety chip in the safety communication module.

During specific implementation, the safety communication module sends the first data information to the baseband chip through the communication interface module, and the baseband chip transmits the first data information and the encryption instruction to the safety chip.

S804: the security chip encrypts the received first data information to obtain first security data.

S805: and the security chip transmits the first security data to the security communication module.

In specific implementation, the security chip transmits the first security data to the communication interface module through the baseband chip.

S806: the secure communication module transmits the first security data to the external device.

In specific implementation, the communication interface module sends the first security data to the external device. As an example, the external device is an internet of things platform or other terminal.

In fig. 8, the external device sends the first data information to the secure communication module inside the current device through the current device, and the secure communication module directly sends the encrypted first security data to the external device. In addition, the safety communication module can also send the first safety data to the external equipment through the current equipment.

In the communication process example, when the current internet of things terminal device transmits sensitive data to external devices such as an internet of things platform or other internet of things terminal devices, the sensitive data is encrypted through a security chip in the security communication module and then transmitted to the external devices through the current internet of things terminal device.

When external equipment such as an Internet of things platform or other Internet of things terminal equipment transmits sensitive data to the current Internet of things terminal equipment, the sensitive data can be decrypted through a safety chip in the safety communication module, and then subsequent processing is carried out.

When the security operation instruction is an authentication instruction, the security chip is specifically configured to: and encrypting the first data information by using a first preset key to generate first safety data, and transmitting the first safety data to the baseband chip, wherein the first data information is a random number.

The communication process when the security operation instruction is an authentication instruction is exemplified with reference to fig. 9. Referring to fig. 9, fig. 9 is a schematic view of another implementation of communication by using a secure communication module according to an embodiment of the present application. As shown in fig. 9, the specific steps are as follows:

s901: the external device generates the first data information and the authentication command.

Wherein, the first data information is a random number. As an example, the external device includes an internet of things platform or other terminal.

S902: and the external equipment sends the first data information and the identity verification instruction to the current equipment.

As an example, the current device is an internet of things terminal device with a secure communication module arranged inside.

S903: and the current equipment sends the received first data information and the identity verification instruction to a safety communication module in the current equipment.

When the security communication module is implemented specifically, the current device sends the received first data information to the communication interface module in the security communication module.

S904: and the security communication module in the current equipment sends the received first data information and the identity verification instruction to a security chip in the security communication module.

During specific implementation, a communication interface module in the secure communication module sends the first data information and the identity verification instruction to a baseband chip in the secure communication module, and the baseband chip transmits the received first data information and the identity verification instruction to a secure chip in the secure communication module.

S905: and the security chip in the security communication module encrypts the first data information by using a first preset key to generate first security data.

As an example, the first preset key is a built-in key and information such as an ID.

S906: and the safety chip in the safety communication module sends the first safety data to the safety communication module.

In specific implementation, the secure chip in the secure communication module sends the first security data to the baseband chip in the secure communication module. The baseband chip transmits the first safety data to a communication interface module of the safety communication module.

S907: and the safety communication module transmits the received first safety data to the external equipment.

Specifically, the security communication module transmits the received first security data to the external device through the communication interface module. In some embodiments, the secure communication module transmits the received first security data to the current device through the communication interface module, and then the current device transmits the first security data to the external device.

S908: and the external equipment encrypts the first data information by using a first preset key of the current equipment, compares the first data information with the received first safety data and verifies the first data information, if the first data information is consistent with the received first safety data, the external equipment passes the identity authentication of the current equipment, and if the first data information is inconsistent with the received first safety data, the external equipment does not pass the identity authentication.

In the communication process example, when the current terminal equipment of the internet of things is in communication interaction with external equipment such as a platform of the internet of things or other terminal equipment of the internet of things, the safety certification of the identity of the terminal of the internet of things is realized through the safety chip in the safety communication module, and the validity of the identity of the terminal of the internet of things is guaranteed.

