CN109067757A - Safety method and system based on IPMI encryption module - Google Patents
Safety method and system based on IPMI encryption module Download PDFInfo
- Publication number
- CN109067757A CN109067757A CN201810962759.6A CN201810962759A CN109067757A CN 109067757 A CN109067757 A CN 109067757A CN 201810962759 A CN201810962759 A CN 201810962759A CN 109067757 A CN109067757 A CN 109067757A
- Authority
- CN
- China
- Prior art keywords
- message
- ipmi
- decryption
- encryption
- format messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 title claims abstract description 133
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000005540 biological transmission Effects 0.000 claims abstract description 52
- 230000007246 mechanism Effects 0.000 claims abstract description 11
- 238000005538 encapsulation Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 abstract 4
- 238000004806 packaging method and process Methods 0.000 abstract 2
- 238000007726 management method Methods 0.000 description 24
- 230000006870 function Effects 0.000 description 11
- 238000012544 monitoring process Methods 0.000 description 10
- 238000012423 maintenance Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/565—Conversion or adaptation of application format or content
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a security method and a security system based on an IPMI encryption module.A remote control end realizes message packaging and packaging of an IPMI message to be transmitted, and realizes whether the message is encrypted or not; realizing network transmission of the message; the server side receives the messages and classifies the messages, if the messages comprise a first encryption type, message decryption is triggered, and if the messages comprise a second encryption type, message transmission is triggered; according to a decryption mechanism, decryption of the message is achieved, if the decryption is successful, message transmission is triggered, and if the decryption is unsuccessful, locking self-destruction is triggered; IPMI message transmission locking is realized. The invention adopts the encryption and decryption unit, locks IPMI transmission when inputting errors for many times, and can start the self-destruction function if necessary, thereby realizing the safety of the IPMI intelligent management platform.
Description
Technical field
The present invention relates to IPMI intelligent management platform fields, and in particular, to the safety method based on IPMI encrypting module
And system.
Background technique
IPMI refers to intelligent platform management interface, is formulated by tetra- company of Intel, HP, Dell, NEC, Neng Gou
A set of interface specification of the peripheral equipment of the server of different software and hardware platforms is managed on single console.It is advised by IPMI
Model, system manager can be with effective monitoring server physical health features, such as power supply, fan, temperature, CPU, memory and hard disk
The working condition etc. of equal all parts.IPMI is made of the BMC system core, SDR, SEL, FRU, ICMB, IPMB subsystem.BMC
Refer to baseboard management controller, be the core of control and the management of IPMI, is realized on complete individually chip, independently of server
CPU, BIOS or operating system, long-range detection, management can be provided and restore function, be one and individually run in system
Without proxy management subsystem, the middle layer of a system bottom hardware and tension management software interactive is provided, it is each by acquiring
A sensor information is simultaneously converted to identical message format and is sent to different controller and management software, while out of system
The difference received control command of information channel such as portion's bus, network, serial ports and modem is sent to corresponding controller, from
And realize the long-range management on isomery software and hardware platform.SDR refers to sensor database, contains all the sensors in system
Information, the formula and coefficient for sensor reading being converted into standard unit are contained in each individual SDR;IPM can be incited somebody to action
Collected system status information is stored as System Event Log into SEL;IPMI also supports the storage and access of FRU, is
System can will be present in the information storage to FRU of each system component on mainboard.IPM standard is to realize cross platform system
Management provide IPMB interface and ICMB interface, communicated between different server respectively.IPMB is based on I2C standard implementation,
For realizing the communication between components different on mainboard.ICMB interface is then mainly used for realizing the communication between different server.
By IPMB and ICMB interface, IPMI standard is truly realized the access and management of the system to soft and hardware isomery.
IPMI standard from 1998 propose since, the support of 170 vendors has been obtained, this make its gradually at
For a complete hardware management specification including server and other systems (such as storage equipment, network and communication equipment), mesh
The preceding newest version of the standard is IPMI2.0, which has many improvement on the basis of original, including can pass through string
The remote environments management server systems (including remote on-off) such as mouth, modem and LAN.And with the quick hair of IT technology
Exhibition, data center's scale are gradually expanded, and architecture becomes increasingly complex, and while bringing convenient, also gives O&M pipe
Reason increases difficulty.In order to guarantee that system stable operation and failure are repaired in time, high maintenance data center, IPMI is intelligently managed
Platform is widely used in cross-platform centralized management, and is developed rapidly.But meanwhile safety becomes IPMI and intelligently manages
A vital factor for platform.IPMI interface provides the manipulation ability comprehensive to server, but IPMI is assisted
The SHA1 that RAKP is used in view carries out code key Hash operation problem, the problem of being known to one and be widely present.We are only
It can be bypassed by disabling the remote access of IPMI, but if all big enterprises introduce NET for the demand to remotely controlling
To substitute the remote access of IPMI.It introducing NET and just introduces safety problem, such as man-in-the-middle attack, certificate is forged, cross-site attack,
Script injection, DDOS etc., safety problem also become increasingly serious.It is communicated once being stolen, and is changed, implantation wooden horse etc., will be right
The information security of enterprise causes immeasurable loss, therefore with greater need for the protection in all directions being capable of providing to IPMI.
Patent document CN107248932A discloses a kind of remote server automatic protection based on IPMI protocol, is related to remote
Thread management server field uses IPMI protocol, long-range acquisition server system relevant operating conditions parameter in real time, according to reality
The work threshold value of each working status parameter is arranged in situation, by by the work thresholding of real-time working status parameter and setting
Value compares and analyzes, and judges whether working status parameter reaches setting thresholding, is, accordingly carries out automatically processing operation, otherwise
Continue collecting work state parameter and carries out period judgement.The patent proposes a kind of automatic protecting method of remote control server,
The management is based on IPMI protocol, and safety method is related to monitoring server state, is automatically processed if abnormal.
Patent document CN107566140A discloses a kind of remote upgrade method and system based on IPMI, is related to network and sets
Standby technical field, this method includes the connection established between Intelligent Platform Management Interface IPMI and equipment to be upgraded, described wait rise
Grade equipment includes that the first Operation and Maintenance entity and the second Operation and Maintenance entity hold the first Operation and Maintenance entity by interface
It is electrically operated under row, and upgrade the second Operation and Maintenance entity judge upgrading after the equipment to be upgraded whether normal operation,
If if so, rising the version after the first Operation and Maintenance entity and the second Operation and Maintenance entity automatic synchronization to upgrading
The equipment operation to be upgraded after grade is abnormal, then back to the version before upgrading, the embodiment of the present invention is by increasing IPMI
Interface is based on existing upgrading process, achievees the purpose that automatic remote upgrades, and be easily restored to liter when upgrading failure
Version before grade.The patent proposes a kind of method based on IPMI remote control server, which is based on IPMI protocol,
The connection between Intelligent Platform Management Interface IPMI and equipment to be upgraded is established, IPMI interface is increased, is flowed based on existing upgrading
Journey achievees the purpose that automatic remote upgrades, and is easily restored to the version before upgrading when upgrading failure.
Above-mentioned two patent documents are not directed to the security mechanism of encryption and decryption, do not encrypt to the information of transmission, do not exist
Server end is decrypted using deciphering module, and not set password realizes encryption and decryption, and does not have a self-destroying function.
Summary of the invention
For the defects in the prior art, the object of the present invention is to provide a kind of safety methods based on IPMI encrypting module
And system.
A kind of safety method based on IPMI encrypting module provided according to the present invention is the following steps are included: IPMI message is sealed
It fills step: message encapsulation being carried out to IPMI message to be transmitted and is packaged, the first format messages are denoted as;Message encryption step: inquiry
Whether the first format messages need encryption, obtain the second format messages according to inquiry result, if desired encrypt, then to first
Format messages are encrypted, and second format messages are labeled as the first encryption type, if not needing to encrypt, by institute
It states the second format messages and is labeled as the second encryption type;Message sending step: network transmission is carried out to the second format messages.
The safety method for being preferably based on IPMI encrypting module is further comprising the steps of: message reception step: described in reception
Second format messages;Type of message classifying step: classification processing is carried out to second format messages, if the second format messages quilt
It is labeled as the first encryption type, then triggers message decryption step and is executed, if the second format messages are noted as the second encryption
Type then triggers message transmission;Message decryption step: according to decryption mechanisms, the second format messages are decrypted, if being decrypted into
Function then triggers message transmission, if decryption is unsuccessful, triggers locking self-destruction step and is executed;It locks self-destruction step: realizing
The transmission locking of IPMI message.
A kind of security system based on IPMI encrypting module provided according to the present invention, comprises the following modules: IPMI message
Package module: realize that carrying out the encapsulation of NET message to IPMI message to be transmitted is packaged, and is denoted as the first format messages;Message encryption
Module: realization asks whether encryption to the first format messages, obtains the second format messages, if desired encrypts, is then added
Close processing is labeled as the first encryption type, if not needing to encrypt, is labeled as the second encryption type;Message transmission module: it realizes
To the network transmission of the second format messages.
The security system for being preferably based on IPMI encrypting module further includes with lower module: message reception module: being realized to institute
State the reception of the second format messages;Type of message categorization module: classification processing is carried out to second format messages, if the second lattice
Formula message includes the first encryption type, then triggers message decryption, if the second format messages include the second encryption type, triggering disappears
Breath transmission;Message deciphering module: according to decryption mechanisms, realizing the decryption to the second format messages, if successful decryption, triggering disappears
Breath transmission, if decryption is unsuccessful, triggers locking self-destruction;It locks self-destruction module: realizing the transmission locking of IPMI message.
Preferably, it using NET protocol encapsulation is IPMI LAN message that the network transmission, which is to IPMI message, using UDP
Mode is sent and received by remote IP network.
Preferably, the decryption mechanisms are the setting values that setting allows Password Input mistake, if input password errors number
More than setting value, then decrypt it is unsuccessful, if input proper password or input password errors number are less than setting value and last
Proper password is once inputted, then successful decryption.
Compared with prior art, the present invention have it is following the utility model has the advantages that
1, using IPMI bus, IPMI message is encapsulated as IPMI LAN message and passed through to encrypt, is passed through with UDP mode remote
Journey IP network sends and receives the request and response of server B MC, to realize the monitoring to long-range software and hardware heterogeneous system.
2, it using encryption/decryption module, is converted to be sent to after general IPMI message after encryption information being decrypted and is
BMC module of uniting is handled, and when BMC sends the request of message, encryption/decryption module will be sent to after the general IPMI message encryption
Remote control terminal.The settable password of the encryption/decryption module, the module will lock up IPMI system when repeatedly inputting password mistake, stop
The transmission of IPMI message, prevents information to be stolen.
3, it is equipped with self-destroying function, self-destroying function can be enabled when necessary, really realizes the secure side of IPMI intelligent management platform
Method.
4, the IPMI intelligent management platform while compatibility standard IPMI protocol and encryption IPMI protocol.For needing not move through
The information of encrypted transmission can be used the transmission of standard IPMI protocol, need the information by encrypted transmission, and encrypted tunnel may be selected and pass
It is defeated, it is decrypted after reaching server by deciphering module, prevents from being stolen and change.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is hardware realization functional block diagram of the invention;
Fig. 2 is encrypting module design diagram of the invention;
Fig. 3 is IPMI encryption and decryption flow chart of the invention.
Specific embodiment
The present invention is described in detail combined with specific embodiments below.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill of this field
For personnel, without departing from the inventive concept of the premise, several changes and improvements can also be made.These belong to the present invention
Protection scope.
The present invention proposes a kind of safety method of IPMI intelligent management platform based on encrypting module, using encryption and decryption list
Member, the module will lock up IPMI system when multiple input error, can enable self-destroying function when necessary, realize that IPMI intelligent management is flat
The safety of platform;The present invention while compatibility standard IPMI protocol and encryption IPMI protocol.
The invention discloses a kind of safety methods based on IPMI encrypting module, including IPMI message encapsulation step: realizing
Message encapsulation is carried out to IPMI message to be transmitted to be packaged, and is denoted as the first format messages;Message encryption step: it realizes to the first lattice
Formula message asks whether encryption, obtains the second format messages, if desired encrypts, be then encrypted, is labeled as first
Encryption type is labeled as the second encryption type if not needing to encrypt;Message sending step: it realizes to the second format messages
Network transmission.
Specifically, the safety method based on IPMI encrypting module further includes message reception step: being realized to described the
The reception of two format messages;Type of message classifying step: classification processing is carried out to second format messages, if the second format disappears
Breath includes the first encryption type, then triggers message decryption, if the second format messages include the second encryption type, triggers message biography
It is defeated;Message decryption step: according to decryption mechanisms, realizing the decryption to the second format messages, if successful decryption, triggers message biography
It is defeated, if decryption is unsuccessful, trigger locking self-destruction;It locks self-destruction step: realizing the transmission locking of IPMI message.
Specifically, it using NET protocol encapsulation is IPMI LAN message that the network transmission, which is to IPMI message, using UDP
Mode is sent and received by remote IP network.
Specifically, the decryption mechanisms are the setting values that setting allows Password Input mistake, if input password errors number
More than setting value, then decrypt it is unsuccessful, if input proper password or input password errors number are less than setting value and last
Proper password is once inputted, then successful decryption.
The invention discloses a kind of security systems based on IPMI encrypting module, comprise the following modules: the encapsulation of IPMI message
Module: realize that carrying out the encapsulation of NET message to IPMI message to be transmitted is packaged, and is denoted as the first format messages;Message encryption module:
Realization asks whether encryption to the first format messages, obtains the second format messages, if desired encrypts, then carries out at encryption
Reason, is labeled as the first encryption type, if not needing to encrypt, is labeled as the second encryption type;Message transmission module: it realizes to the
The network transmission of two format messages.
Specifically, the security system based on IPMI encrypting module further includes with lower module: message reception module: being realized to institute
State the reception of the second format messages;Type of message categorization module: classification processing is carried out to second format messages, if the second lattice
Formula message includes the first encryption type, then triggers message decryption, if the second format messages include the second encryption type, triggering disappears
Breath transmission;Message deciphering module: according to decryption mechanisms, realizing the decryption to the second format messages, if successful decryption, triggering disappears
Breath transmission, if decryption is unsuccessful, triggers locking self-destruction;It locks self-destruction module: realizing the transmission locking of IPMI message.
The security system of IPMI encrypting module provided by the invention can pass through the step of the safety method of IPMI encrypting module
Rapid process is realized.The safety method of IPMI encrypting module can be interpreted as the IPMI encrypting module by those skilled in the art
The preference of security system.
The present invention is further elaborated in terms of hardware-software below.
IPMI intelligent management platform in the present invention is made of remote console, transfer bus, server.Intelligent platform pipe
It manages interface (IPMI) and hardware management is executed by remote console, include IPMI interface, server, pipe are connected by IPMI bus
Reason personnel can manage and access system.It can connect network interface, IPMB interface etc. in IPMI bus, assisted by NET and IPMB
View remotely is realized the communication with server.In IPMI, BMC is sended and received using identical message format.Long-range control
It holds and is IPMI LAN message for the access encapsulation of the BMC of system and passes through encryption, pass through remote IP network with UDP mode and send
With the request and response for receiving server B MC, to realize monitoring to long-range software and hardware heterogeneous system.
Server internal includes an encryption/decryption element, which connects IPMI bus, can directly be controlled with the LAN of system
Device processed is communicated, and LAN controller can classify the data packet on network, BMC is sent to after encryption/decryption element, together
When, the data packet for being transmitted to BMC can also be sent to host CPU, and non-encapsulated is RMCP (the long-range postal of communication network protocol
Part checks one of agreement) data packet of format, then it can only be sent to host CPU.Similarly message is received or sent when BMC has
When request, the LAN controller of system is accessed after the encryption/decryption element, long-range control is sent by NET interface by data
End.
Encryption/decryption element while compatibility standard IPMI protocol and encryption IPMI protocol, in the WEB interface etc. of remote control terminal
Human-computer interaction interface can be set whether encrypt and Crypted password.When server receives what remote control terminal transmitted
When IPMI message, encryption/decryption element judges whether the message is encryption message.If common IPMI message, then post messages to
BMC module.If encryption IP MI message, need to input correct password in server end, encryption/decryption element disappears encryption IP MI
Breath decryption, is converted to general IPMI message transmission to BMC module.When inputting password errors number more than setting value, add solution
Close unit will send an IPMI order to BMC module, locking system.To guarantee the safety of system.Likewise, when service
When device is needed message transmissions such as server infos to remote control terminal, server end can be arranged by user interface is
It is no to need encrypted transmission and setting encrypted transmission password.Information package is PMI message by BMC, and encryption/decryption element judges that this disappears
Whether breath needs decrypted transport.If not needing encrypted transmission, gives the common IPMI message transmission to LAN controller, be sent to
Remote control terminal.IPMI message is then converted to and is sent to after encryption IP MI message by LAN controller by if desired encrypted transmission
Remote control terminal, remote control terminal need the user interface input in remote control terminal correctly close after receiving message
Encryption IP MI message is decrypted, is converted to general IPMI message by code.
The present invention includes that hardware design and cryptographic protocol design two parts.The hardware design is that entire IPMI is intelligently managed
Platform system, including remote control terminal, IPMI transmission and server end.Remote control terminal includes IPMI interface, NET interface,
IPMI hop uses NET agreement, is encapsulated as IPMI LAN message, is sent and received with UDP mode by remote IP network.
Server end includes IPMI interface, NET interface, encryption/decryption module.Cryptographic protocol design is using encryption IP MI transmission and standard
IPMI compatible mode can be used the transmission of standard IPMI protocol, need by adding for needing not move through the information of encrypted transmission
The information of close transmission may be selected encrypted tunnel transmission, decrypt after reaching server by deciphering module, prevent from being stolen and more
Change.
As shown in Figure 1, server is the core of entire intelligent control platform, it can be by multiple master controls and node administration list
Member composition.Master control administrative unit includes mainboard, sensor, BMC unit, network interface, encryption/decryption element;BMC unit is responsible for connecing
Sensor information is received, other hardware informations of fan and mainboard realize the hardware state monitoring of server;Network interface is used to
The order of distal end is received, and will send information to encryption/decryption element, general purpose I PMI message is decrypted into, is sent to BMC unit, BMC
Unit controls hardware switch machine or acquisition information and by information package at general purpose I PMI message, warp according to the order received
Encryption/decryption element encryption is crossed, remote control terminal is sent to by network interface.
As shown in Fig. 2, IPMI intelligence control platform, need to realize intelligent control, real-time monitoring, analyzing and diagnosing, early warning/
The functions such as alarm, troubleshooting, remote-control meet the needs of efficient, safety.IPMB bus protocol is compatible with I2C bus protocol,
It is based on I2C bus.A large amount of IPMI information order set is contained in IPMI codes and standards.IPMI provides system
The function of remotely monitoring, provide it is a kind of unrelated with hardware device manufacturer, can remotely check server system starting, operation
System loading passes through the long-range management diagnosis safeguard service device system of Management Controller.
The IPMI of compatibility standard of the present invention is communicated, and server B mc unit is responsible for receiving the hardware state monitoring letter of server
Breath;Network interface is used to receive the order of distal end, and sends a command to BMC unit, BMC unit according to the order received,
It controls hardware switch machine or acquisition information and by information package at general purpose I PMI message, long-range control is sent to by network interface
End processed.Cryptographic protocol design increases encryption/decryption element in server internal, provides safety certification and encryption and decryption functions, ensure that number
According to safety during remote transmission, IPMI also provides the function of establishing safety long-distance session and user authentication login.
As shown in figure 3, the IPMI order of encryption is packaged into NET message by remote control terminal is sent to clothes by network interface
It is engaged in device end, whether needing to encrypt in the settable IPMI message of remote control terminal, and setting Crypted password.The network of server end
Interface is used to receive the encryption IP MI order of remote control terminal, and will send information to " encryption and decryption " module, " encryption and decryption " module
To judge whether the message is to encrypt message then to post messages to BMC module if common IPMI message.If encryption
IPMI message needs to input correct password in server end, and encryption IP MI message is decrypted, is converted to general by encryption/decryption element
IPMI message transmission to BMC module.When inputting password errors number more than setting value, encryption/decryption element will send one
IPMI order is to BMC module, locking system.General purpose I PMI message is converted to after encryption information decryption, is sent to BMC unit;BMC
Unit is responsible for the hardware state of monitoring server, and the hardware information of monitoring is packaged into general purpose I PMI information, is sent to encryption and decryption
Unit, is sent to BMC unit by network interface after encryption, and BMC controls hardware switch machine or adopt according to the order received
Collect information and by information package at general purpose I PMI message, is encrypted by encryption/decryption element, long-range control is sent to by network interface
End processed.
One skilled in the art will appreciate that in addition to realizing system provided by the invention in a manner of pure computer readable program code
It, completely can be by the way that method and step be carried out programming in logic come so that provided by the invention other than system, device and its modules
System, device and its modules are declined with logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion
The form of controller etc. realizes identical program.So system provided by the invention, device and its modules may be considered that
It is a kind of hardware component, and the knot that the module for realizing various programs for including in it can also be considered as in hardware component
Structure;It can also will be considered as realizing the module of various functions either the software program of implementation method can be Hardware Subdivision again
Structure in part.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited to above-mentioned
Particular implementation, those skilled in the art can make a variety of changes or modify within the scope of the claims, this not shadow
Ring substantive content of the invention.In the absence of conflict, the feature in embodiments herein and embodiment can any phase
Mutually combination.
Claims (6)
1. a kind of safety method based on IPMI encrypting module, which comprises the following steps:
IPMI message encapsulation step: message encapsulation is carried out to IPMI message to be transmitted and is packaged, the first format messages are denoted as;
Message encryption step: whether the first format messages of inquiry need encryption, obtain the second format according to inquiry result and disappear
Breath, if desired encrypts, then the first format messages is encrypted, second format messages are labeled as the first encryption class
Second format messages are labeled as the second encryption type if not needing to encrypt by type;
Message sending step: network transmission is carried out to the second format messages.
2. the safety method according to claim 1 based on IPMI encrypting module, which is characterized in that further include following step
It is rapid:
Message reception step: second format messages are received;
Type of message classifying step: carrying out classification processing to second format messages, if the second format messages are noted as the
One encryption type then triggers message decryption step and is executed, if the second format messages are noted as the second encryption type, touched
Send out message transmission;
Message decryption step: according to decryption mechanisms, being decrypted the second format messages, if successful decryption, triggers message biography
It is defeated, if decryption is unsuccessful, triggers locking self-destruction step and executed;
It locks self-destruction step: realizing the transmission locking of IPMI message.
3. a kind of security system based on IPMI encrypting module, which is characterized in that comprise the following modules:
IPMI message package module: realize that carrying out the encapsulation of NET message to IPMI message to be transmitted is packaged, and is denoted as the first format and disappears
Breath;
Message encryption module: realization encryption is asked whether to the first format messages, obtain the second format messages, if desired plus
It is close, then it is encrypted, is labeled as the first encryption type, if not needing to encrypt, be labeled as the second encryption type;
Message transmission module: the network transmission to the second format messages is realized.
4. the security system according to claim 3 based on IPMI encrypting module, which is characterized in that further include with lower die
Block:
Message reception module: the reception to second format messages is realized;
Type of message categorization module: carrying out classification processing to second format messages, if the second format messages add including first
Close type then triggers message decryption, if the second format messages include the second encryption type, triggers message transmission;
Message deciphering module: according to decryption mechanisms, realize that the decryption to the second format messages triggers message if successful decryption
Transmission, if decryption is unsuccessful, triggers locking self-destruction;
It locks self-destruction module: realizing the transmission locking of IPMI message.
5. the safety method or base according to claim 3 according to claim 1 based on IPMI encrypting module
In the security system of IPMI encrypting module, which is characterized in that the network transmission is to be using NET protocol encapsulation to IPMI message
IPMI LAN message is sent and received using UDP mode by remote IP network.
6. the safety method or base according to claim 4 according to claim 2 based on IPMI encrypting module
In the security system of IPMI encrypting module, which is characterized in that the decryption mechanisms are the settings that setting allows Password Input mistake
Value, if input password errors number is more than setting value, decrypt it is unsuccessful, if input proper password or input password mistake time
Number is less than setting value and last time input proper password, then successful decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810962759.6A CN109067757B (en) | 2018-08-22 | 2018-08-22 | Safety method and system based on IPMI encryption module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810962759.6A CN109067757B (en) | 2018-08-22 | 2018-08-22 | Safety method and system based on IPMI encryption module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067757A true CN109067757A (en) | 2018-12-21 |
| CN109067757B CN109067757B (en) | 2021-07-02 |
Family
ID=64755771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810962759.6A Active CN109067757B (en) | 2018-08-22 | 2018-08-22 | Safety method and system based on IPMI encryption module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067757B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110569484A (en) * | 2019-09-09 | 2019-12-13 | 山东浪潮人工智能研究院有限公司 | method for determining sensor reading calculation formula coefficient and method for measuring physical quantity |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1649314A (en) * | 2004-01-19 | 2005-08-03 | 英业达股份有限公司 | SOL realizing method accorded with IPMI standard |
| CN101030880A (en) * | 2006-03-03 | 2007-09-05 | 环达电脑(上海)有限公司 | Multi-server management system and method |
| US20080307502A1 (en) * | 2007-06-07 | 2008-12-11 | Aten International Co., Ltd. | User message management methods and systems |
| CN101488884A (en) * | 2008-01-14 | 2009-07-22 | 宏正自动科技股份有限公司 | Control device, data processing device and its use method |
| CN104363117A (en) * | 2014-11-04 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for realizing serial port redirection based on IPMI |
| CN106446629A (en) * | 2016-09-13 | 2017-02-22 | 中国电子科技集团公司第三十二研究所 | Security encryption method and system for intelligent mobile terminal |
| CN106657110A (en) * | 2016-12-30 | 2017-05-10 | 北京奇虎科技有限公司 | Encrypted transmission method and apparatus of streaming data |
| US20180077245A1 (en) * | 2016-09-13 | 2018-03-15 | American Megatrends, Inc. | System and method for providing multiple ipmi serial over lan (sol) sessions in management controller stack |
-
2018
- 2018-08-22 CN CN201810962759.6A patent/CN109067757B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1649314A (en) * | 2004-01-19 | 2005-08-03 | 英业达股份有限公司 | SOL realizing method accorded with IPMI standard |
| CN101030880A (en) * | 2006-03-03 | 2007-09-05 | 环达电脑(上海)有限公司 | Multi-server management system and method |
| US20080307502A1 (en) * | 2007-06-07 | 2008-12-11 | Aten International Co., Ltd. | User message management methods and systems |
| CN101488884A (en) * | 2008-01-14 | 2009-07-22 | 宏正自动科技股份有限公司 | Control device, data processing device and its use method |
| CN104363117A (en) * | 2014-11-04 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for realizing serial port redirection based on IPMI |
| CN106446629A (en) * | 2016-09-13 | 2017-02-22 | 中国电子科技集团公司第三十二研究所 | Security encryption method and system for intelligent mobile terminal |
| US20180077245A1 (en) * | 2016-09-13 | 2018-03-15 | American Megatrends, Inc. | System and method for providing multiple ipmi serial over lan (sol) sessions in management controller stack |
| CN106657110A (en) * | 2016-12-30 | 2017-05-10 | 北京奇虎科技有限公司 | Encrypted transmission method and apparatus of streaming data |
Non-Patent Citations (3)
| Title |
|---|
| ZHILOU YU、HUA JI: ""Notice of Retraction: Research of IPMI Management Based on BMC SOC"", 《2010 INTERNATIONAL CONFERENCE ON MANAGEMENT AND SERVICE SCIENCE》 * |
| 娄山林: ""浅谈IPMI标准"", 《科技浪潮》 * |
| 王栩浩: ""基于IPMI的服务器管理系统的实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110569484A (en) * | 2019-09-09 | 2019-12-13 | 山东浪潮人工智能研究院有限公司 | method for determining sensor reading calculation formula coefficient and method for measuring physical quantity |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067757B (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9921978B1 (en) | System and method for enhanced security of storage devices | |
| JP5572705B2 (en) | System and method for managing electronic assets | |
| JP5502198B2 (en) | System and method for performing device serialization | |
| JP5342649B2 (en) | System and method for hardware-based security | |
| CN110866226B (en) | JAVA application software copyright protection method based on encryption technology | |
| CN102842001B (en) | System and method for detecting computer security information based on U disc authentication | |
| CN102195930B (en) | Security access method among equipment and communication equipment | |
| CN110891062B (en) | Password changing method, server and storage medium | |
| CN102708324A (en) | Screen locker unlocking system and method | |
| CN101901318A (en) | Trusted hardware equipment and using method thereof | |
| CN104581008B (en) | A kind of video monitoring system information security protection system and method | |
| CN109587142A (en) | A kind of the data safety AM access module and equipment of service-oriented stream | |
| US8661242B1 (en) | Autonomous password update in SNMPv3 computer network | |
| KR102018064B1 (en) | Secure communication apparatus and method for securing SCADA communication network | |
| CN109067757A (en) | Safety method and system based on IPMI encryption module | |
| US20200019734A1 (en) | Secure external soc debugging | |
| CN116707782A (en) | Password batch automatic changing method and device, electronic equipment and storage medium | |
| CN110445804A (en) | A kind of safe handling protection system about outgoing document | |
| CN113014592B (en) | Automatic registration system and method for Internet of things equipment | |
| CN113014545B (en) | Data processing method and device, computer equipment and storage medium | |
| CN218630792U (en) | PLC information safety protection device | |
| CN215340907U (en) | Multifunctional notebook docking station | |
| CN109040062A (en) | A kind of the safe condition management method and system of network transmission | |
| CN101782950B (en) | System for communication control between motherboard and onboard equipment and method thereof | |
| CN102148704A (en) | Software implementation method for universal network management interface of safe switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |