CN110297800B - Method and system for realizing stable communication between main control chip and security chip - Google Patents

Abstract

The invention discloses a method and a system for realizing stable communication between a main control chip and a security chip, wherein the method comprises the following steps: the main control chip sends data to the security chip, and a second timer is started to start timing; the safety chip receives data sent by the main control chip, starts a first timer to start timing, operates according to the data, returns an operation response to the main control chip, and closes the first timer; the main control chip judges the type of the received data, if the type of the received data is an operation response, the second timer is closed, and the operation response is processed; if the time delay request is the time delay request, resetting the second timer and starting to time; when the first timer reaches the first preset time, the first timer enters interruption, the safety chip sends a delay request to the main control chip, resets the first timer and exits the interruption; the main control chip judges whether the waiting time is over through a second timer, and if so, an error is reported; otherwise, the data continues to be waited for to be received. The invention ensures the normal communication between the main control chip and the safety chip.

Description

Method and system for realizing stable communication between main control chip and security chip

Technical Field

The invention relates to the technical field of communication, in particular to a method and a system for realizing stable communication between a main control chip and a security chip.

Background

The intelligent device comprises a security chip (SE for short in English and Chinese name: Secure Element) and a main control chip (MCU for short in English and Chinese name: Microcontroller Unit), and data transmission is carried out between the MCU and the SE. When the safety chip is used in other circuit modules needing SE participation, such as smart homes or the Internet of things, data transmission between the MCU and the SE is realized only by a communication protocol of a physical layer at present, the traditional communication protocol of the physical layer comprises SPI (full duplex, synchronous communication bus) and I2C (parallel bus), and the completeness of application data communication cannot be ensured by using the existing communication protocol of the physical layer because the logic of the physical layer is simple, the data response speed is high, the SE function is complex, and the response time to different instructions is different; and the SE cannot return a response to the MCU after the data is not processed within the preset time, the false death phenomenon of the SE occurs, and the normal communication between the MCU and the SE cannot be ensured. It is therefore desirable to provide a method for enabling communication between an SE and an MCU (i.e., a main control chip).

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a method and a system for realizing stable communication between a main control chip and a security chip.

The invention provides a method for realizing stable communication between a main control chip and a security chip, which comprises the following steps:

step A1: powering on the main control chip and initializing a second timer; powering on the security chip and initializing a first timer;

step A2: the main control chip sends data to the security chip, opens the second timer to start timing, and waits for receiving the data returned by the security chip;

step A3: when the security chip receives the data sent by the main control chip, the first timer is started to time;

step A4: the security chip operates according to the received data, returns an operation response to the main control chip and closes the first timer;

step A5: when the main control chip receives data, judging the type of the received data, if the type of the received data is an operation response, closing the second timer, and processing the operation response; if the request is a delay request, resetting the second timer, starting to time, waiting for receiving data, and returning to the step A5;

entering an interrupt when the first timer reaches a first preset time, the interrupt comprising: the safety chip sends a delay request to the main control chip, resets the first timer and exits from interruption;

between the step A3 and the step A5, the method further comprises the following steps: the main control chip judges whether the waiting time is over or not through the second timer, and if so, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip.

The invention also provides a system for realizing stable communication between the main control chip and the safety chip, which comprises the main control chip and the safety chip, wherein the main control chip comprises a second initialization module, a second timer, a second sending module, a second receiving module, a first judgment module, a second resetting module, a second judgment module and a first processing module; the security chip includes: the device comprises a first initialization module, a first receiving module, a first timer, an operation module, a first sending module and an interrupt processing module;

the second initialization module is used for initializing a second timer after the main control chip is powered on;

the first initialization module is used for initializing a first timer after the security chip is powered on;

the second sending module is used for sending data to the security chip and opening the second timer;

the second timer is used for starting timing after being started;

the first receiving module is used for receiving the data sent by the second sending module and opening the first timer;

the first timer is used for starting timing after being started;

the operation module is used for operating according to the received data received by the first receiving module;

the first sending module is configured to return an operation response of the operation module to the main control chip, and close the first timer;

the second receiving module is configured to receive the data sent by the first sending module;

the first judging module is configured to judge a type of the data received by the second receiving module, and if the type of the data is an operation response, close the second timer and trigger the first processing module; if the request is a delay request, triggering the second reset module;

the second resetting module is used for resetting the second timer and turning on;

the first processing module is used for processing the operation response;

the interrupt processing module is used for sending a delay request to the main control chip when the first timer reaches a first preset time and resetting the first timer;

the second judging module is used for judging whether the main control chip waits for overtime through the second timer, and if yes, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip, and triggering the second receiving module.

Compared with the prior art, the invention has the following advantages:

the invention provides a reliable communication method with less resource consumption and relatively simple realization for the MCU and the SE, solves the normal communication between the MCU and the SE, and ensures the complete transmission of application data.

Drawings

Fig. 1 is a flowchart of a method for implementing stable communication between a main control chip and a security chip according to an embodiment of the present invention;

fig. 2 and fig. 3 are flowcharts of an implementation method for stable communication between a main control chip and a security chip according to a second embodiment of the present invention;

fig. 4-fig. 6 are flowcharts of a method for implementing stable communication between a main control chip and a security chip according to a third embodiment of the present invention;

fig. 7 is a block diagram of a system for implementing stable communication between a main control chip and a security chip according to a fourth embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example one

An implementation method for stable communication between an MCU and an SE according to an embodiment of the present invention, as shown in fig. 1, includes:

step A1: the MCU is powered on and initializes a second timer; the SE is powered on and a first timer is initialized;

step A2: the MCU sends data to the SE, a second timer is started to start timing, and data returned by the SE are waited to be received;

step A3: when the SE receives data sent by the MCU, starting a first timer to start timing;

step A4: the SE operates according to the received data, returns an operation response to the MCU and closes the first timer;

step A5: when the MCU receives the data, judging the type of the received data, if the type of the received data is an operation response, closing the second timer, and processing the operation response; if the request is a delay request, resetting the second timer and starting to time, waiting for receiving data, and returning to the step A5;

entering an interrupt when the first timer reaches a first preset time, the interrupt comprising: the SE sends a delay request to the MCU, resets the first timer and exits from interruption;

in this embodiment, the step A3 and the step a5 further include: the MCU judges whether the waiting time is out or not through the second timer, if so, an error is reported to the application layer; otherwise, the data returned by the SE is continuously waited for to be received. The communication parameters of the safety chip comprise first preset time, and the MCU judges whether to wait for overtime through the second timer, specifically: the MCU judges whether the time value of the second timer is greater than a first preset time, if so, the MCU waits for overtime, otherwise, the MCU does not wait for overtime;

in the method of the embodiment, a timer is respectively arranged at two sides of the MCU and the SE and is used for appointing the waiting time (namely, the first preset time), if the SE does not process the data in the appointed time, a delay request is sent to the MCU, namely, the MCU waits for the appointed time again, and the SE side continues processing, so that the SE false death phenomenon is effectively prevented, and the normal communication between the MCU and the SE is ensured.

There are various implementations of the method of the present embodiment, and the detailed description is specifically provided in the following manner.

First, between step a1 and step a2, the method further comprises:

step Y11: the MCU organizes and generates a reset request according to the communication parameters of the host and sends the reset request to the SE; the host communication parameters comprise the maximum frame length which can be received by the host;

step Y12: the SE analyzes the reset request to obtain host communication parameters, organizes and generates a reset response according to the communication parameters of the security chip of the SE and returns the reset response to the MCU;

step Y13: and the MCU receives a reset response returned by the SE, acquires the communication parameters of the security chip from the reset response, and acquires the maximum receivable frame length of the security chip, the first preset time and the checksum algorithm used by the SE according to the communication parameters of the security chip.

In this embodiment, step a1 further includes: the MCU initializes a second block number; the SE initializes a first block number;

step a2 includes:

step A21: the MCU judges whether the data block chain transmission is carried out, if so, the chain transmission identifier is set, the data to be transmitted are subpackaged according to the maximum frame length which can be received by the security chip, a first type data block is generated according to the chain transmission identifier, a second block number and a first unprocessed data packet organization, the step A22 is executed, otherwise, the first type data block is generated according to the data to be transmitted and the second block number organization, and the step A22 is executed;

step A22: and the MCU sends the first type data block to the SE, starts a second timer to start timing, and waits for receiving the data block returned by the SE.

In this embodiment, step a4 includes:

step A41: the SE judges the type of the data block according to the command header in the data block, if the data block is the first type data block, the step A42 is executed, and if the data block is the second type data block, the step A49 is executed;

in this embodiment, step a41 is preceded by: and when the SE receives the data block, acquiring a checksum from the received data block, judging whether the received data block is valid according to the checksum, if so, executing the step A41, otherwise, reporting an error to the MCU by the SE, closing the first timer, and waiting for receiving the data.

Step A42: the SE acquires a data field from the received first type data block, acquires a link indicating bit and a received block number according to a command header in the first type data block, and stores a link transmission identifier according to the link indicating bit;

in this embodiment, the step a42 and the step a43 further include: and the SE judges whether the data length in the data block is greater than the maximum frame length which can be received by the SE, if so, the SE reports an error to the MCU, closes the first timer and waits for receiving data, otherwise, the step A43 is executed.

Step A43: the SE reverses the first block number, judges whether a second type data block needs to be sent to the MCU according to the received block number and the stored link identifier, if so, executes the step A44, otherwise, executes the step A45;

step A44: the SE sends a second type data block containing success information and a first block number to the MCU, closes the first timer and waits for receiving data;

step A45: the SE executes corresponding operation according to the data of the data field and generates response data;

step A46: the SE judges whether data block chain transmission is carried out, if so, the step A47 is executed, otherwise, the step A48 is executed;

step A47: the SE packetizes the response data according to the maximum frame length which can be received by the host to obtain a plurality of response data packets, organizes a first type data block according to an unprocessed first response data packet and a first block number and sends the first type data block to the MCU, closes the first timer and waits for receiving data;

step A48: the SE organizes the response data and the first block number to obtain a first type data block, sends the first type data block to the MCU, closes the first timer and waits for receiving data;

step A49: the SE obtains a received block number from a command header in the data block, judges whether the received block number is the same as the first block number or not, retransmits the first type data block transmitted last time to the MCU if the received block number is the same as the first block number, closes the first timer, waits for receiving data, and otherwise executes the step A410;

step A410: and the SE inverts the first block number, organizes the first type data block according to the first block number and the unprocessed next response data packet and sends the first type data block to the MCU, closes the first timer and waits for receiving data.

Optionally, the SE reports an error to the MCU, specifically: the SE sends a second type of data block containing error information and the first block number to the MCU.

Specifically, in this embodiment, the processing the operation response includes:

step A51: the MCU acquires a command header and a data field from the received data block;

in this embodiment, the step a51 and the step a52 further include: and the MCU judges whether the check value in the received data block is correct or not according to the checksum algorithm used by the SE, if so, the step A52 is executed, otherwise, the MCU reports an error to the SE, and a second timer is started to start timing to wait for receiving data.

Step A52: the MCU judges the type of the data block according to the command header, if the data block is a first type data block, the step A53 is executed, and if the data block is a second type data block, the step A56 is executed; if the data block is the third type data block, executing step A59;

in this embodiment, the step a52 and the step a53 further include: and the MCU judges whether the data length in the received data block is greater than the maximum frame length which can be received by the host computer, if so, the MCU reports an error to the SE, opens a second timer to start timing, waits for receiving data, and otherwise, executes the step A53.

Step A53: the MCU obtains a link indicating bit and a received block number according to the command header, judges whether the received block number is the same as the second block number, if so, executes the step A54, otherwise, the MCU reports an error to the SE, opens a second timer to start timing, and waits for receiving data;

step A54: the MCU reverses the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step A55: the MCU judges whether a second type data block needs to be sent to the SE or not according to the stored chain transmission identifier, if so, the MCU sends the second type data block containing success information and a second block number to the SE, and opens a second timer to start timing and wait for receiving data; otherwise, the MCU returns response data to the application layer according to the stored data domain, and the operation is finished;

step A56: the MCU judges whether the data length is 0, if so, the step A57 is executed, otherwise, the MCU returns error information to the application layer, and the operation is finished;

step A57: the MCU obtains a received block number according to the command header, judges whether the received block number is the same as the second block number, if so, executes the step A58, otherwise, retransmits the first type data block which is transmitted last time to the SE, opens a second timer to start timing, and waits for receiving data;

step A58: the MCU reverses the second block number, organizes according to the next data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the SE, opens a second timer to start timing, and waits for receiving data;

step A59: the MCU resets the second timer and starts to time, and waits for receiving data.

The MCU reporting an error to the SE in the above step specifically includes: the MCU sends the second type data block containing the error information and the second block number to the SE.

In the second mode, step a1 further includes: the SE sets the state of the SE to an inactivated state; the MCU initializes a second block number; the SE initializes a first block number;

the method also comprises the following steps between the step A1 and the step A2:

step T1: the MCU organizes and generates a reset request according to the communication parameters of the host computer and sends a second data block containing the reset request and a second block number to the SE; the host communication parameters comprise the maximum frame length which can be received by the host;

step T2: the SE analyzes the received reset request in the first type data block to obtain host communication parameters, organizes and generates a reset response according to the communication parameters of the security chip, sends the first type data block containing the reset response and the first block number to the MCU, and sets the state of the SE to be an activated state;

step T3: the MCU receives the first type data block returned by the SE, acquires the communication parameters of the security chip from the reset response of the first type data block, and acquires the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the SE according to the communication parameters of the security chip.

Specifically, step a2 includes:

step A21: the MCU judges whether the data block chain transmission is carried out, if so, the chain transmission identifier is set, the data to be transmitted are subpackaged according to the maximum frame length which can be received by the security chip, a first type data block is generated according to the chain transmission identifier, a second block number and a first unprocessed data packet organization, the step A22 is executed, otherwise, the first type data block is generated according to the data to be transmitted and the second block number organization, and the step A22 is executed;

step A22: and the MCU sends the first type data block to the SE, starts a second timer to start timing, and waits for receiving the data block returned by the SE.

Accordingly, step a4 includes:

step B1: the SE judges the type of the data block according to the command header in the data block, if the data block is the first type data block, the step B2 is executed;

step B2: the SE judges whether the first type data block contains a reset request, if so, the step B3 is executed; otherwise, executing step B6;

step B3: the SE judges whether the state of the SE is an inactivated state, if so, the step B4 is executed; otherwise, executing step B5;

step B4: the SE analyzes the reset request to obtain host communication parameters, generates a reset response according to the safety chip communication parameters, returns a first type data block containing the reset response and a first block number and a fourth type data block containing the first block number to the MCU, closes a first timer, sets the state of the SE into an activated state, and waits for receiving data;

step B5: the SE reports an error to the MCU, closes the first timer and waits for receiving data;

step B6: the SE acquires a data field from the received first type data block, acquires a link indicating bit and a received block number according to a command header in the first type data block, and stores a link transmission identifier according to the link indicating bit;

optionally, the step B6 and the step B7 further include: and the SE judges whether the data length in the first type data block is greater than the maximum frame length which can be received by the SE, if so, the SE reports an error to the MCU, the first timer is closed, the data are waited to be received, and otherwise, the step B7 is executed.

Step B7: the SE judges whether a second type data block containing success information needs to be sent to the MCU according to the received block number and the stored link identifier, if so, the step B8 is executed, otherwise, the step B9 is executed;

step B8: the SE reverses the first block number, sends a second type data block containing success information and the first block number and a fourth type data block containing the first block number to the MCU, closes the first timer and waits for receiving data;

step B9: the SE executes corresponding operation according to the data of the data field and generates response data;

step B10: the SE judges whether data block chain transmission is carried out, if so, the step B11 is executed, otherwise, the step B12 is executed;

step B11: the SE packetizes the response data according to the maximum frame length which can be received by the host to obtain a plurality of response data packets, reverses the first block number, organizes the unprocessed first response data packet and the first block number to obtain a first type data block, sends the first type data block and a fourth type data block containing the first block number to the MCU, closes the first timer, and waits for receiving data;

step B12: and the SE inverts the first block number, acquires a first type data block according to the response data and the first block number, sends the first type data block and a fourth type data block containing the first block number to the MCU, closes the first timer and waits for receiving data.

In this embodiment, step a4 further includes:

step C1: the SE determines the type of the data block according to the command header in the data block, and if the data block is a second type data block, step C2 is executed;

step C2: the SE judges whether the state of the SE is an activated state, if so, the step C4 is executed, otherwise, the step C3 is executed;

step C3: the SE reports an error to the MCU, closes the first timer and waits for receiving data;

step C4: the SE judges whether the received second type data block contains success information, if so, the step C5 is executed, otherwise, the last sent fourth type data block and the first type data block are sent to the MCU again, the first timer is closed, and data reception is waited;

step C5: and the SE inverts the first block number, organizes the first type data block according to the next unprocessed response data packet and the first block number to obtain the first type data block, returns a fourth type data block containing the first block number and the first type data block to the MCU, closes the first timer and waits for receiving data.

In this embodiment, step a4 further includes:

step D1: the SE judges the type of the data block according to the command header in the data block, if the data block is the third type data block, the step D2 is executed;

step D2: the SE judges whether the state of the SE is an activated state, if so, the step D5 is executed, otherwise, the step D3 is executed;

step D3: the SE judges whether the received third type data block contains a hot reset request, if so, the step D4 is executed, otherwise, the step D5 is executed;

step D4: the SE returns a fourth type data block containing the first block number and a first type data block containing a hot reset response and the first block number to the MCU, closes the first timer, sets the state of the SE into an inactivated state, and waits for receiving data;

step D5: and the SE reports an error to the MCU, closes the first timer and waits for receiving data.

In this embodiment, the determining, by the SE, the type of the data block according to the command header in the data block includes: when the SE receives the data block, the SE acquires a checksum from the received data block, judges whether the received data block is valid or not according to the checksum, if so, the SE judges the type of the data block according to a command header in the data block, otherwise, the SE reports an error to the MCU, the first timer is closed, and the data is waited to be received.

The SE reporting an error to the MCU in the above step specifically includes: the SE returns a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the MCU.

Correspondingly, the processing of the operation response comprises:

step a 1: the MCU judges whether the received data block contains a fourth type data block, if so, the step a2 is executed, otherwise, the MCU reports an error to the SE, a second timer is started to start timing, and the data is waited to be received;

step a 2: the MCU judges whether the block number in the fourth type data block is consistent with the second block number, if so, the step a3 is executed, otherwise, the MCU reports an error to the SE, a second timer is started to time, and the data is waited to be received;

step a 3: the MCU acquires a command header and a data field from the received data block;

optionally, between the step a3 and the step a4, the method further includes: the MCU judges whether the check value in the received data block is correct or not according to the checksum algorithm used by the SE, if so, the step a4 is executed, otherwise, the MCU reports an error to the SE, a second timer is started to time, and the data is waited to be received;

step a 4: the MCU judges the type of the data block according to the command header, if the data block is the first type data block, the step a5 is executed;

optionally, the step a4 and the step a5 include: and the MCU judges whether the data length in the received data block is greater than the maximum frame length which can be received by the host computer, if so, the MCU reports an error to the SE, opens a second timer to start timing, waits for receiving data, and otherwise, executes the step a 5.

Step a 5: the MCU judges whether the first type data block contains a reset response, if so, the communication parameters of the security chip are obtained from the reset response of the first type data block, the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the security chip are obtained according to the communication parameters of the security chip, the step A2 is returned, and if not, the step a6 is executed;

step a 6: the MCU obtains a link indicating bit and a received block number according to the command header;

step a 7: the MCU judges whether the received block number is the same as the second block number, if so, the step a9 is executed, otherwise, the step a8 is executed;

step a 8: the MCU reports an error to the SE, a second timer is started to start timing, and data are waited to be received;

step a 9: the MCU inverts the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step a 10: the MCU judges whether a second type data block containing success information needs to be sent to the SE or not according to the stored chain transmission identifier, if so, the MCU sends the second type data block containing the success information and a second block number to the SE, opens a second timer to start timing, waits for receiving data, and otherwise, executes the step a 11;

step a 11: and the MCU returns response data to the application layer according to the stored data field, and the operation is finished.

In this embodiment, step a4 further includes: the MCU judges the type of the data block according to the command header, if the type of the data block is the second type data block, the step a12 is executed;

step a 12: the MCU judges whether the data length in the second type data block is 0, if so, the step a13 is executed, otherwise, the MCU returns error information to the application layer, and the process is finished;

step a 13: the MCU obtains a received block number according to the command header;

step a 14: the MCU judges whether the received second type data block contains success information, if so, the step a15 is executed, otherwise, the first type data block sent last time is retransmitted to the SE, a second timer is started to start timing, and the data is waited to be received;

step a 15: the MCU judges whether the received block number is the same as the second block number, if so, the step a16 is executed, otherwise, the first type data block sent last time is retransmitted to the SE, a second timer is started to start timing, and the data is waited to be received;

step a 16: and the MCU inverts the second block number, organizes the second block number according to the next unprocessed data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the SE, and starts a second timer to start timing to wait for receiving data.

In this embodiment, step a4 further includes: the MCU judges the type of the data block according to the command header, if the type of the data block is a third type data block, the step a17 is executed;

step a 17: the MCU judges whether the third type data block is a delay request, if so, the step a18 is executed, otherwise, the step a19 is executed;

step a 18: the MCU resets the second timer and starts to time, and waits for receiving data;

step a 19: the MCU judges whether the third type data block is a hot reset response, if so, the step a20 is executed, otherwise, the step a21 is executed;

step a 20: the MCU executes a hot reset operation on the SE, sends a first data block containing a reset request and a second block number to the SE, starts a second timer to start timing and waits for receiving data;

step a 21: and the MCU sends a second type data block containing success information and a second block number to the SE, and starts a second timer to start timing to wait for receiving data.

The MCU reporting the error to the SE in the above steps comprises: the MCU sends the second type data block containing the second block number and error information to the SE.

In this embodiment, the MCU determines whether to perform data block link transmission, including: and the MCU judges whether the length of the data to be transmitted is greater than the maximum receivable frame length of the security chip, if so, the chain transmission is needed, otherwise, the chain transmission is not needed.

In this embodiment, the determining, by the SE, whether to perform data block chaining includes: and the SE judges whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, the link transmission is required, otherwise, the link transmission is not required.

Example two

An embodiment of the present invention provides a method for implementing stable communication between a main control chip and a security chip, as shown in fig. 3 and 4, including:

step 300: the MCU is powered on and initializes a second block number and a second timer; the SE is powered on simultaneously and initializes a first block number and a first timer;

for example, in this embodiment, the MCU initializes the second block number to 0, the default state of the second timer is off, the SE initializes the first block number to 1, and the default state of the first timer is off;

step 301: the MCU organizes and generates a reset request according to the communication parameters of the host and sends the reset request to the SE;

for example, the reset request in this embodiment is E06181; the MCU may send a frame with a maximum length of 2 to the power of 6 64;

step 302: the SE analyzes the reset request to obtain host communication parameters, organizes and generates a reset response according to the communication parameters of the security chip and returns the reset response to the MCU;

specifically, in this embodiment, the reset request includes: fixed numerical values, host communication parameters; the host communication parameters include: the host computer can receive the maximum frame length and the checksum algorithm used by the host computer; the length of the communication parameter of the host is 1 byte, the high 4 bits are the length indicator of the frame of the host, the length (unit byte) of the maximum receivable maximum frame of the host is represented, the low 4 bits are the checksum algorithm used by the host, only the XOR is supported at present, and the 1 is used for representing;

for example, the answer to reset in the present embodiment is 050600100112; SE may receive a frame maximum length of 2 to the power of 6 64;

for example, the reset response comprises a reset response length (which is a fixed value 05h), and a secure chip communication parameter; the communication parameters of the security chip comprise: the system comprises an SE frame length indicator, an SE support baud rate indicator, a first preset time, an SE check sum indicator and a check sum; the SE frame length indicator represents the maximum frame length which can be received by the security chip, the SE baud rate indicator represents the communication rate of the SE, and the SE check sum indicator represents the checksum algorithm used by the SE; the first preset time represents the maximum waiting time of the host, and the checksum indicator only supports an exclusive-or algorithm;

step 303: the MCU receives a reset response returned by the SE, acquires the communication parameters of the security chip from the reset response, and obtains the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the SE according to the communication parameters of the security chip;

step 304: the MCU judges whether the chain transmission is performed according to the data to be transmitted sent from the application layer and the maximum frame length which can be received by the security chip, if so, the step 305 is executed, otherwise, the step 306 is executed;

step 305: the MCU sets a chain transmission identifier, divides data to be transmitted into a plurality of data packets to be transmitted according to the maximum receivable frame length of the security chip, organizes and generates a first type data block according to a first unprocessed data packet to be transmitted and the chain transmission identifier, and executes step 307;

for example, the first frame length of the link transmission in this step is 0x3c, and the block number is 0; a first type data block 02003C0001000059a8864621E1B77FFC32DC4D8B848B1ABE9D110FD5ECF665FCD57913F68D955119C7B516a97DF4B3051C773CD1105B2D6855E8B 03704030015;

step 306: the MCU generates a first type data block according to the data organization to be sent, and executes step 307;

for example, the length of the first frame in non-link transmission in this step is 0x0E, and the block number is 0; a first type data chunk 00001300a404000E325041592E5359532E444446303100 CA;

step 307: the MCU sends a first type data block to the SE, and a second timer is started to start timing;

step 308: the SE receives the data block, the first timer starts timing, a command header and a checksum are obtained from the received data block, whether the received data block is valid or not is judged according to the checksum, if yes, step 309 is executed, otherwise, a second type data block containing error information is sent to the MCU, the first timer is reset, and data reception is waited;

specifically, in this embodiment, the SE obtains the command header from the upper 8 bits and obtains the checksum from the lower 8 bits of the received data block;

for example, the second type data block containing the error information in this step is 81000081;

step 309: the SE judges the type of the data block according to the command header, if the data block is the first type data block, the step 310 is executed, and if the data block is the second type data block, the step 318 is executed;

the data block format in this embodiment is specifically: PCB (1 byte) + data length (2 bytes) + data field + checksum (1 byte); wherein the 7 th bit to the 2 nd bit in the PCB of the first type data block are 000000, the 1 st bit represents a link indicating bit, and the 0 th bit represents a block number; the 7 th bit to the 1 st bit in the PCB of the second type data block are 1000000, and the 0 th bit represents a block number; the PCB of the third type data block is fixed to C0;

specifically, the SE determines a value on the highest two bits of the command header, and if the value is 00b, the type of the data block is the first type data block, and if the value is 10b, the type of the data block is the second type data block;

step 310: the SE acquires the data length and the data field from the received first type data block, acquires a link indicating bit and a received block number according to the command header, and stores a link transmission identifier according to the link indicating bit;

specifically, in this embodiment, a link indication bit is obtained from the 1 st bit in the command header of the first type data block, and if the link indication bit is 1, it indicates that there is a link (i.e., the data block is not the last block), and if the link indication bit is 0, it indicates that there is no link (the data block is the last block, and a complete command is received); acquiring a received block number from the 0 th bit in the command header of the first type data block;

step 311: the SE judges whether the acquired data length is greater than the maximum frame length which can be received by the SE, if so, the SE sends a second type data block containing error information to the MCU, resets a first timer, waits for receiving data, and otherwise, executes the step 312;

step 312: the SE inverts the block number, judges whether a second type data block needs to be sent to the MCU according to the received block number and the stored link identifier, if so, executes the step 313, otherwise, executes the step 314;

step 313: the SE sends a second type data block containing success information to the MCU, resets a first timer and waits for receiving data sent by the MCU;

for example, the second type data block containing success information in this step is 80000080;

step 314: the SE executes corresponding operation according to the data of the data field and generates response data;

step 315: the SE judges whether to carry out data block chain transmission according to the length of the maximum frame length and the length of response data which can be received by the host, if so, the step 316 is executed, otherwise, the step 317 is executed;

step 316: the SE packetizes the response data according to the maximum frame length which can be received by the host to obtain a plurality of response data packets, organizes the first type data block according to the unprocessed first response data packet and sends the first type data block to the MCU, resets a first timer, and waits for receiving the data sent by the MCU;

for example, the first type data block (chain transfer) organized in this step is 02003C6f5C8408a000000003000000a550734a06072a864886fc6b01600C060a2a864886fc6b02020101630906072a864886fc6b03640b06092a864886fc6b040255650b 0683;

step 317: the SE organizes the response data to obtain a first type data block, sends the first type data block to the MCU, resets a first timer and waits for receiving the data sent by the MCU;

for example, the first type data block (non-linked transfer) in this step is 00000a4649444f5f325f 30900096;

step 318: the SE acquires the received block number from the command header, judges whether the received block number is the same as the first block number or not, retransmits the first type data block transmitted last time to the MCU if the received block number is the same as the first block number, resets a first timer, waits for receiving the data transmitted by the MCU, and otherwise, executes the step 319;

step 319: the SE inverts the first block number, organizes the first type data block according to the first block number and the unprocessed next response data packet and sends the first type data block to the MCU, resets a first timer and waits for receiving the data sent by the MCU;

for example, the next first type data chunk in this step is 00001E092b8510864864020103660c060a2b060104012a026E01029f6501ff 900083;

step 320: the MCU judges whether the waiting time is out according to the second timer, if yes, step 321 is executed, otherwise step 322 is executed;

step 321: the MCU returns an error to the application layer, and the operation is finished;

optionally, in this embodiment, step 321 may also be replaced by: the MCU sends a second type data block (e.g. 80000080) containing error information or a reset acknowledgement command to the SE, turns on a second timer, or informs the physical layer protocol to power up the SE again;

step 322: when the MCU receives the response data block, resetting the second timer, and acquiring a command header, a data length, a data field and a check value from the response data block;

step 323: the MCU judges whether the check value is correct according to the checksum algorithm used by the SE, if so, step 324 is executed, otherwise, the MCU informs the SE of detecting an error frame, a second timer is started to start timing, and data is waited to be received;

specifically, in this embodiment, the MCU notifies the SE that the error frame is detected, and the notification may be implemented by the MCU returning a second type data block or a reset request to the SE;

step 324: the MCU judges the type of the response data block according to the command header, if the response data block is a first type data block, the step 325 is executed, and if the response data block is a second type data block, the step 332 is executed; if the data block is the third type data block, the MCU resets a second timer and starts timing to wait for receiving data;

specifically, in this embodiment, if the command header is C0h, the data block is the third type data block, if the upper 6 bits of the command header are 000000b, the data block is the first type data block, and if the upper 7 bits of the command header are 1000000b, the data block is the second type data block; for example, if the response data block is C00000C0, the data block type is the third type data block;

for example, the received data is 80000080, wherein 80 is the data header, the upper 7 bits of the command header are 1000000, then the data block type is the second type data block, the block number is 0, the data length is 0, there is no data field, and the checksum is 80;

step 325: the MCU judges whether the length of the acquired data is larger than the maximum frame length which can be received by the host computer, if so, step 328 is executed, otherwise, step 326 is executed;

step 326: the MCU obtains a link indicating bit and a received block number according to the command header;

step 327: the MCU judges whether the received block number is the same as the second block number, if so, the step 329 is executed, otherwise, the step 328 is executed;

step 328: the MCU informs the SE of detecting an error frame, opens a second timer to start timing, and waits for receiving data;

for example, the MCU in this step sends 81000081 to SE to inform SE that an error frame is detected;

specifically, in this embodiment, the MCU may notify the SE that the error frame is detected by returning the second type data block or the reset request to the SE through the MCU;

step 329: the MCU inverts the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step 330: the MCU judges whether a second type data block needs to be sent to the SE or not according to the stored chain transmission identifier, if so, the MCU sends the second type data block containing success information and a second block number to the SE, opens a second timer to start timing, waits for receiving data, and otherwise, executes the step 331;

for example, the second type data block containing success information in this step is 81000081;

preferably, the MCU in this embodiment sends 80000080 the second type data block containing success information to the SE;

step 331: the MCU returns response data to the application layer according to the stored data field, and the operation is finished;

optionally, in this embodiment, step 331 may also be replaced by the MCU sending a reset request to the application layer;

step 332: the MCU judges whether the data length is 0, if so, the step 333 is executed, otherwise, the MCU returns an error to the application layer, and the operation is finished;

optionally, in this embodiment, when the determination in step 332 is negative, a reset request may also be sent to the application layer;

step 333: the MCU obtains a received block number according to the command header;

step 334: the MCU judges whether the received block number is the same as the second block number, if so, the step 335 is executed, otherwise, the first type data block sent last time is retransmitted to the SE, a second timer is started to start timing, and the data is waited to be received;

for example, the first type data block retransmitted in this step is: 02003C0001000059A8864621E1B77FFC32DC4D8B848B1ABE9D110FD5ECF665FCD57913F68D955119C7B516A97DF4B3051C773CD1105B2D6855E8B 03704030015;

step 335: the MCU inverts the block number, organizes according to the next data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the SE, and starts a second timer to start timing to wait for receiving data.

For example, the first type data block in this step is: 0100221787CBC2B2D94FA0EF64E0527B91F966D43563104BB04FB1AB54627BBB9D98E8D 08026;

in the embodiment, the verification is performed by adopting a checksum mode, the calculation is simple, the SE sends the delay request to the MCU without waiting for the response returned by the MCU, and the realization is simple and convenient.

In this embodiment, when the first timer reaches the first preset time, an interrupt is entered, and the interrupt includes: and the SE sends a delay request to the MCU, resets the first timer, starts timing and exits from interruption.

EXAMPLE III

A third embodiment of the present invention provides a method for implementing stable communication between a main control chip and a security chip, as shown in fig. 4 to 6, including:

step 700: the MCU is powered on and initializes a second block number and a second timer; the SE is powered on, a first block number and a first timer are initialized, and the state of the SE is set to be an inactivated state;

specifically, the first timer in this embodiment is configured to start timing when the SE receives a first type data block sent by the MCU, and reset after the SE sends the first type data block to the MCU each time; the default state of the first timer is closed;

specifically, in this embodiment, SE initializes the first block number to 1; the initialization is completed within a preset time (e.g., 5 ms); the MCU initializes the second block number to be 0;

no matter when the MCU is powered on or reset, the MCU actively initiates communication, but the SE is prevented from not being in a state of receiving data, the MCU sends first frame data, the SE completes initialization within the set time in the embodiment 2 and has the capability of receiving data, the MCU can send the first frame data only in the period of time, and the synchronization of the MCU and the SE is ensured;

step 701: the MCU organizes and generates a reset request according to the communication parameters of the host computer and sends a first type data block containing the reset request and a second block number to the SE;

step 702: the SE analyzes the reset request in the first type data block to obtain host communication parameters, organizes and generates a reset response according to the communication parameters of the security chip, sends a first data block containing the reset response and a first block number to the MCU, and sets the state of the SE to be an activated state;

the host communication parameters in this embodiment include: the host can receive the maximum frame length and the host communication rate; the communication parameters of the security chip comprise the length of the maximum frame which can be received by the security chip, first preset time and a checksum algorithm used by the SE;

step 703: the MCU receives a first type data block sent by the SE, acquires a communication parameter of the security chip from a reset response of the first type data block, and acquires the receivable maximum frame length of the security chip, first preset time and a checksum algorithm used by the SE according to the communication parameter of the security chip;

in this embodiment, the security chip may receive the total length of the maximum frame length including the command header, the data length, the data field, and the checksum;

step 704: the MCU judges whether the chain transmission is performed according to the data to be transmitted sent from the application layer and the maximum frame length which can be received by the security chip, if so, step 705 is executed, otherwise, step 706 is executed;

step 705: the MCU sets a chain transmission identifier, divides data to be transmitted into a plurality of data packets to be transmitted according to the maximum receivable frame length of the security chip, organizes and generates a first type data block according to a first unprocessed data packet to be transmitted, a second block number and the chain transmission identifier, and executes step 707;

step 706: the MCU organizes and generates a first type data block according to the data to be sent and the second block number, and executes step 707;

step 707: the MCU sends a first type data block to the SE, and a second timer is started to start timing;

step 708: the SE receives the data block, opens the first timer to start timing, acquires the command header and the checksum from the received data block, and judges whether the received data block is valid according to the checksum, if yes, step 709 is executed, otherwise, sends a fourth type data block containing the first block number and a second type data block containing the error information and the second block number to the MCU, closes the first timer, and waits for receiving data;

specifically, in this embodiment, the SE obtains the command header from the upper 16 bits and obtains the checksum from the lower 16 bits of the received data block;

step 709: the SE determines the type of the data block according to the command header, if the data block is a first type data block, step 710 is performed, and if the data block is a second type data block, step 722 is performed; if the type of data block is the third type of data block, then step 726 is executed;

in this embodiment, the data block format in this embodiment is: NAD (1 byte) + PCB (1 byte) + LEN (2 bytes) + DATA (LEN bytes) + CRC (2 bytes); the NAD is used for identifying a data sending party, the value of the data NAD sent by the MCU to the SE is 0x5A, and the value of the data block NAD returned by the SE to the MCU is 0xA 5; for different data type data blocks, the values of the PCBs are different, as shown in table 1, table 2, table 3, and table 4; the value of LEN for the first type data block ranges from 00-0 xFFF 9; the LEN of the second type data block and the third type data block has a value of 0; the LEN of the fourth type data block has a value of 2, indicating the length of the next frame; in the embodiment, CRC in all data blocks indicates that the CRC16 algorithm is adopted;

table 1 (first type data block):

B7

B6

B5

B4

B3

B2

B1

B0

description of the invention

0

0

I block

0

Link block

1

Unlinked block (last block)

1

1

0

0

RATR (ATR request block)

1

1

1

0

ATR

0

General I block

x

x

Retention

x

Block number, 0 or 1

Table 2 (second type data block):

B7

B6

B5

B4

B3

B2

B1

B0

description of the invention

1

0

R block

0

R (ACK) Block, Positive acknowledgement

1

R (NAK) block, negative determination

x

x

x

x

Retention

x

Block number, 0 or 1

Table 3 (third type data block):

table 4 (fourth type data block):

B7

B6

B5

B4

B3

B2

B1

B0

description of the invention

0

1

L block

x

Block number, 0 or 1

x

x

x

x

x

Retention

Specifically, the SE determines a value of the highest two bits of the second byte of the command header, if the value is 00b, the data type is the first type data block, and if the value is 50b, the data type is the second type data block; if the data type is 51b, the data type is the third type data block; if the data type is 01b, the data type is a fourth type data block;

specifically, whenever the SE sends a first type, a second type, or a third type of data block to the host, the SE should send a fourth type of data block first, which includes the total length of the data block to be sent next time;

step 710: the SE determines whether the first type data block is a reset request, if yes, step 711 is executed; otherwise, go to step 714;

in the present embodiment, the first type data block includes a reset request and a reset acknowledgement;

step 711: SE judges if the state of SE is not activated, if yes, step 712 is executed; otherwise, go to step 713;

step 712: the SE analyzes the reset request to obtain host communication parameters, generates a reset response according to the safety chip communication parameters, returns a first type data block containing the reset response and a first block number and a fourth type data block containing the first block number to the MCU, closes a first timer, sets the state of the SE into an activated state, and waits for receiving data;

specifically, the host communication parameters in this embodiment include: the host can accept the maximum frame length (including command header, data length, data field and checksum), communication rate, etc.;

for example, the reset response comprises a reset response length, an SE frame length indicator, an SE supported baud rate indicator, a first preset time and a checksum algorithm used by the SE;

step 713: the SE returns a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the MCU, resets a first timer and waits for receiving data;

step 714: the SE acquires the data length and the data field from the received first type data block, acquires a link indicating bit and a received block number according to the command header, and stores a link transmission identifier according to the link indicating bit;

specifically, in this embodiment, a link indication bit is obtained from the 6 th bit of the second byte of the first type data block, and if 00 indicates that there is a link (i.e. the data block is not the last block), if 1 indicates that there is no link (the data block is the last block, and a complete command is received); acquiring a received block number from the 0 th bit in the command header of the first type data block;

step 715: the SE judges whether the acquired data length is greater than the maximum frame length which can be received by the SE, if so, the SE sends a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the MCU, closes the first timer, waits for receiving data, and otherwise, executes step 716;

step 716: the SE judges whether a second type data block containing success information needs to be sent to the MCU according to the received block number and the stored link identifier, if so, the step 717 is executed, and if not, the step 718 is executed;

step 717: the SE reverses the first block number, sends a fourth type data block containing the first block number and a second type data block containing success information and the first block number to the MCU, closes the first timer and waits for receiving data;

step 718: the SE executes corresponding operation according to the data of the data field and generates response data;

step 719: the SE judges whether to carry out data block chain transmission according to the length of the maximum frame length and the length of response data which can be received by the host, if so, the step 720 is executed, and if not, the step 721 is executed;

step 720: the SE packetizes the response data according to the maximum frame length which can be received by the host to obtain a plurality of response data packets, reverses the first block number, organizes the unprocessed first response data packet and the first block number to obtain a first type data block, sends the first type data block and a fourth type data block containing the first block number to the MCU, closes the first timer, and waits for receiving data;

step 721: the SE reverses the first block number, acquires a first type data block according to response data and the first block number, sends the first type data block and a fourth type data block containing the first block number to the MCU, closes a first timer and waits for receiving data;

step 722: the SE judges whether the state of the SE is an activated state, if so, step 724 is executed, and if not, step 723 is executed;

step 723: the SE returns a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the MCU, closes the first timer and waits for receiving data;

step 724: the SE judges whether the received second type data block contains success information, if so, step 725 is executed, otherwise, the last sent fourth type data block and the first type data block are sent to the MCU again, the first timer is closed, and data reception is waited;

step 725: the SE inverts the first block number, organizes the first type data block according to the next unprocessed response data packet and the first block number, returns a fourth type data block containing the first block number and the first type data block to the MCU, closes the first timer, and waits for receiving data;

step 726: the SE judges whether the state of the SE is an activated state, if so, the step 727 is executed, and if not, the step 729 is executed;

step 727: the SE judges whether the received third type data block contains a hot reset request, if yes, the step 728 is executed, and if not, the step 729 is executed;

step 728: the SE returns a fourth type data block containing the first block number and a first type data block containing a hot reset response and the first block number to the MCU, closes the first timer, sets the state of the SE into an inactivated state, and waits for receiving data;

step 729: the SE returns a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the MCU, closes the first timer and waits for receiving data;

step 730: the MCU judges whether to wait for overtime according to the second timer, if yes, step 731 is executed, otherwise, step 732 is executed;

specifically, step 730 includes: the MCU judges whether the time value of the second timer is greater than a first preset time, if so, the time is waited for overtime, and the step 731 is executed, otherwise, the time is waited for not overtime, and the step 732 is executed;

step 731: the MCU returns an error to the application layer, and the operation is finished;

optionally, in this embodiment, step 731 may be replaced by: the MCU sends a second type data block (e.g. 80000080) containing error information or a reset acknowledgement command to the SE, turns on a second timer, or informs the physical layer protocol to power up the SE again;

step 732: when the MCU receives the data block, closing the second timer, and judging whether the received data block contains a fourth type data block, if so, executing the step 733, otherwise, executing the step 734;

step 733: the MCU judges whether the block number in the fourth type data block is consistent with the second block number, if so, the step 735 is executed, otherwise, the step 734 is executed;

step 734: the MCU sends a second type data block containing error information and a second block number to the SE, and a second timer is started to start timing to wait for receiving data;

step 735: the MCU acquires a command header, a data length, a data domain and a check value from the response data block;

step 736: the MCU judges whether the check value is correct according to the checksum algorithm used by the SE, if so, the step 737 is executed, otherwise, the MCU informs the SE of detecting an error frame, a second timer is started to start timing, and the data is waited to be received;

specifically, in this embodiment, the MCU notifies the SE that the error frame is detected, which may be implemented by the MCU returning the second type data block containing the second block number or a reset request of the second block number to the SE;

step 737: the MCU judges the type of the response data block according to the command header, if the response data block is the third type data block, thestep 738 is executed, if the response data block is the first type data block, the step 743 is executed, if the response data block is the second type data block, the step 751 is executed;

specifically, in this embodiment, if the command header is C0h, the data block is the third type data block, if the upper 6 bits of the command header are 000000b, the data block is the first type data block, and if the upper 7 bits of the command header are 1000000b, the data block is the second type data block;

for example, the received data is 80000080, wherein 80 is the data header, the upper 7 bits of the command header are 1000000, then the data block type is the second type data block, the block number is 0, the data length is 0, there is no data field, and the checksum is 80;

step 738: the MCU judges whether the third type data block is a delay request, if so, the step 739 is executed, otherwise, the step 740 is executed;

step 739: the MCU resets the second timer and starts to time, and waits for receiving data;

step 740: the MCU judges whether the third type data block is a hot reset response, if so, step 741 is executed, otherwise, step 742 is executed;

step 741: the MCU executes a hot reset operation on the SE, sends a first data block containing a reset request and a second block number to the SE, and waits for receiving data;

step 742: the MCU sends a second type data block containing success information and a second block number to the SE, and a second timer is started to start timing to wait for receiving data;

step 743: the MCU judges whether the acquired data length is larger than the maximum frame length which can be received by the host computer, if so, the step 747 is executed, otherwise, the step 744 is executed;

step 744: the MCU judges whether the first type data block contains a reset response, if so, the MCU acquires the communication parameters of the security chip from the reset response of the first type data block, acquires the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the SE according to the communication parameters of the security chip, returns to the step 704, otherwise, executes the step 745;

step 745: the MCU obtains a link indicating bit and a received block number according to the command header;

step 746: the MCU judges whether the received block number is the same as the second block number, if so, the step 748 is executed, otherwise, the step 747 is executed;

step 747: the MCU sends a second type data block containing error information and a second block number to the SE, and a second timer is started to start timing to wait for receiving data;

specifically, in this embodiment, the MCU may replace the second type data block containing the error information and the second block number with the MCU sending the reset request to the SE;

step 748: the MCU reverses the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step 749: the MCU judges whether a second type data block containing success information needs to be sent to the SE or not according to the stored chain transmission identifier, if so, the MCU sends the second type data block containing the success information and a second block number to the SE, opens a second timer to start timing, waits for receiving data, and otherwise, executes the step 750;

for example, the MCU sends a second type data block containing success information to the SE as 5a80000000 DA;

step 750: the MCU returns response data to the application layer according to the stored data field, and the operation is finished;

step 751: the MCU judges whether the data length in the second type data block is 0, if so, the step 752 is executed, otherwise, the MCU returns an error to the application layer, and the operation is finished;

optionally, in this embodiment, when the determination in step 732 is negative, a reset request may also be sent to the application layer;

step 752: the MCU obtains a received block number according to the command header;

step 753: the MCU judges whether the received second type data block contains success information, if so, step 754 is executed, otherwise, the first type data block sent last time is retransmitted to the SE, a second timer is started to start timing, and data reception is waited;

step 754: the MCU judges whether the received block number is the same as the second block number, if so, the step 735 is executed, otherwise, the first type data block sent last time is retransmitted to the SE, a second timer is started to start timing, and the data is waited to be received;

step 755: and the MCU inverts the second block number, organizes the second block number according to the next unprocessed data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the SE, and starts a second timer to start timing to wait for receiving data.

In this embodiment, when the first timer reaches the first preset time, an interrupt is entered, and the interrupt includes: and the SE sends a delay request to the MCU, resets the first timer, starts timing and exits from interruption.

The embodiment of the invention provides a reliable communication method with low resource consumption and relatively simple realization for the MCU and the SE, can be widely used for products such as intelligent home furnishing and the like, solves the communication between the MCU and the SE, and ensures reliable transmission; and a timer is respectively arranged at both sides of the MCU and the SE and is used for appointing waiting time, if the SE does not process data in the appointed time, a delay request is sent to the MCU, namely the MCU waits for the appointed time again, and the SE side continues processing, thereby effectively preventing the SE false death phenomenon and ensuring the normal communication between the MCU and the SE.

In an embodiment, the NAD in the protocol frame format (the first byte of the protocol frame structure in embodiment 2) is used to identify the sender of the data, and the NAD values when the MCU and the SE send data are different, so that the sender of the data frame can be conveniently determined by the NAD. The L block in this embodiment is used when the SE sends data, and each time an (I/R/S) block is sent, the L block is sent first to specify the data length of the next corresponding block, which can perfectly solve the length of data to be received by the physical layer receiver. The RWRST/ARWRST function with reset request in embodiment 2 can send a reset request if an incongruous error occurs, such as the MCU not receiving SE data beyond FWT, both of which return to the reset state. For the situation that the MCU and the SE do not process the received data in the prior art, the scheme of the embodiment of the invention can ensure the normal and safe communication between the MCU and the SE.

Example four

A fourth embodiment of the present invention provides a system for implementing stable communication between a main control chip and a security chip, as shown in fig. 7, the system includes a main control chip 41 and a security chip 42, where the main control chip 41 includes a second initialization module 411, a second timer 412, a second sending module 413, a second receiving module 414, a first determining module 415, a second resetting module 416, a second determining module 417, and a first processing module 418; the secure chip 42 includes: a first initialization module 421, a first receiving module 422, a first timer 423, an operation module 424, a first sending module 425, an interrupt processing module 426;

a second initialization module 411, configured to initialize the second timer 412 after the main control chip 41 is powered on;

a first initialization module 421, configured to initialize the first timer 423 after the secure chip 42 is powered on;

a second sending module 413, configured to send data to the security chip 42, and turn on the second timer 412;

a second timer 412, configured to start timing after being turned on;

a first receiving module 422, configured to receive the data sent by the second sending module 413, and turn on the first timer 423;

a first timer 423 for starting timing after being turned on;

an operation module 424, configured to perform an operation according to the data received by the first receiving module 422;

a first sending module 425, configured to return an operation response of the operation module 424 to the main control chip 41, and close the first timer 423;

a second receiving module 414, configured to receive the data sent by the first sending module 425;

a first determining module 415, configured to determine the type of the data received by the second receiving module 414, if the type is an operation response, close the second timer 412, and trigger the first processing module 418; if the request is a delay request, the second reset module 416 is triggered;

a second reset module 416 for resetting the second timer 412 and turning on;

a first processing module 418, configured to process the operation response;

the interrupt processing module 426 is configured to send a delay request to the main control chip 41 when the first timer 423 reaches a first preset time, and reset the first timer 423;

a second determining module 417, configured to determine whether the main control chip 41 waits for timeout through the second timer 412, and if so, report an error to the application layer; otherwise, the second receiving module 414 is triggered to wait for receiving the data returned by the security chip 42.

In this embodiment, the second determining module 417 is specifically configured to determine whether the time value of the second timer 412 is greater than a first preset time, and if so, report an error to the application layer; otherwise, the second receiving module 414 is triggered to continue to wait for receiving the data returned by the security chip 42;

in this embodiment, the main control chip 41 further includes a first organization generating module and a first obtaining module, and the security chip 42 further includes a first parsing generating module;

the first organization generation module is configured to generate a reset request according to the host communication parameter organization, and trigger the second sending module 413 to send the reset request to the security chip 42; the host communication parameters comprise the maximum frame length which can be received by the host;

the first receiving module 422 is further configured to receive a reset request sent by the second sending module 413;

the first analysis generation module is used for analyzing the reset request received by the first receiving module 422 to obtain host communication parameters and organizing and generating a reset response according to the communication parameters of the security chip;

the first sending module 425 is further configured to return a reset response of the first parsing generation module to the main control chip 41;

the second receiving module 414 is further configured to receive a reset response returned by the secure chip 42;

and the first obtaining module is configured to obtain the communication parameter of the security chip from the reset response received by the second receiving module 414, and obtain, according to the communication parameter of the security chip, the maximum receivable frame length of the security chip, the first preset time, and a checksum algorithm used by the security chip.

Optionally, the second initialization module 411 is further configured to initialize a second block number; the first initialization module 421 is further configured to initialize a first block number;

the second transmitting module 413 includes:

the first judging unit is used for judging whether to perform data block chain transmission, if so, the first bit packet unit is triggered, and otherwise, the first generating unit is triggered;

the first setting and subpackaging unit is used for setting the chain transmission identifier, subpackaging data to be sent according to the maximum receivable frame length of the security chip and generating a first type data block according to the chain transmission identifier, the second block number and the first unprocessed data packet organization;

the first generating unit is used for organizing and generating a first type data block according to the data to be transmitted and the second block number;

and a first sending unit, configured to send the first type data block generated by the first set bit packet unit and the first generating unit to the security chip 42, turn on the second timer 412 to start timing, and wait for receiving the data block returned by the security chip 42.

Optionally, the operation module 424 includes:

the second judging unit is used for judging the type of the data block according to the command head in the data block, if the data block is the first type data block, the first acquisition and storage unit is triggered, and if the data block is the second type data block, the first acquisition and judgment unit is triggered;

the first acquisition and storage unit is used for acquiring a data field from a received first type data block, acquiring a link indicating bit and a received block number according to a command header in the first type data block, and storing a link transmission identifier according to the link indicating bit;

a first inversion determining unit, configured to invert the first block number, determine whether to send the second type data block to the main control chip 41 according to the received block number and the stored link identifier, if yes, trigger the second sending module 413 to send the second type data block including the success information and the first block number to the main control chip 41, close the first timer 423, wait for receiving data, and otherwise trigger the first operation generating unit;

a first operation generating unit for performing a corresponding operation according to data of the data field and generating response data;

the third judging unit is used for judging whether to carry out data block chain transmission, if so, the first packet organizing unit is triggered, and if not, the second generating unit is triggered;

a first packet grouping unit, configured to group and pack response data according to the maximum frame length that can be received by the host to obtain a plurality of response data packets, and group and obtain a first type data block according to an unprocessed first response data packet and a first block number, and trigger the first sending module 425 to send the first type data block to the main control chip 41, close the first timer 423, and wait for receiving data;

a second generating unit, configured to obtain a first type data block according to the response data and the first block number, trigger the first sending module 425 to send the first type data block to the main control chip 41, close the first timer 423, and wait for receiving data;

a first obtaining and judging unit, configured to obtain a received block number from a command header in a data block, and judge whether the received block number is the same as a first block number, if so, trigger the first sending module 425 to resend the first type data block sent last time to the main control chip 41, close the first timer 423, wait for receiving data, and otherwise trigger the second inversion generating unit;

and a second inversion generating unit, configured to invert the first block number, organize the first type data block according to the first block number and the unprocessed next response data packet, trigger the first sending module 425 to send the first type data block to the main control chip 41, close the first timer 423, and wait for receiving data.

Optionally, the operation module 424 further includes: a third determining unit, configured to determine whether the data length in the data block is greater than the maximum frame length that can be received by the security chip 42, if so, trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, and wait for receiving data, otherwise, trigger the first inversion determining unit.

Optionally, the operation module 424 further includes: and a fourth determining unit, configured to obtain a checksum from the received data block, and determine whether the received data block is valid according to the checksum, if so, trigger the second determining unit, otherwise, trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, and wait for receiving data.

In this embodiment, triggering the first sending module 425 to report an error to the main control chip 41 specifically includes: the first sending module 425 is triggered to send the second type data block containing the error information and the first block number to the main control chip 41.

Accordingly, the first processing module 418 includes:

a first obtaining unit, configured to obtain a command header and a data field from a received data block;

the fifth judging unit is used for judging the type of the data block according to the command head, if the data block is the first type data block, the sixth judging unit is triggered, and if the data block is the second type data block, the eighth judging unit is triggered; triggering a second reset module 416 if the data block is the third type data block;

a sixth judging unit, configured to obtain the link indicator and the received block number according to the command header, judge whether the received block number is the same as the second block number, if so, trigger the first reverse storage unit, otherwise trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

the first reversal storage unit is used for reversing the second block number, storing the chain transmission identifier according to the link indicator bit and storing the data field;

a seventh determining unit, configured to determine whether a second type data block needs to be sent to the security chip 42 according to the stored link transmission identifier, if yes, trigger the second sending module 413 to send the second type data block including the success information and the second block number to the security chip 42, open the second timer 412 to start timing, and wait for receiving data; otherwise, returning response data to the application layer according to the stored data field, and ending;

an eighth judging unit, configured to judge whether the data length is 0, if so, trigger the ninth judging unit, otherwise, return an error message to the application layer, and end;

a ninth determining unit, configured to obtain the received block number according to the command header, determine whether the received block number is the same as the second block number, if so, trigger the first reverse organization unit, otherwise trigger the second sending module 413 to resend the first type data block sent last to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

the first reverse organization unit is configured to reverse the second block number, organize the second block number according to the next data block to be sent and the second block number to obtain the first type data block, trigger the second sending module 413 to send the first type data block to the security chip 42, start the second timer 412 to start timing, and wait for receiving data.

Optionally, the first processing module 418 further includes: a tenth determining unit, configured to determine whether the length of the data in the received data block is greater than the maximum frame length that can be received by the host, if so, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving the data, otherwise, trigger the sixth determining unit.

Optionally, the first processing module 418 further includes: an eleventh determining unit, configured to determine whether the check value in the received data block is correct according to a checksum algorithm used by the security chip, if so, trigger the fifth determining unit, otherwise, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data.

Optionally, the second sending module 413 is triggered to report an error to the security chip 42, specifically: the second sending module 413 is triggered to send the second type data block containing the error information and the second block number to the secure chip 42.

In this embodiment, the first initialization module 421 is further configured to set the state of the secure chip 42 to an inactive state, initialize the first block number; the second initialization module 411 is further configured to initialize a second block number;

the main control chip 41 further includes a second organization generation module and a third acquisition module; the secure chip 42 further includes a second parsing generation module;

a second organization generation module, configured to organize and generate a reset request according to the host communication parameters, and trigger the waiting second sending module 413 to send a second data block including the reset request and a second block number to the security chip 42; the host communication parameters comprise the maximum frame length which can be received by the host;

the first receiving module 422 is further configured to receive a second data block containing a reset request and a second block number sent by the second sending module 413;

the second analysis generation module is used for analyzing the received reset request in the first type data block to obtain host communication parameters, organizing and generating a reset response according to the communication parameters of the security chip, and setting the state of the security chip 42 to be an activated state;

the first sending module 425 is further configured to send the first type data block including the reset response and the first block number generated by the second parsing and generating module to the main control chip 41;

the second receiving module 414 is further configured to receive a first type data block including a reset response and a first block number returned by the secure chip 42;

and the third acquisition module is used for acquiring the communication parameters of the security chip from the reset response of the first type data block and acquiring the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the security chip according to the communication parameters of the security chip.

The second sending module 413 in this embodiment includes:

a twelfth judging unit, configured to judge whether to perform data block link transmission, if yes, trigger the second bit packetization unit, and otherwise trigger the third generating unit;

the second set subpackage unit is used for setting the chain transmission identifier, subpackaging data to be sent according to the maximum receivable frame length of the security chip and generating a first type data block according to the chain transmission identifier, the second block number and the first unprocessed data packet organization;

a third generating unit, configured to organize and generate the first type data block according to the data to be transmitted and the second block number;

and a second sending unit, configured to send the first type data block generated by the second set bit packet unit and the third generating unit to the security chip 42, start timing by turning on the second timer 412, and wait for receiving the data block returned by the security chip 42.

Specifically, in this embodiment, the operation module 424 includes:

a thirteenth judging unit, configured to judge the type of the data block according to the command header in the data block, and trigger a fourteenth judging unit if the data block is the first type data block;

a fourteenth judging unit, configured to judge whether the first type data block includes a reset request, and if so, trigger the fifteenth judging unit; otherwise, triggering a fourth acquisition unit;

a fifteenth determining unit, configured to determine whether the state of the security chip 42 is an inactive state, and if so, trigger the first parsing and generating unit; otherwise, triggering the first sending module 425 to report an error to the main control chip 41, closing the first timer 423, and waiting for receiving data;

a first analysis generating unit, configured to analyze the reset request to obtain host communication parameters, generate a reset response according to the security chip communication parameters, trigger the first sending module 425 to return a first type data block including the reset response and the first block number and a fourth type data block including the first block number to the main control chip 41, close the first timer 423, set the state of the security chip 42 to an active state, and wait for receiving data;

the fourth acquisition unit is used for acquiring a data field from the received first type data block, acquiring a link indicating bit and a received block number according to a command header in the first type data block, and storing a link transmission identifier according to the link indicating bit;

a sixteenth determining unit, configured to determine whether a second type data block including success information needs to be sent to the main control chip 41 according to the received block number and the stored link identifier, if so, reverse the first block number, trigger the first sending module 425 to send the second type data block including the success information and the first block number and a fourth type data block including the first block number to the main control chip 41, close the first timer 423, and wait for receiving data; otherwise, triggering a second operation generation unit;

the second operation generating unit is used for executing corresponding operation according to the data of the data field and generating response data;

a seventeenth judging unit, configured to judge whether to perform data block link transmission, if so, trigger the second packet organizing unit, and otherwise, trigger the fourth generating unit;

the second packet organization unit is used for performing packet packing on the response data according to the maximum frame length which can be received by the host to obtain a plurality of response data packets, reversing the first block number and organizing according to the unprocessed first response data packet and the first block number to obtain a first type data block;

the fourth generating unit is used for reversing the first block number and obtaining a first type data block according to the response data and the first block number;

the first sending module 425 is further configured to send the first type data block generated by the second packet organizing unit or the fourth generating unit and the fourth type data block containing the first block number to the main control module.

Optionally, the operation module 424 further includes:

an eighteenth judging unit, configured to, when the thirteenth judging unit judges that the type of the data block is the second type of data block, judge whether the state of the security chip 42 is an activated state, if so, trigger the nineteenth judging unit, otherwise trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, and wait for receiving data;

a nineteenth judging unit, configured to judge whether the received second type data block includes success information, if so, trigger a third reverse organization unit, otherwise trigger the first sending module 425 to send the last sent fourth type data block and the first type data block to the main control chip 41 again, close the first timer 423, and wait for data reception;

and a third inversion organization unit, configured to invert the first block number, organize the first type data block according to the next unprocessed response data packet and the first block number, trigger the first sending module 425 to return the fourth type data block and the first type data block that include the first block number to the main control chip 41, close the first timer 423, and wait for receiving data.

Optionally, the operation module 424 further includes:

a twentieth judging unit, configured to, when the thirteenth judging unit judges that the type of the data block is the third type of data block, judge whether the state of the security chip 42 is an activated state, if yes, trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, wait for receiving data, and otherwise trigger the twenty-first judging unit;

a twenty-first judging unit, configured to judge whether the received third type data block includes a hot reset request, if so, trigger the first sending module 425 to return the fourth type data block including the first block number and the first type data block including a hot reset response and the first block number to the main control chip 41, close the first timer 423, set the state of the security chip 42 to an inactive state, and wait for receiving data; otherwise, the first sending module 425 is triggered to report an error to the main control chip 41, the first timer 423 is closed, and data reception is waited.

Optionally, the operation module 424 further includes: a twenty-second determining unit, configured to determine whether the data length in the first type data block is greater than the maximum receivable frame length of the security chip 42, if so, trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, and wait for receiving data, otherwise, trigger the sixteenth determining unit.

Optionally, the operation module 424 further includes: and a twenty-third determining unit, configured to obtain a checksum from the received data block, and determine whether the received data block is valid according to the checksum, if so, trigger the thirteenth determining unit, otherwise, trigger the first sending module 425 to report an error to the main control chip 41, close the first timer 423, and wait for receiving data.

In this embodiment, triggering the first sending module 425 to report an error to the main control chip 41 specifically includes: the first sending module 425 is triggered to return the fourth type data block containing the first block number and the second type data block containing the error information and the first block number to the main control chip 41.

Correspondingly, the first processing module 418 includes:

a twenty-fourth judging unit, configured to judge whether the received data block includes a fourth type data block, if so, trigger the twenty-fifth judging unit, otherwise, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

a twenty-fifth judging unit, configured to judge whether a block number in the fourth type data block is consistent with the second block number, if so, trigger the fifth obtaining unit, otherwise, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

a fifth acquiring unit, which acquires the command header and the data field from the received data block;

a twenty-sixth judging unit, configured to judge the type of the data block according to the command header, and trigger a twenty-seventh judging unit if the data block is the first type data block;

a twenty-seventh judging unit, configured to judge whether the first type data block includes a reset response, if so, obtain a security chip communication parameter from the reset response of the first type data block, obtain, according to the security chip communication parameter, a maximum receivable frame length of the security chip, a first preset time, and a checksum algorithm used by the security chip, and otherwise, trigger the second obtaining unit;

in this embodiment, after the system passes through the twenty-seventh determining unit, the main control chip starts to send data to the security chip again;

a second obtaining unit, configured to obtain a link indicator and a received block number according to the command header;

a twenty-eighth determining unit, configured to determine whether the received block number is the same as the second block number, if so, trigger the second reverse storage unit, otherwise, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

the second reversal storage unit is used for reversing the second block number, storing the chain transmission identifier according to the link indicator bit and storing the data field;

a twenty-ninth determining unit, configured to determine, according to the stored link transmission identifier, whether a second type data block including success information needs to be sent to the security chip 42, if so, trigger the waiting second sending module 413 to send the second type data block including the success information and the second block number to the security chip 42, start the second timer 412 to start timing, wait for receiving data, otherwise, return response data to the application layer according to the stored data field, and end.

Optionally, the first processing module 418 further includes:

a thirtieth judging unit, configured to, when the twenty-sixth judging unit judges that the type of the data block is the second type data block, judge whether the data length in the second type data block is 0, if yes, trigger a third obtaining unit, otherwise, return error information to the application layer, and end;

a third obtaining unit configured to obtain a received block number according to the command header;

a thirty-first judging unit, configured to judge whether the received second type data block includes success information, if yes, trigger a thirty-second judging unit, otherwise trigger the second sending module 413 to resend the last sent first type data block to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

a thirty-second determining unit, configured to determine whether the received block number is the same as the second block number, if so, trigger the fourth reverse organization unit, otherwise trigger the second sending module 413 to resend the last sent first type data block to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

and a fourth reverse organization unit, configured to reverse the second block number, organize the second unprocessed data block to be sent and the second block number to obtain the first type data block, trigger the second sending module 413 to send the first type data block to the security chip 42, start the second timer 412 to start timing, and wait for receiving data.

Optionally, the first processing module 418 further includes:

a thirty-third judging unit, configured to, when the twenty-sixth judging unit judges that the type of the data block is the third type data block, judge whether the third type data block is a delay request, if yes, trigger the second resetting module 416, and otherwise trigger a thirty-fourth judging unit;

a thirty-four judging unit, configured to judge whether the third type data block is a hot reset response, if so, trigger a hot reset operation unit, otherwise, trigger the second sending module 413 to send the second type data block including the success information and the second block number to the security chip 42, open the second timer 412 to start timing, and wait for receiving data;

and the thermal reset operation unit is configured to perform a thermal reset operation on the secure chip 42, trigger the wait second sending module 413 to send the first data block including the reset request and the second block number to the secure chip 42, start timing by the second timer 412, and wait for receiving data.

Optionally, the first processing module 418 further includes: a thirty-fifth judging unit, configured to judge whether the length of the data in the received data block is greater than the maximum frame length receivable by the host, if so, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving the data, otherwise, trigger the twenty-seventh judging unit.

Optionally, the first processing module 418 further includes: and a thirty-sixth judging unit, configured to judge whether the check value in the received data block is correct according to a checksum algorithm used by the security chip, if so, trigger the twenty-sixth judging unit, otherwise, trigger the second sending module 413 to report an error to the security chip 42, open the second timer 412 to start timing, and wait for receiving data.

In this embodiment, triggering the second sending module 413 to report an error to the security chip 42 specifically includes: the second sending module 413 is triggered to send the second type data block containing the second block number and the error information to the secure chip 42.

In this embodiment, the determining whether to perform data block chain transmission in the first determining unit and the twelfth determining module includes: and judging whether the length of the data to be transmitted is greater than the maximum receivable frame length of the security chip, if so, chain transmission is needed, otherwise, chain transmission is not needed.

In this embodiment, the determining whether to perform data block chaining in the third determining unit and the seventeenth determining unit includes: and judging whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, requiring chain transmission, otherwise, not requiring chain transmission.

The embodiment of the invention sets a timer on each side of the MCU and the SE for appointing the waiting time, and if the SE does not finish processing the data in the appointed time, the embodiment of the invention sends a delay request to the MCU, namely the MCU waits for the appointed time again, and the SE side continues processing, thereby effectively preventing the SE false death phenomenon and ensuring the normal communication between the MCU and the SE.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (58)

1. A method for realizing stable communication between a main control chip and a security chip is characterized by comprising the following steps:

step A1: powering on the main control chip and initializing a second timer; powering on the security chip and initializing a first timer;

step A2: the main control chip sends data to the security chip, opens the second timer to start timing, and waits for receiving the data returned by the security chip;

step A3: when the security chip receives the data sent by the main control chip, the first timer is started to time;

step A4: the security chip operates according to the received data, returns an operation response to the main control chip and closes the first timer;

step A5: when the main control chip receives data, judging the type of the received data, if the type of the received data is an operation response, closing the second timer, and processing the operation response; if the request is a delay request, resetting the second timer, starting to time, waiting for receiving data, and returning to the step A5;

entering an interrupt when the first timer reaches a first preset time, the interrupt comprising: the safety chip sends a delay request to the main control chip, resets the first timer and exits from interruption;

between the step A3 and the step A5, the method further comprises the following steps: the main control chip judges whether the waiting time is over or not through the second timer, and if so, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip;

the step A4 includes:

step A41: the safety chip judges the type of the data block according to the command header in the data block, if the data block is the first type data block, the step A42 is executed, and if the data block is the second type data block, the step A49 is executed;

step A42: the security chip acquires a data domain from a received first type data block, acquires a link indicating bit and a received block number according to a command header in the first type data block, and stores a link transmission identifier according to the link indicating bit;

step A43: the security chip reverses the first block number, judges whether a second type data block needs to be sent to the main control chip or not according to the received block number and the stored link identifier, if so, executes the step A44, otherwise, executes the step A45;

step A44: the security chip sends a second type data block containing success information and the first block number to the main control chip, closes the first timer and waits for receiving data;

step A45: the security chip executes corresponding operation according to the data of the data domain and generates response data;

step A46: the security chip judges whether data block chain transmission is carried out, if so, the step A47 is executed, otherwise, the step A48 is executed;

step A47: the security chip performs sub-packaging on the response data according to the maximum frame length which can be received by a host to obtain a plurality of response data packets, organizes a first type data block according to an unprocessed first response data packet and the first block number and sends the first type data block to the main control chip, closes the first timer and waits for receiving data;

step A48: the security chip organizes to obtain a first type data block according to response data and the first block number, sends the first type data block to the main control chip, closes the first timer and waits for receiving data;

step A49: the safety chip obtains a received block number from a command header in the data block, judges whether the received block number is the same as the first block number, resends the first type data block sent last time to the main control chip if the received block number is the same as the first block number, closes the first timer, waits for receiving data, and otherwise, executes the step A410;

step A410: and the security chip reverses the first block number, organizes the first type data block according to the first block number and the unprocessed next response data packet and sends the first type data block to the main control chip, closes the first timer and waits for receiving data.

2. The method of claim 1, wherein the main control chip determines whether to wait for timeout through a second timer, specifically: and the main control chip judges whether the time value of the second timer is greater than the first preset time, if so, the main control chip waits for overtime, otherwise, the main control chip does not wait for overtime.

3. The method of claim 1, wherein between step a1 and step a2 further comprises:

step Y11: the main control chip organizes and generates a reset request according to host communication parameters and sends the reset request to the security chip; the host communication parameters comprise a maximum frame length receivable by the host;

step Y12: the security chip analyzes the reset request to obtain host communication parameters, organizes and generates a reset response according to the communication parameters of the security chip and returns the reset response to the main control chip;

step Y13: the main control chip receives a reset response returned by the safety chip, obtains the communication parameters of the safety chip from the reset response, and obtains the receivable maximum frame length of the safety chip, the first preset time and the checksum algorithm used by the safety chip according to the communication parameters of the safety chip.

4. The method of claim 3, wherein said step A1 further comprises: the main control chip initializes a second block number; the security chip initializes a first block number;

the step A2 includes:

step A21: the main control chip judges whether to perform data block chain transmission, if so, sets a chain transmission identifier, subpackages data to be transmitted according to the maximum receivable frame length of the security chip, generates a first type data block according to the chain transmission identifier, a second block number and a first unprocessed data packet organization, and executes the step A22, otherwise, generates the first type data block according to the data to be transmitted and the second block number organization, and executes the step A22;

step A22: and the main control chip sends the first type data block to the security chip, opens the second timer to start timing, and waits for receiving the data block returned by the security chip.

5. The method of claim 1, wherein between the step a42 and the step a43 further comprises: and the safety chip judges whether the data length in the data block is greater than the maximum frame length which can be received by the safety chip, if so, the safety chip reports an error to the main control chip, closes the first timer and waits for receiving data, otherwise, the step A43 is executed.

6. The method of claim 1, wherein said step a41 is preceded by: when the security chip receives the data block, obtaining a checksum from the received data block, and judging whether the received data block is valid according to the checksum, if so, executing step a41, otherwise, the security chip reports an error to the main control chip, closes the first timer, and waits for receiving data.

7. The method according to claim 5 or 6, wherein the security chip reports an error to the main control chip, specifically: and the safety chip sends a second type data block containing error information and the first block number to the main control chip.

8. The method of claim 1, wherein said processing the operational response comprises:

step A51: the main control chip acquires a command header and a data field from the received data block;

step A52: the main control chip judges the type of the data block according to the command header, if the data block is the first type data block, the step A53 is executed, and if the data block is the second type data block, the step A56 is executed; if the data block is the third type data block, executing step A59;

step A53: the main control chip obtains a link indicating bit and a received block number according to the command header, judges whether the received block number is the same as the second block number, if so, executes the step A54, otherwise, the main control chip reports an error to the security chip, opens the second timer to start timing, and waits for receiving data;

step A54: the main control chip reverses the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step A55: the main control chip judges whether a second type data block needs to be sent to the safety chip or not according to the stored chain transmission identification, if so, the main control chip sends the second type data block containing success information and the second block number to the safety chip, opens the second timer to start timing, and waits for receiving data; otherwise, the main control chip returns response data to the application layer according to the stored data domain, and the operation is finished;

step A56: the main control chip judges whether the data length is 0, if so, the step A57 is executed, otherwise, the main control chip returns error information to the application layer, and the operation is finished;

step A57: the main control chip obtains a received block number according to the command header, judges whether the received block number is the same as the second block number, if so, executes the step A58, otherwise, retransmits the first type data block sent last time to the safety chip, opens the second timer to start timing, and waits for receiving data;

step A58: the main control chip reverses the second block number, organizes according to the next data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the safety chip, and opens the second timer to start timing and wait for receiving data;

step A59: and the main control chip resets the second timer and starts to time to wait for receiving data.

9. The method of claim 8, wherein between the step a52 and the step a53 further comprises: and the main control chip judges whether the length of the data in the received data block is greater than the maximum frame length which can be received by the host, if so, the main control chip reports an error to the safety chip, opens the second timer to start timing, waits for receiving data, and otherwise, executes the step A53.

10. The method of claim 8, wherein between step a51 and step a52 further comprises: and the main control chip judges whether the check value in the received data block is correct or not according to the checksum algorithm used by the safety chip, if so, the step A52 is executed, otherwise, the main control chip reports an error to the safety chip, and the second timer is started to time to wait for receiving data.

11. The method according to claim 9 or 10, wherein the master control chip reports an error to the security chip, specifically: and the main control chip sends a second type data block containing error information and the second block number to the safety chip.

12. The method of claim 4, wherein the determining, by the master control chip, whether to perform data block chaining comprises: and the main control chip judges whether the length of the data to be transmitted is greater than the maximum frame length which can be received by the safety chip, if so, chain transmission is required, otherwise, chain transmission is not required.

13. The method of claim 1, wherein the security chip determining whether to perform data block chaining comprises: and the safety chip judges whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, the chain transmission is needed, otherwise, the chain transmission is not needed.

14. A method for realizing stable communication between a main control chip and a security chip is characterized by comprising the following steps:

step A1: powering on the main control chip and initializing a second timer; powering on the security chip and initializing a first timer;

step A2: the main control chip sends data to the security chip, opens the second timer to start timing, and waits for receiving the data returned by the security chip;

step A3: when the security chip receives the data sent by the main control chip, the first timer is started to time;

step A4: the security chip operates according to the received data, returns an operation response to the main control chip and closes the first timer;

step A5: when the main control chip receives data, judging the type of the received data, if the type of the received data is an operation response, closing the second timer, and processing the operation response; if the request is a delay request, resetting the second timer, starting to time, waiting for receiving data, and returning to the step A5;

entering an interrupt when the first timer reaches a first preset time, the interrupt comprising: the safety chip sends a delay request to the main control chip, resets the first timer and exits from interruption;

between the step A3 and the step A5, the method further comprises the following steps: the main control chip judges whether the waiting time is over or not through the second timer, and if so, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip;

the step A4 includes:

step B1: the safety chip judges the type of the data block according to the command header in the data block, if the data block is the first type data block, the step B2 is executed;

step B2: the security chip judges whether the first type data block contains a reset request, if so, the step B3 is executed; otherwise, executing step B6;

step B3: the security chip judges whether the state of the security chip is an inactivated state, if so, the step B4 is executed; otherwise, executing step B5;

step B4: the security chip analyzes the reset request to obtain host communication parameters, generates a reset response according to the security chip communication parameters, returns a first type data block containing the reset response and a first block number and a fourth type data block containing the first block number to the main control chip, closes the first timer, sets the state of the security chip to be an activated state, and waits for receiving data;

step B5: the security chip reports an error to the main control chip, closes the first timer and waits for receiving data;

step B6: the security chip acquires a data domain from a received first type data block, acquires a link indicating bit and a received block number according to a command header in the first type data block, and stores a link transmission identifier according to the link indicating bit;

step B7: the security chip judges whether a second type data block containing success information needs to be sent to the main control chip or not according to the received block number and the stored link identification, if so, the step B8 is executed, otherwise, the step B9 is executed;

step B8: the safety chip reverses the first block number, sends a second type data block containing success information and the first block number and a fourth type data block containing the first block number to the main control chip, closes the first timer and waits for receiving data;

step B9: the security chip executes corresponding operation according to the data of the data domain and generates response data;

step B10: the safety chip judges whether data block chain transmission is carried out, if so, the step B11 is executed, otherwise, the step B12 is executed;

step B11: the security chip performs sub-packaging on the response data according to the maximum frame length which can be received by a host to obtain a plurality of response data packets, reverses the first block number, organizes the unprocessed first response data packet and the first block number to obtain a first type data block, sends the first type data block and a fourth type data block containing the first block number to the main control chip, closes the first timer and waits for receiving data;

step B12: and the safety chip reverses the first block number, acquires a first type data block according to response data and the first block number, sends the first type data block and a fourth type data block containing the first block number to the main control chip, closes the first timer and waits for receiving data.

15. The method of claim 14, wherein said step a1 further comprises: the security chip sets the state of the security chip to be an inactivated state; the main control chip initializes a second block number; the security chip initializes a first block number;

the steps A1 and A2 further include:

step T1: the main control chip organizes and generates a reset request according to the communication parameters of the host computer and sends a second data block containing the reset request and a second block number to the security chip; the host communication parameters comprise a maximum frame length receivable by the host;

step T2: the security chip analyzes a received reset request in the first type data block to obtain host communication parameters, organizes and generates a reset response according to the security chip communication parameters, sends the first type data block containing the reset response and a first block number to the main control chip, and sets the state of the security chip to be an activated state;

step T3: the main control chip receives the first type data block returned by the safety chip, obtains the communication parameters of the safety chip from the reset response of the first type data block, and obtains the receivable maximum frame length of the safety chip, the first preset time and the checksum algorithm used by the safety chip according to the communication parameters of the safety chip.

16. The method of claim 15, wherein said step a2 comprises:

step A21: the main control chip judges whether to perform data block chain transmission, if so, sets a chain transmission identifier, subpackages data to be transmitted according to the maximum receivable frame length of the security chip, generates a first type data block according to the chain transmission identifier, a second block number and a first unprocessed data packet organization, and executes the step A22, otherwise, generates the first type data block according to the data to be transmitted and the second block number organization, and executes the step A22;

step A22: and the main control chip sends the first type data block to the security chip, opens the second timer to start timing, and waits for receiving the data block returned by the security chip.

17. The method of claim 14, wherein said step a4 further comprises:

step C1: the safety chip judges the type of the data block according to the command header in the data block, if the data block is the second type data block, the step C2 is executed;

step C2: the security chip judges whether the state of the security chip is an activated state, if so, the step C4 is executed, otherwise, the step C3 is executed;

step C3: the security chip reports an error to the main control chip, closes the first timer and waits for receiving data;

step C4: the security chip judges whether the received second type data block contains success information, if so, the step C5 is executed, otherwise, the last sent fourth type data block and the first type data block are sent to the main control chip again, the first timer is closed, and data reception is waited;

step C5: and the security chip inverts the first block number, organizes the first type data block according to a next unprocessed response data packet and the first block number to obtain a first type data block, returns a fourth type data block containing the first block number and the first type data block to the main control chip, closes the first timer and waits for receiving data.

18. The method of claim 17, wherein said step a4 further comprises:

step D1: the safety chip judges the type of the data block according to the command header in the data block, if the data block is a third type data block, the step D2 is executed;

step D2: the security chip judges whether the state of the security chip is an activated state, if so, the step D5 is executed, otherwise, the step D3 is executed;

step D3: the security chip judges whether the received third type data block contains a hot reset request, if so, the step D4 is executed, otherwise, the step D5 is executed;

step D4: the security chip returns a fourth type data block containing the first block number and a first type data block containing a hot reset response and the first block number to the main control chip, closes the first timer, sets the state of the security chip to be an inactivated state, and waits for receiving data;

step D5: and the security chip reports an error to the main control chip, closes the first timer and waits for receiving data.

19. The method of claim 14, wherein between the step B6 and the step B7 further comprises: and the safety chip judges whether the data length in the first type data block is greater than the maximum frame length which can be received by the safety chip, if so, the safety chip reports an error to the main control chip, closes the first timer and waits for receiving data, otherwise, the step B7 is executed.

20. The method of claim 14, 17 or 18, wherein the determining the type of the data block according to the command header in the data block by the security chip comprises: when the safety chip receives the data block, the safety chip acquires a checksum from the received data block, judges whether the received data block is valid or not according to the checksum, if so, the safety chip judges the type of the data block according to a command header in the data block, otherwise, the safety chip reports an error to the main control chip, closes the first timer and waits for receiving data.

21. The method according to any one of claims 14 and 17 to 19, wherein the security chip reports an error to the main control chip, specifically: and the safety chip returns a fourth type data block containing the first block number and a second type data block containing error information and the first block number to the main control chip.

22. The method of claim 18, wherein said processing the operational response comprises:

step a 1: the main control chip judges whether the received data block contains a fourth type data block, if so, the step a2 is executed, otherwise, the main control chip reports an error to the security chip, the second timer is started to time, and the main control chip waits for receiving data;

step a 2: the main control chip judges whether the block number in the fourth type data block is consistent with the second block number, if so, the step a3 is executed, otherwise, the main control chip reports an error to the safety chip, the second timer is started to time, and data reception is waited;

step a 3: the main control chip acquires a command header and a data field from the received data block;

step a 4: the main control chip judges the type of the data block according to the command header, and if the type of the data block is the first type of data block, the step a5 is executed;

step a 5: the main control chip judges whether the first type data block contains a reset response, if yes, the safety chip communication parameters are obtained from the reset response of the first type data block, the receivable maximum frame length of the safety chip, the first preset time and the checksum algorithm used by the safety chip are obtained according to the safety chip communication parameters, the step A2 is returned, and if not, the step a6 is executed;

step a 6: the main control chip obtains a link indicating bit and a received block number according to the command header;

step a 7: the main control chip judges whether the received block number is the same as the second block number, if so, the step a9 is executed, otherwise, the step a8 is executed;

step a 8: the main control chip reports an error to the safety chip, a second timer is started to time, and data is waited to be received;

step a 9: the main control chip inverts the second block number, stores the chain transmission identification according to the link indicator bit and stores the data field;

step a 10: the main control chip judges whether a second type data block containing success information needs to be sent to the security chip or not according to the stored chain transmission identifier, if so, the main control chip sends the second type data block containing the success information and a second block number to the security chip, a second timer is started to start timing, and the data is waited to be received, otherwise, the step a11 is executed;

step a 11: and the main control chip returns response data to the application layer according to the stored data field, and the operation is finished.

23. The method of claim 22, wherein said step a4 further comprises: the main control chip judges whether the type of the data block is a second type data block according to the command header and executes the step a 12;

step a 12: the main control chip judges whether the data length in the second type data block is 0, if so, the step a13 is executed, otherwise, the main control chip returns error information to the application layer, and the process is finished;

step a 13: the main control chip obtains a received block number according to the command header;

step a 14: the main control chip judges whether the received second type data block contains success information, if so, the step a15 is executed, otherwise, the first type data block sent last time is retransmitted to the safety chip, a second timer is started to start timing, and data is waited to be received;

step a 15: the main control chip judges whether the received block number is the same as the second block number, if so, the step a16 is executed, otherwise, the first type data block sent last time is retransmitted to the safety chip, a second timer is started to start timing, and data is waited to be received;

step a 16: and the main control chip reverses the second block number, organizes the second block number according to the next unprocessed data block to be sent and the second block number to obtain a first type data block and sends the first type data block to the safety chip, and starts a second timer to start timing to wait for receiving data.

24. The method of claim 23, wherein said step a4 further comprises: the main control chip judges whether the type of the data block is a third type data block according to the command header and executes the step a 17;

step a 17: the main control chip judges whether the third type data block is a delay request, if so, the step a18 is executed, otherwise, the step a19 is executed;

step a 18: the master control chip resets a second timer and starts timing to wait for receiving data;

step a 19: the main control chip judges whether the third type data block is a hot reset response, if so, the step a20 is executed, otherwise, the step a21 is executed;

step a 20: the main control chip executes a hot reset operation on the security chip, sends a first data block containing a reset request and a second block number to the security chip, starts a second timer to start timing, and waits for receiving data;

step a 21: and the main control chip sends a second type data block containing success information and a second block number to the security chip, and opens a second timer to start timing to wait for receiving data.

25. The method of claim 22, wherein between the step a4 and the step a5 comprises: and the main control chip judges whether the data length in the received data block is greater than the maximum frame length which can be received by the host, if so, the main control chip reports an error to the safety chip, opens the second timer to start timing, waits for receiving data, and otherwise, executes the step a 5.

26. The method of claim 22, wherein between the step a3 and the step a4 further comprises: and the main control chip judges whether the check value in the received data block is correct or not according to the checksum algorithm used by the safety chip, if so, the step a4 is executed, otherwise, the main control chip reports an error to the safety chip, and the second timer is started to time to wait for receiving data.

27. The method of any one of claims 22-26, wherein the master chip reporting an error to the security chip comprises: and the main control chip sends a second type data block containing the second block number and error information to a security chip.

28. The method of claim 16, wherein the determining whether to perform the data block chaining by the master chip comprises: and the main control chip judges whether the length of the data to be transmitted is greater than the maximum frame length which can be received by the safety chip, if so, chain transmission is required, otherwise, chain transmission is not required.

29. The method of claim 14, wherein the security chip determining whether to perform a data block chaining, comprises: and the safety chip judges whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, the chain transmission is needed, otherwise, the chain transmission is not needed.

30. A system for realizing stable communication between a main control chip and a security chip is characterized by comprising the main control chip and the security chip, wherein the main control chip comprises a second initialization module, a second timer, a second sending module, a second receiving module, a first judgment module, a second resetting module, a second judgment module and a first processing module; the security chip includes: the device comprises a first initialization module, a first receiving module, a first timer, an operation module, a first sending module and an interrupt processing module;

the second initialization module is used for initializing a second timer after the main control chip is powered on;

the first initialization module is used for initializing a first timer after the security chip is powered on;

the second sending module is used for sending data to the security chip and opening the second timer;

the second timer is used for starting timing after being started;

the first receiving module is used for receiving the data sent by the second sending module and opening the first timer;

the first timer is used for starting timing after being started;

the operation module is used for operating according to the received data received by the first receiving module;

the first sending module is configured to return an operation response of the operation module to the main control chip, and close the first timer;

the second receiving module is configured to receive the data sent by the first sending module;

the first judging module is configured to judge a type of the data received by the second receiving module, and if the type of the data is an operation response, close the second timer and trigger the first processing module; if the request is a delay request, triggering the second reset module;

the second resetting module is used for resetting the second timer and turning on;

the first processing module is used for processing the operation response;

the interrupt processing module is used for sending a delay request to the main control chip when the first timer reaches a first preset time and resetting the first timer;

the second judging module is used for judging whether the main control chip waits for overtime through the second timer, and if yes, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip, and triggering the second receiving module;

the operation module comprises:

the second judging unit is used for judging the type of the data block according to the command head in the data block, if the data block is the first type data block, the first acquisition and storage unit is triggered, and if the data block is the second type data block, the first acquisition and judgment unit is triggered;

the first obtaining and storing unit is used for obtaining a data field from a received first type data block, obtaining a link indicating bit and a received block number according to a command header in the first type data block, and storing a link transmission identifier according to the link indicating bit;

a first inversion judging unit, configured to invert a first block number, judge whether a second type data block needs to be sent to the main control chip according to the received block number and a stored link identifier, if yes, trigger the second sending module to send the second type data block including success information and the first block number to the main control chip, close the first timer, wait for receiving data, and otherwise trigger the first operation generating unit;

the first operation generation unit is used for executing corresponding operation according to the data of the data domain and generating response data;

the third judging unit is used for judging whether to carry out data block chain transmission, if so, the first packet organizing unit is triggered, and if not, the second generating unit is triggered;

the first packet grouping unit is configured to group-pack the response data according to a maximum frame length that can be received by a host to obtain a plurality of response data packets, group the response data according to an unprocessed first response data packet and the first block number to obtain a first type data block, trigger the first sending module to send the first type data block to the main control chip, close the first timer, and wait for receiving data;

the second generating unit is configured to obtain a first type data block according to response data and the first block number, trigger the first sending module to send the first type data block to the main control chip, close the first timer, and wait for receiving data;

the first obtaining and judging unit is used for obtaining a received block number from a command header in the data block, judging whether the received block number is the same as the first block number or not, if so, triggering the first sending module to resend the first type data block sent last time to the main control chip, closing the first timer, waiting for receiving data, and otherwise, triggering the second inversion generating unit;

and the second inversion generation unit is used for inverting the first block number, organizing the first type data block according to the first block number and the unprocessed next response data packet, triggering the first sending module to send the first type data block to the main control chip, closing the first timer and waiting for receiving data.

31. The system according to claim 30, wherein the second determining module is specifically configured to determine whether a time value of the second timer is greater than the first preset time, and if so, report an error to the application layer; otherwise, continuing to wait for receiving the data returned by the security chip, and triggering the second receiving module.

32. The system of claim 30, wherein the master chip further comprises a first organization generation module and a first acquisition module, and the security chip further comprises a first parsing generation module;

the first organization generation module is used for organizing and generating a reset request according to host communication parameters and triggering the second sending module to send the reset request to the security chip; the host communication parameters comprise a maximum frame length receivable by the host;

the first receiving module is further configured to receive a reset request sent by the second sending module;

the first analysis generation module is used for analyzing the reset request received by the first receiving module to obtain host communication parameters and organizing and generating reset response according to the communication parameters of the security chip;

the first sending module is further configured to return a reset response of the first parsing and generating module to the main control chip;

the second receiving module is further used for receiving a reset response returned by the security chip;

the first obtaining module is used for obtaining the communication parameters of the security chip from the reset response received by the second receiving module, and obtaining the receivable maximum frame length of the security chip, the first preset time and the checksum algorithm used by the security chip according to the communication parameters of the security chip.

33. The system of claim 32, wherein the second initialization module is further configured to initialize a second block number; the first initialization module is further used for initializing a first block number;

the second sending module includes:

the first judging unit is used for judging whether to perform data block chain transmission, if so, the first bit packet unit is triggered, and otherwise, the first generating unit is triggered;

the first set subpackage unit is used for setting the chain transmission identifier, subpackaging data to be sent according to the maximum receivable frame length of the security chip and generating a first type data block according to the chain transmission identifier, the second block number and the first unprocessed data packet organization;

the first generating unit is used for organizing and generating a first type data block according to data to be sent and a second block number;

and the first sending unit is used for sending the first type data blocks generated by the first set packet unit and the first generating unit to the security chip, starting the second timer to start timing, and waiting for receiving the data blocks returned by the security chip.

34. The system of claim 30, wherein the operation module further comprises: and the third judging unit is used for judging whether the length of the data in the data block is greater than the maximum receivable frame length of the safety chip, if so, triggering the first sending module to report errors to the main control chip, closing the first timer, waiting for receiving the data, and otherwise, triggering the first inversion judging unit.

35. The system of claim 30, wherein the operation module further comprises: and the fourth judging unit is used for acquiring a checksum from the received data block, judging whether the received data block is valid according to the checksum, if so, triggering the second judging unit, otherwise, triggering the first sending module to report an error to the main control chip, closing the first timer, and waiting for receiving data.

36. The system of claim 34 or 35, wherein the triggering the first sending module to report an error to the main control chip specifically includes: and triggering the first sending module to send a second type data block containing error information and the first block number to the main control chip.

37. The system of claim 30, wherein the first processing module comprises:

a first obtaining unit, configured to obtain a command header and a data field from the received data block;

the fifth judging unit is used for judging the type of the data block according to the command head, if the data block is the first type data block, the sixth judging unit is triggered, and if the data block is the second type data block, the eighth judging unit is triggered; if the data block is the third type data block, triggering the second reset module;

the sixth judging unit is configured to obtain a link indicator and a received block number according to the command header, judge whether the received block number is the same as the second block number, if so, trigger the first reverse storage unit, otherwise, trigger the second sending module to report an error to the security chip, open the second timer to start timing, and wait for data reception;

the first reverse storage unit is used for reversing the second block number, storing the link transmission identifier according to the link indicator bit and storing the data field;

a seventh judging unit, configured to judge whether a second type data block needs to be sent to the security chip according to the stored link transmission identifier, if yes, trigger the second sending module to send the second type data block including success information and the second block number to the security chip, open the second timer to start timing, and wait for data reception; otherwise, returning response data to the application layer according to the stored data domain, and ending;

the eighth judging unit is configured to judge whether the data length is 0, trigger the ninth judging unit if the data length is 0, and otherwise return error information to the application layer, and end the process;

the ninth judging unit is configured to obtain a received block number according to the command header, judge whether the received block number is the same as the second block number, if so, trigger the first reverse organization unit, otherwise, trigger the second sending module to resend the first type data block sent last to the security chip, open the second timer to start timing, and wait for receiving data;

the first reverse organization unit is used for reversing a second block number, organizing according to a next data block to be sent and the second block number to obtain a first type data block, triggering the second sending module to send the first type data block to the security chip, starting the second timer to start timing, and waiting for receiving data.

38. The system of claim 37, wherein the first processing module further comprises: a tenth judging unit, configured to judge whether a data length in the received data block is greater than a maximum frame length receivable by the host, if so, trigger the second sending module to report an error to the security chip, open the second timer to start timing, and wait for receiving data, otherwise, trigger the sixth judging unit.

39. The system of claim 37, wherein the first processing module further comprises: and the eleventh judging unit is used for judging whether the check value in the received data block is correct or not according to the checksum algorithm used by the security chip, if so, triggering the fifth judging unit, otherwise, triggering the second sending module to report an error to the security chip, starting the second timer to time, and waiting for receiving data.

40. The system according to claim 38 or 39, wherein the triggering the second sending module to report an error to the security chip specifically is: and triggering the second sending module to send a second type data block containing error information and the second block number to the security chip.

41. The system of claim 33, wherein the determining whether to perform the data block chaining in the first determining unit comprises: and judging whether the length of the data to be transmitted is greater than the maximum receivable frame length of the security chip, if so, chain transmission is needed, otherwise, chain transmission is not needed.

42. The system of claim 30, wherein the determining whether to perform the data block chaining in the third determining unit comprises: and judging whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, requiring chain transmission, otherwise, not requiring chain transmission.

43. A system for realizing stable communication between a main control chip and a security chip is characterized by comprising the main control chip and the security chip, wherein the main control chip comprises a second initialization module, a second timer, a second sending module, a second receiving module, a first judgment module, a second resetting module, a second judgment module and a first processing module; the security chip includes: the device comprises a first initialization module, a first receiving module, a first timer, an operation module, a first sending module and an interrupt processing module;

the second initialization module is used for initializing a second timer after the main control chip is powered on;

the first initialization module is used for initializing a first timer after the security chip is powered on;

the second sending module is used for sending data to the security chip and opening the second timer;

the second timer is used for starting timing after being started;

the first receiving module is used for receiving the data sent by the second sending module and opening the first timer;

the first timer is used for starting timing after being started;

the operation module is used for operating according to the received data received by the first receiving module;

the first sending module is configured to return an operation response of the operation module to the main control chip, and close the first timer;

the second receiving module is configured to receive the data sent by the first sending module;

the first judging module is configured to judge a type of the data received by the second receiving module, and if the type of the data is an operation response, close the second timer and trigger the first processing module; if the request is a delay request, triggering the second reset module;

the second resetting module is used for resetting the second timer and turning on;

the first processing module is used for processing the operation response;

the interrupt processing module is used for sending a delay request to the main control chip when the first timer reaches a first preset time and resetting the first timer;

the second judging module is used for judging whether the main control chip waits for overtime through the second timer, and if yes, an error is reported to an application layer; otherwise, continuing to wait for receiving the data returned by the security chip, and triggering the second receiving module;

the operation module comprises:

a thirteenth judging unit, configured to judge the type of the data block according to the command header in the data block, and trigger a fourteenth judging unit if the data block is the first type data block;

the fourteenth judging unit is configured to judge whether the first type data block includes a reset request, and if yes, trigger the fifteenth judging unit; otherwise, triggering a fourth acquisition unit;

the fifteenth judging unit is used for judging whether the state of the security chip is an inactivated state, and if so, triggering the first analysis generating unit; otherwise, triggering the first sending module to report errors to the main control chip, closing the first timer and waiting for receiving data;

the first analysis generating unit is used for analyzing the reset request to obtain host communication parameters, generating a reset response according to the security chip communication parameters, triggering the first sending module to return a first type data block containing the reset response and a first block number and a fourth type data block containing the first block number to the main control chip, closing the first timer, setting the state of the security chip to be an activated state, and waiting for receiving data;

the fourth obtaining unit is configured to obtain a data field from a received first-type data block, obtain a link indicator bit and a received block number according to a command header in the first-type data block, and store a link identifier according to the link indicator bit;

a sixteenth determining unit, configured to determine whether a second type data block including success information needs to be sent to the main control chip according to the received block number and the stored link identifier, if so, reverse the first block number, trigger the first sending module to send the second type data block including success information and the first block number and a fourth type data block including the first block number to the main control chip, close the first timer, and wait for data reception; otherwise, triggering a second operation generation unit;

the second operation generating unit is used for executing corresponding operation according to the data of the data domain and generating response data;

a seventeenth judging unit, configured to judge whether to perform data block link transmission, if so, trigger the second packet organizing unit, and otherwise, trigger the fourth generating unit;

the second packet organizing unit is used for subpackaging the response data generated by the second operation generating unit according to the maximum frame length which can be received by the host computer to obtain a plurality of response data packets, inverting the first block number and organizing according to the unprocessed first response data packet and the first block number to obtain a first type data block;

the fourth generating unit is used for reversing the first block number and obtaining a first type data block according to response data and the first block number;

the first sending module is further configured to send the first type data block generated by the second packet organizing unit or the fourth generating unit and the fourth type data block containing the first block number to the main control chip.

44. The system of claim 43, wherein the first initialization module is further configured to set a state of the secure chip to an inactive state, initialize the first block number; the second initialization module is further used for initializing a second block number;

the main control chip also comprises a second organization generation module and a third acquisition module; the security chip also comprises a second analysis generation module;

the second organization generation module is used for organizing and generating a reset request according to the communication parameters of the host and triggering and waiting a second sending module to send a second data block containing the reset request and a second block number to the security chip; the host communication parameters comprise a maximum frame length receivable by the host;

the first receiving module is further configured to receive a second data block containing a reset request and a second block number sent by the second sending module;

the second analysis generation module is used for analyzing the received reset request in the first type data block to obtain host communication parameters, organizing and generating a reset response according to the communication parameters of the security chip, and setting the state of the security chip to be an activated state;

the first sending module is further configured to send a first type data block including the reset response and the first block number generated by the second parsing and generating module to the main control chip;

the second receiving module is further configured to receive a first type data block including the reset response and a first block number, where the first type data block is returned by the security chip;

the third obtaining module is configured to obtain a security chip communication parameter from the reset response of the first type data block, and obtain, according to the security chip communication parameter, a receivable maximum frame length of the security chip, a first preset time, and a checksum algorithm used by the security chip.

45. The system of claim 44, wherein the second transmitting module comprises:

a twelfth judging unit, configured to judge whether to perform data block link transmission, if yes, trigger the second bit packetization unit, and otherwise trigger the third generating unit;

the second set subpackage unit is used for setting the chain transmission identifier, subpackaging data to be sent according to the maximum receivable frame length of the security chip and generating a first type data block according to the chain transmission identifier, the second block number and the first unprocessed data packet organization;

the third generating unit is used for organizing and generating a first type data block according to the data to be sent and the second block number;

and the second sending unit is used for sending the first type data blocks generated by the second set bit packet unit and the third generating unit to the security chip, starting the second timer to start timing, and waiting for receiving the data blocks returned by the security chip.

46. The system of claim 43, wherein the operation module further comprises:

an eighteenth judging unit, configured to, when the thirteenth judging unit judges that the type of the data block is the second type of data block, judge whether the state of the security chip is an activated state, if so, trigger a nineteenth judging unit, otherwise, trigger the first sending module to report an error to the main control chip, close the first timer, and wait for receiving data;

the nineteenth judging unit is configured to judge whether the received second type data block includes success information, if so, trigger a third reverse organization unit, otherwise, trigger the first sending module to send the last sent fourth type data block and the first type data block to the main control chip again, close the first timer, and wait for data reception;

the third inversion organization unit is configured to invert the first block number, organize the first type data block according to a next unprocessed response data packet and the first block number, trigger the first sending module to return a fourth type data block including the first block number and the first type data block to the main control chip, close the first timer, and wait for data reception.

47. The system of claim 46, wherein the operation module further comprises:

a twentieth judging unit, configured to, when the thirteenth judging unit judges that the type of the data block is the third type of data block, judge whether the state of the security chip is an activated state, if yes, trigger the first sending module to report an error to the main control chip, close the first timer, wait for receiving data, and otherwise trigger the twenty-first judging unit;

the twenty-first judging unit is configured to judge whether the received third type data block includes a hot reset request, if so, trigger the first sending module to return a fourth type data block including the first block number and a first type data block including a hot reset response and the first block number to the main control chip, close the first timer, set the state of the security chip to an inactive state, and wait for data reception; otherwise, triggering the first sending module to report errors to the main control chip, closing the first timer and waiting for receiving data.

48. The system of claim 43, wherein the operation module further comprises: and a twenty-second judging unit, configured to judge whether the data length in the first type data block is greater than a maximum acceptable frame length of the security chip, if so, trigger the first sending module to report an error to the main control chip, close the first timer, and wait for receiving data, otherwise, trigger the sixteenth judging unit.

49. The system of claim 43, 46 or 47, wherein the operation module further comprises: and a twenty-third judging unit, configured to obtain a checksum from the received data block, and judge whether the received data block is valid according to the checksum, if so, trigger the thirteenth judging unit, otherwise, trigger the first sending module to report an error to the main control chip, close the first timer, and wait for receiving data.

50. The system according to any one of claims 43 and 46 to 48, wherein the triggering the first sending module to report an error to the main control chip specifically is: and triggering the first sending module to return a fourth type data block containing the first block number and a second type data block containing error information and the first block number to a main control chip.

51. The system of claim 47, wherein the first processing module comprises:

a twenty-fourth judging unit, configured to judge whether the received data block includes a fourth type data block, if so, trigger a twenty-fifth judging unit, otherwise, trigger the second sending module to report an error to the security chip, open the second timer to start timing, and wait for receiving data;

the twenty-fifth judging unit is used for judging whether the block number in the fourth type data block is consistent with the second block number, if so, triggering a fifth acquiring unit, otherwise, triggering the second sending module to report an error to the security chip, starting the second timer to start timing, and waiting for receiving data;

the fifth acquiring unit acquires a command header and a data field from the received data block;

a twenty-sixth judging unit, configured to judge the type of the data block according to the command header, and trigger a twenty-seventh judging unit if the data block is the first type data block;

a twenty-seventh judging unit, configured to judge whether the first type data block includes a reset response, if so, obtain a security chip communication parameter from the reset response of the first type data block, obtain, according to the security chip communication parameter, a maximum receivable frame length of the security chip, a first preset time, and a checksum algorithm used by the security chip, and otherwise, trigger the second obtaining unit;

the second obtaining unit is used for obtaining the link indicating bit and the received block number according to the command header;

a twenty-eighth judging unit, configured to judge whether the received block number is the same as the second block number, if so, trigger the second reverse storage unit, otherwise, trigger the second sending module to report an error to the security chip, open a second timer to start timing, and wait for receiving data;

the second reversal storage unit is used for reversing the second block number, storing the chain transmission identifier according to the link indicator bit and storing the data field;

and a twenty-ninth judging unit, configured to judge whether a second type data block including success information needs to be sent to the security chip according to the stored link transmission identifier, if so, trigger a waiting second sending module to send the second type data block including the success information and a second block number to the security chip, start a second timer to start timing, wait for data to be received, and otherwise, return response data to the application layer according to the stored data field, and end.

52. The system of claim 51, wherein the first processing module further comprises:

a thirtieth judging unit, configured to, when the twenty-sixth judging unit judges that the type of the data block is the second type data block, judge whether the data length in the second type data block is 0, if so, trigger a third obtaining unit, otherwise, return error information to the application layer, and end;

the third obtaining unit is used for obtaining the received block number according to the command header;

a thirty-first judging unit, configured to judge whether the received second type data block includes success information, if so, trigger a thirty-second judging unit, otherwise, trigger the second sending module to resend the last sent first type data block to the security chip, open a second timer to start timing, and wait for receiving data;

the thirty-second judging unit is configured to judge whether the received block number is the same as the second block number, if so, trigger a fourth reverse organization unit, otherwise, trigger the second sending module to resend the first type data block sent last to the security chip, open a second timer to start timing, and wait for receiving data;

and the fourth reverse organization unit is used for reversing the second block number, organizing according to the next unprocessed data block to be sent and the second block number to obtain a first type data block, triggering the second sending module to send the first type data block to the security chip, starting a second timer to start timing, and waiting for receiving data.

53. The system of claim 52, wherein the first processing module further comprises:

a thirty-third judging unit, configured to, when the twenty-sixth judging unit judges that the type of the data block is the third type data block, judge whether the third type data block is a delay request, if yes, trigger the second resetting module, otherwise trigger a thirty-fourth judging unit;

the thirty-four judging unit is used for judging whether the third type data block is a hot reset response, if so, the hot reset operation unit is triggered, otherwise, the second sending module is triggered to send the second type data block containing success information and a second block number to the security chip, a second timer is started to time, and data reception is waited;

and the thermal reset operation unit is used for executing thermal reset operation on the security chip, triggering a second sending waiting module to send a first data block containing a reset request and a second block number to the security chip, starting a second timer to start timing, and waiting for receiving data.

54. The system of claim 51, wherein the first processing module further comprises: a thirty-fifth judging unit, configured to judge whether the length of the data in the received data block is greater than the maximum frame length receivable by the host, if so, trigger the second sending module to report an error to the security chip, open the second timer to start timing, and wait for receiving data, otherwise, trigger the twenty-seventh judging unit.

55. The system of claim 51, wherein the first processing module further comprises: and the thirty-sixth judging unit is used for judging whether the check value in the received data block is correct or not according to the checksum algorithm used by the security chip, if so, triggering the twenty-sixth judging unit, otherwise, triggering the second sending module to report an error to the security chip, starting the second timer to time, and waiting for receiving data.

56. The system according to any one of claims 51 to 55, wherein the triggering the second sending module to report an error to the security chip is specifically: and triggering the second sending module to send a second type data block containing the second block number and error information to a security chip.

57. The system of claim 45, wherein the determining whether to perform the data block chaining in the twelfth determining module comprises: and judging whether the length of the data to be transmitted is greater than the maximum receivable frame length of the security chip, if so, chain transmission is needed, otherwise, chain transmission is not needed.

58. The system according to claim 43, wherein the judging in the seventeenth judging unit whether or not to perform data block chaining comprises: and judging whether the length of the response data is greater than the length of the maximum frame which can be received by the host, if so, requiring chain transmission, otherwise, not requiring chain transmission.

Images