When the secure operation instruction is a data tamper-resistant instruction, the secure chip is specifically configured to: and encrypting the first data information by using a second preset key to generate first security data. The baseband chip is specifically used for adding first security data to the first data information and transmitting the first security data to the communication interface module.

A communication process when the security operation instruction is a data tamper-proof instruction is exemplarily described with reference to fig. 10. Referring to fig. 10, fig. 10 is a schematic view of another implementation of communication using a secure communication module according to an embodiment of the present application. As shown in fig. 10, the specific steps are as follows:

s1001: the current equipment acquires first data information and a data tamper-proof instruction.

As an example, the first data information is external environment or system raw information, and the first data information is sensitive data.

As an example, the current device collects first data information via a sensor and generates data tamper-resistant instructions.

As an example, the current device is an internet of things terminal with a secure communication module inside.

S1002: the current equipment transmits the first data information and the data anti-tampering instruction to a secure communication module in the current equipment.

When the equipment is specifically implemented, the current equipment transmits the first data information and the data anti-tampering instruction to a communication interface module in a safety communication module in the current equipment.

S1003: and the secure communication module transmits the first data information and the data anti-tampering instruction to a secure chip in the secure communication module.

During specific implementation, the communication interface module of the secure communication module transmits the first data information and the data tamper-proof instruction to the baseband chip in the secure communication module, and the baseband chip transmits the first data information and the data tamper-proof instruction to the secure chip in the secure communication module.

S1004: the security chip encrypts the received first data information by using a second preset key to generate first security data.

In specific implementation, the first security data is a check code.

S1005: the safety chip sends the generated first safety data to the safety communication module.

Specifically, the secure chip sends the generated first security data to a baseband chip in the secure communication module.

S1006: the safety communication module adds first safety data after the first data information.

Specifically, a baseband chip in the secure communication module adds first security data after first data information.

S1007: the safety communication module adds first safety data to the first data information and sends the first safety data to the external equipment.

Specifically, a baseband chip in the secure communication module transmits the first data information added with the first security data to the communication interface module, and the communication interface module transmits the first data information added with the first security data to the external device. As an example, the external device includes an internet of things platform/other internet of things terminal.

In some embodiments, the communication interface module adds the first security data to the first data information and transmits the first data information to the current device, and the current device then adds the first security data to the first data information and transmits the first data information to the external device.

S1008: and the external equipment encrypts the received first data information field by using a second preset key of the current equipment to generate a check code, compares the check code with the first safety data field in the received data to verify, if the check code is consistent with the first safety data field, the first data information received by the external equipment is proved to be not tampered, and if the check code is inconsistent with the first safety data field, the first data information is proved to be tampered.

In the communication process example, when the current internet of things terminal device transmits sensitive data to external devices such as an internet of things platform or other internet of things terminal devices, the sensitive data needs to be added with a check code through a safety chip in a safety communication module and then transmitted to the external devices such as the internet of things platform or other internet of things terminal devices, the check code of the sensitive data is verified by the external devices such as the internet of things platform or other internet of things terminal devices, and after the check code passes, subsequent processing is performed. Similarly, when external equipment such as an internet of things platform or other internet of things terminal equipment transmits sensitive data to the current internet of things terminal equipment, the check code of the sensitive data is verified and passes through the safety chip in the safety communication module, and then subsequent processing is performed.

It should be noted that, when the secure chip 3 has an internal structure as shown in fig. 6, the secure chip external interface, the processor and the secure operation module in the secure chip have different functions in the data communication process according to different secure operation instructions.

Specifically, when the secure operation instruction is an encryption instruction, the processor is specifically configured to: the method comprises the steps of obtaining first data information and a safety operation instruction from a safety chip external interface, calling a safety operation module to encrypt the first data information, generating first safety data, and transmitting the first safety data to the safety chip external interface.

When the secure operation instruction is a decryption instruction, the processor is specifically configured to: the method comprises the steps of obtaining first data information and a safety operation instruction from a safety chip external interface, calling a safety operation module to decrypt the first data information, generating first safety data, and transmitting the first safety data to the safety chip external interface.

When the security operation instruction is an authentication instruction, the processor is specifically configured to: the method comprises the steps of obtaining first data information and a safety operation instruction from a safety chip external interface, calling a safety operation module to encrypt the first data information by using a first preset secret key to generate first safety data, and transmitting the first safety data to the safety chip external interface.

When the secure operation instruction is a data tamper-resistant instruction, the processor is specifically configured to: the method comprises the steps of obtaining first data information and a safety operation instruction from a safety chip external interface, calling a safety operation module to encrypt the first data information by using a second preset secret key to generate first safety data, and transmitting the first safety data to the safety chip external interface.

It should be noted that, when the secure operation instruction is different, the specific communication process implemented based on the secure chip external interface, the processor and the secure operation module may refer to fig. 8 to fig. 10, and will not be described in detail here.

The embodiment of the application provides a safe communication module, and this safe communication module includes: the device comprises a communication interface module and a main processing module, wherein the main processing module comprises a baseband chip and a safety chip. The communication interface module is used for receiving first data information and a safety operation instruction from the current equipment and/or external equipment. The baseband chip is used for acquiring the first data information and the safety operation instruction from the communication interface module and transmitting the first data information and the safety operation instruction to the safety chip. The safety chip is used for carrying out safety operation corresponding to the safety operation instruction on the first data information, generating first safety data and transmitting the first safety data to the baseband chip. The baseband chip is further configured to transmit the first security data to the communication interface module, and the communication interface module is further configured to transmit the first security data to the current device and/or the external device. The safety communication module provides support for encryption and decryption, tamper resistance and safety authentication of identity of communication data through the safety chip integrated inside.

The embodiment of the application also provides a flow chart of the secure communication method. Referring to fig. 11, fig. 11 is a flowchart of a secure communication method according to an embodiment of the present application. The method is applied to a safety communication module, and the safety communication module comprises the following steps: communication interface module, baseband chip and security chip. As shown in fig. 11, the method includes steps S1101-S1105:

s1101: the communication interface module receives first data information and a safety operation instruction from the current device and/or the external device.

S1102: the main processing module acquires the first data information and the safety operation instruction from the communication interface module.

S1103: and the main processing module carries out safety operation corresponding to the safety operation instruction on the first data information to generate first safety data and transmits the first safety data to the communication interface module.

S1104: the communication interface module transmits the first security data to the current device and/or the external device.

when the safety operation instruction is a decryption instruction, the main processing module performs a safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and transmits the first safety data to the communication interface module, including:

when the safety operation instruction is an identity verification instruction, the main processing module performs safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and transmits the first safety data to the communication interface module, and the method comprises the following steps:

the main processing module encrypts first data information by using a first preset secret key to generate first safety data, and transmits the first safety data to the communication interface module, wherein the first data information is a random number;

when the safety operation instruction is a data tamper-proof instruction, the main processing module performs safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and transmits the first safety data to the communication interface module, and the method comprises the following steps:

the main processing module encrypts the first data information by using a second preset secret key to generate first safety data; and adding first safety data to the first data information and transmitting the first safety data to the communication interface module.

the main processing module obtains the first data information and the safety operation instruction from the communication interface module, including:

the baseband chip acquires first data information and a safety operation instruction from the communication interface module and transmits the first data information and the safety operation instruction to the safety chip;

the main processing module carries out safety operation corresponding to the safety operation instruction on the first data information, generates first safety data and transmits the first safety data to the communication interface, and the method comprises the following steps:

the safety chip carries out safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and the first safety data are transmitted to the baseband chip.

In a possible implementation manner, when the security operation instruction is an encryption instruction, the security chip performs a security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the baseband chip, including:

when the safety operation instruction is a decryption instruction, the safety chip performs safety operation corresponding to the safety operation instruction on the first data information, generates first safety data, and transmits the first safety data to the baseband chip, and the method comprises the following steps:

when the safety operation instruction is an identity verification instruction, the safety chip performs safety operation corresponding to the safety operation instruction on the first data information, generates first safety data, and transmits the first safety data to the baseband chip, and the method comprises the following steps:

encrypting the first data information by using a first preset key to generate first safety data, and transmitting the first safety data to a baseband chip, wherein the first data information is a random number;

when the safety operation instruction is a data tamper-proof instruction, the safety chip performs safety operation corresponding to the safety operation instruction on the first data information to generate first safety data, and transmits the first safety data to the baseband chip, and the method comprises the following steps:

and adding first safety data to the first data information and transmitting the first safety data to the communication interface module.

It should be noted that the secure communication method provided in this embodiment may be applied to a secure communication module, which may be the secure communication module provided in the foregoing embodiment, and for the description of the relevant functions and principles of the secure communication module, reference may be made to the foregoing embodiment, which is not described herein again.

Through the secure communication method provided by the embodiment of the application, the method is applied to a secure communication module, and the secure communication module comprises: the device comprises a communication interface module and a main processing module. The method comprises the following steps: the communication interface module receives first data information and a safety operation instruction from the current device and/or the external device. The main processing module acquires the first data information and the safety operation instruction from the communication interface module, carries out safety operation corresponding to the safety operation instruction on the first data information, generates first safety data, and transmits the first safety data to the communication interface module. The communication interface module transmits the first security data to the current device and/or the external device. By the aid of the safety communication method, the safety communication module performs safety operation corresponding to the safety operation instruction on the received first data information to obtain the first safety data. The first safety data is used for transmission and has safety.

It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the system or the device disclosed by the embodiment, the description is simple because the system or the device corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.

It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A secure communications module, comprising:

2. The secure communications module of claim 1, wherein the communications interface module comprises: a secure communication module external interface and/or antenna module;

3. The secure communications module of claim 1 or 2, further comprising: a Near Field Communication (NFC) processing module;

4. The secure communications module of claim 3,

the NFC antenna module is further used for receiving second data information from the external equipment;

5. The secure communications module of claim 1,

when the security operation instruction is an encryption instruction, the main processing module is specifically configured to: acquiring the first data information and the safety operation instruction from the communication interface module, encrypting the first data information to generate first safety data, and transmitting the first safety data to the communication interface module;

6. The secure communication module according to claim 1 or 2, wherein the main processing module comprises: a baseband chip and a security chip;

7. The secure communications module of claim 6, further comprising: an NFC processing module;

8. The secure communications module of claim 7,

9. The secure communication module of claim 6, wherein when the secure operation command is an encryption command, the secure chip is specifically configured to: encrypting the first data information to generate first safety data, and transmitting the first safety data to the baseband chip;

10. The secure communication module of claim 6 or 9, wherein the secure chip comprises: the system comprises a safety chip external interface, a processor and a safety operation module;

11. The secure communications module of claim 10, wherein when the secure operation command is an encryption command, the processor is specifically configured to: acquiring the first data information and the safety operation instruction from the safety chip external interface, calling the safety operation module to encrypt the first data information to generate first safety data, and transmitting the first safety data to the safety chip external interface;

12. A secure communication method is applied to a secure communication module, and the secure communication module comprises the following steps: the system comprises a communication interface module and a main processing module; the method comprises the following steps:

13. The method of claim 12, wherein the secure communication module further comprises: NFC processing module: the NFC processing module comprises: an NFC controller and an NFC antenna module; the method further comprises the following steps:

14. The method of claim 12, wherein when the security operation command is an encryption command, the main processing module performs a security operation corresponding to the security operation command on the first data information to generate first security data, and transmits the first security data to the communication interface module, and the method includes:

15. The method of claim 12, wherein the master control module comprises a baseband chip and a secure chip;

16. The method of claim 15,

when the security operation instruction is an encryption instruction, the security chip performs security operation corresponding to the security operation instruction on the first data information to generate first security data, and transmits the first security data to the baseband chip, including: