CN109905272B - Industrial firewall firmware safety dynamic cleaning method - Google Patents
Industrial firewall firmware safety dynamic cleaning method Download PDFInfo
- Publication number
- CN109905272B CN109905272B CN201811624087.4A CN201811624087A CN109905272B CN 109905272 B CN109905272 B CN 109905272B CN 201811624087 A CN201811624087 A CN 201811624087A CN 109905272 B CN109905272 B CN 109905272B
- Authority
- CN
- China
- Prior art keywords
- module
- firmware
- firewall
- modules
- main control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a safe dynamic cleaning method for industrial firewall firmware. The invention adds redundant modules for the industrial firewall, so that the topology among the modules can be dynamically changed; when the firewall firmware needs to be dynamically updated, the firmware module needing to be updated is in an idle state through topology adjustment, and new firmware is written into the module; then, the topology among the modules is changed, so that the modules enter a working state. The invention introduces a multi-module structure and reasonably arranges the connection relation among the modules, so that the firewall dynamically adjusts the topological structure when in operation, thereby supporting the firewall to clean the original firmware without shutdown, updating the defense strategy and enhancing the defense capability. By judging more than one firmware version sent by the plurality of main control modules, the judgment capability of whether the main control modules are hijacked is increased, and the safety of the firmware updating process is enhanced. The new firmware encryption and decryption method based on the Hash chain has a good defense effect on eavesdropping attacks.
Description
Technical Field
The invention belongs to the technical field of industrial network security, and relates to a dynamic cleaning method for industrial firewall firmware.
Background
The industrial firewall has very important protection function in the field of industrial network security, and the current industrial firewall technology mainly adopts the traditional firewall architecture in the Internet network and is combined by a packet filtering strategy specific to an industrial protocol. Generally, the industrial firewall adopts some white list strategies to perform compliance detection on the industrial protocol data flow flowing through. The advantages of using the white list policy by the industrial firewall are: compared with a blacklist strategy, the access control capability on abnormal data flows is better, but the defects are that the flexibility is lower, the variety of industrial protocols is numerous, a unified white list strategy is not easy to set, if the limitation on data flows is too tight, certain normal data flows cannot pass the detection, and finally the white list limitation requirement can be only relaxed, so that the actual protection capability of the industrial firewall is reduced. In addition, the industrial firewall itself is easy to be the target of attack by an attacker, and the attacker often injects a trojan program of the attacker into firewall software to control the firewall and modify the protection strategy, so that the industrial firewall loses the actual protection capability.
Disclosure of Invention
The invention aims to provide a safe dynamic cleaning method for firmware of an industrial firewall.
The invention adds redundant modules for the industrial firewall, so that the topology among the modules can be dynamically changed; when the firewall firmware needs to be dynamically updated, the firmware module needing to be updated is in an idle state through topology adjustment, and new firmware is written into the module; then, the topology among the modules is changed, so that the modules enter a working state.
The method comprises the following steps:
(1) the single-module industrial firewall is expanded into a multi-module architecture:
the general single-module industrial firewall is an industrial PC mainboard, a basic operation and storage module is embedded in the industrial firewall module to form an industrial firewall module hardware part, and special firewall software is added on the basis of the hardware to form the industrial firewall; expanding the single-module industrial firewall into a multi-module architecture, and copying a plurality of copies of single-module hardware; adding a plurality of single module hardware copies as main control module hardware, wherein the main control module is responsible for managing the cooperative work of the plurality of single modules and sending a topology conversion command and a new version firewall firmware to the single modules;
(2) the dynamic topology of the industrial firewall with the multi-module architecture is variable:
the topological relation among the single modules of the industrial firewall multi-module architecture is series connection, parallel connection or series-parallel connection mixing, in the parallel connection and series-parallel connection mixed topological structure, the single module is in working and idle states, and the main control module is only responsible for managing the single module and does not participate in the multi-module architecture construction; the technology of serial-parallel dynamic topology variable of multiple modules of the industrial firewall is realized, more than n network ports are arranged on each single module, and n is the number of the single modules; one network port of each single module is a management port of the single module and is connected with the main control module, and the rest n-1 ports are data flow passing ports; the network ports of the modules are connected by network cables, and one data stream of each module is connected with one data stream of the other modules by the port during connection, and the connection method can ensure that each module is physically connected with each other in pairs;
the firewall main control module controls the flow direction of data flow in the module by sending commands to each single module management port, namely the data flow channels of which ports are communicated with each other in the n-1 data flow ports; the control process is the general operation of a common firewall; the dynamic topology change of the multi-module architecture is realized by adjusting the data communication relation among the ports;
(3) the safe dynamic cleaning of the industrial firewall firmware is realized:
when a certain module firmware of the industrial firewall needs to be dynamically cleaned, a command is sent to each module management port through the firewall main control unit, the topological relation among multiple modules is adjusted, the module needing to be cleaned is set to be idle, then the module firmware is dynamically updated, namely cleaned, and the old firmware is covered by new firmware;
after the firmware dynamic updating process is finished, dynamically adjusting the topological relation between the modules again to enable the modules with updated firmware to enter a working state until the firmware dynamic cleaning process of a certain module is finished; and updating all the modules of the multi-module firewall one by one according to the method until all the modules are updated.
The copy number of the single module hardware is more than four and less than eight.
The basic operation and storage module comprises a CPU, an internal memory and FLASH solid storage.
The main control module is set to be three.
The manufacturing method of the firewall firmware refers to a compiling method of a kernel module of a Linux system.
The process of overwriting the old firmware with the new firmware comprises the following steps: firstly, dynamically unloading an old firewall firmware module by a firewall operating system; then, the firewall operating system acquires a new firewall firmware module from the main control module and covers the old firewall firmware module; finally, restarting and loading a new firewall firmware module into the kernel of the firewall operating system to complete the dynamic firmware updating work; the firmware is transmitted to the single board module by the main control module through an internal network, and the main control module has the threat of being hijacked, so the safety of the main control module needs to be verified; on the other hand, the veneer module also has a threat of being attacked, the transmission of the firmware from the master control to the veneer has a threat of being stolen and damaged, the security of the veneer needs to be verified, and the security of the firmware transmission process needs to be protected; the plurality of main control modules send the same firmware update version to the single board module; the single board module receives the updated firmware sent by the plurality of main control modules respectively, compares whether the firmware update is completely consistent, and implements the subsequent steps if the firmware update is consistent; if the firmware is inconsistent with the firmware, carrying out majority judgment, and selecting versions with consistent firmware updates sent by most modules to carry out subsequent steps; if the versions sent by the modules are not consistent, the updating is abandoned; the single board module verifies the safety of the firmware sent by the main control module through majority judgment; the main control module and the single board module define a shared secret before the equipment operates, in the operation process of the equipment, the main control module carries out Hash chain encryption on the new firmware version sent to the single board module, the single board module can only correctly decrypt the new firmware version and return a correct new firmware version check code if the single board module has a correct shared secret and a previous firmware version, and the main control module completes the safe updating process of the new firmware version after receiving the correct new firmware version check code.
The invention not only provides the dynamic cleaning capability of the firmware when the industrial firewall runs, but also provides the security authentication capability of the firmware. The existing industrial firewall architecture is improved, a multi-module structure is introduced, and the firewall can dynamically adjust the topological structure during operation through reasonable connection relation among the layout modules, so that the firewall is supported to clean the original firmware without shutdown, a defense strategy is updated, and defense capacity is enhanced. Meanwhile, the invention also provides a main control module heterogeneous redundancy safety authentication method, and the judgment capability of whether the main control module is hijacked or not is increased by judging more firmware versions sent by the plurality of main control modules, so that the safety of the firmware updating process is enhanced. The heterogeneous redundant structure of the main control module can slightly increase the time delay of the firmware updating process, and the single board module can accept the slight increase of the time consumption of the firmware updating process due to the introduction of a multi-module structure and the adoption of a strategy of firstly setting a certain module to be idle and then starting the module after updating. The new version firmware encryption and decryption method based on the Hash chain can provide dynamic key generation in the version updating process, so that a session key in the firmware updating process is used as a one-time key, and the method has a good defense effect on eavesdropping attacks.
Drawings
FIG. 1 is a schematic diagram of an industrial firewall single-module architecture expanded into a multi-module architecture;
FIG. 2 is a schematic diagram of a multi-module series-parallel topology of an industrial firewall;
FIG. 3 is a schematic diagram of a multi-module architecture for an industrial firewall;
FIG. 4 is a diagram illustrating dynamic cleaning of firmware of an industrial firewall;
FIG. 5 is a diagram illustrating an industrial firewall heterogeneous redundant main control module transmitting a new firmware version;
fig. 6 is a schematic diagram illustrating an encryption transmission process of a new firmware version of an industrial firewall.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
The dynamic cleaning method for the firmware of the industrial firewall supports the dynamic updating of the firmware of the firewall during the operation of the industrial firewall, adjusts the defense strategy according to needs, updates suspicious firmware in time and improves the security defense capability of the industrial firewall. A default defense policy is typically carried in the firewall firmware.
The method adds redundant modules to the industrial firewall to enable the topology among the modules to be dynamically changed; when the firewall firmware needs to be dynamically updated, the firmware module needing to be updated is in an idle state through topology adjustment, and new firmware is written into the module; then, the topology among the modules is changed, so that the modules enter a working state.
The specific method comprises the following steps:
(1) the single-module industrial firewall is expanded into a multi-module architecture:
the general single-module industrial firewall is an industrial PC mainboard, basic operation and storage modules such as a CPU, an internal memory, FLASH solid-state storage and the like are embedded to form a hardware part of the industrial firewall module, and firewall special software is added on the basis of hardware to form the industrial firewall. The expansion single-module industrial firewall is a multi-module architecture as shown in figure 1, and copies of single-module hardware are multiple, and the copy number of the single-module hardware is more than four and less than eight. In this example, six portions were used.
(2) The dynamic topology of the industrial firewall with the multi-module architecture is variable:
as shown in fig. 2, the topological relationship among the modules of the industrial firewall multi-module architecture can be series connection, parallel connection or a mixture of series connection and parallel connection, and in a parallel connection and series connection and parallel connection mixed topology structure, a single module can be in two states of working and idle. The serial structure can enable each single board to focus on processing a class of flow filtering tasks, and the filtering capability of a deep protocol packet of the firewall is enhanced; the parallel structure can enable the firewall to have the capability of judging the consistency of concurrent flow, once an error occurs in the working of a certain single board of the firewall, the error can be found due to the fact that the outputs of the two single boards are inconsistent at the consistency judging end, and the structure is also beneficial to finding the condition that a Trojan is implanted into the certain single board; the reasonable series-parallel structure can effectively integrate the advantages of series connection and parallel connection, thereby improving the defense capability of the industrial firewall against network attacks and self software system attacks.
The technology for realizing the variable serial-parallel dynamic topology of the industrial firewall multi-module is shown in fig. 3, wherein each single module is provided with more than 6 network ports, and 6 is the number of the multi-module; in the figure, the GE1 is a management port of a single module and does not participate in connection, the rest of the ports GE2-GE6 are data flow passing ports, all the modules are connected by a network cable, and one data flow of each module is connected with one data flow of the rest of the modules by the ports during connection; the connection method can ensure that each module is physically connected with each other two by two.
The firewall master control unit controls the flow direction of data flow in each module by sending commands to the management ports of the GE1, namely from which port of GE2-GE6 enters and exits, and the control process is the general operation of a common firewall. The dynamic topology change of the multi-module architecture is realized through the method.
(3) Realizing dynamic cleaning of industrial firewall firmware:
when a certain module firmware of the industrial firewall needs to be dynamically cleaned, a command is sent to each module management port through the firewall main control unit, the topological relation among the modules is adjusted, the module needing to be cleaned is set to be idle as shown in fig. 4, then the module firmware is dynamically updated, namely cleaned, the old firmware is covered by the new firmware, and the covering process and the method are general methods in the field. The covering process is that the firewall operating system unloads the old firewall firmware module dynamically; then, the firewall operating system acquires a new firewall firmware module from the main control module and covers the old firewall firmware module; and finally, restarting and loading a new firewall firmware module into the kernel of the firewall operating system to complete the dynamic firmware updating work. After the cleaning is finished, the topological relation among the modules is dynamically adjusted again, so that the modules with updated firmware enter a working state until the firmware dynamic cleaning process of a certain module is finished. And updating all the modules of the multi-module firewall one by one according to the method until all the modules are updated.
The specific process of the main control module transmitting the new firmware version to the single board module by using the heterogeneous redundancy characteristic is, as shown in fig. 5:
1) the main control module adds heterogeneous redundancy characteristics, and a plurality of main control modules (set as 3 blocks without loss of generality) cooperatively work to send the same firmware update version to the single board module;
2) the single board module receives the updated firmware sent by the 3 main control modules respectively, compares whether the firmware update is completely consistent, and implements the subsequent steps if the firmware update is consistent; if the firmware is inconsistent with the firmware, performing majority judgment, and selecting the version with consistent firmware update sent by 2 modules for subsequent steps;
3) and if the versions sent by the 3 modules are not consistent, the updating is abandoned.
The process of the single board module obtaining the encrypted new firmware from the main control module, decrypting and verifying specifically includes, as shown in fig. 6:
1) the single board module and the main control module respectively take the first 3 old versions of firmware, and sort the firmware into 3#, 2#, and 1# firmware according to the sequence of the firmware, wherein the 3# is the earliest used firmware version in the 3 versions, and the 1# is the currently used firmware version; performing Hash chain operation, using a general Hash algorithm in the field, setting the Hash value as SHA1 without loss of generality, calculating the Hash value of the firmware version, splicing the calculation result with a binary bit stream of the next firmware version, namely splicing the Hash value bit stream and the firmware binary bit stream into a binary bit stream, performing Hash operation on the spliced bit stream by using a SHA1 algorithm to obtain a new Hash value, and performing splicing operation on the new Hash value and the next version until the final Hash chain value of 3 versions is obtained;
2) holding a shared secret before the transmission of the main control and the single board is started, splicing the shared secret with the Hash chain value obtained by the calculation in the step 1) front and back, and calculating the Hash value by using a general Hash algorithm in the field, such as an SHA1 algorithm, to obtain a session key required by the round of safe transmission;
3) the main control module encrypts the new firmware version by using a common symmetric encryption algorithm in the field, such as AES (advanced encryption standard), and taking the session key obtained in the step 2) as an encryption key to obtain the encrypted new firmware version; transmitting the encrypted new firmware to the single board module;
4) the single board module receives the encrypted new firmware, uses the session key obtained in the step 2) as a decryption key, inputs a general symmetric encryption algorithm (such as AES) in the field, and decrypts to obtain the decrypted new firmware;
5) calculating a check code of the new firmware, and calculating an initial extraction value n of the check code by using the user-defined Hash function by using the session key obtained in the step 2); the self-defined Hash function can be defined by self, the Hash value is generally an 8-bit integer, if the Hash function is defined, the input bit stream is segmented according to 8 bits, the deficiency is filled with 0, each 8-bit small block is calculated according to the bitwise XOR, an integer not more than 256 is obtained, and the integer is assigned to n;
6) according to the n value, extracting the 1 st bit of the n bits for every n bits of the new firmware to form a new bit sequence, calculating the HASH value of the bit sequence (by using a general Hash algorithm such as SHA1 and the like), obtaining a check code ClientNewHashKey of the new firmware, and sending the check code ClientNewHashKey to the main control module;
7) the main control module receives the ClientNewHashKey, repeats the steps 5) and 6), calculates to obtain a new version firmware check code NewRomHashKey of the main control party, compares the values of the two check codes, finishes the firmware updating process if the values are equal, and fails if the values are not equal.
Claims (6)
1. A safe dynamic cleaning method for industrial firewall firmware is characterized by comprising the following steps:
the method comprises the following steps:
(1) the single-module industrial firewall is expanded into a multi-module architecture:
the general single-module industrial firewall is an industrial PC mainboard, a basic operation and storage module is embedded in the industrial firewall module to form an industrial firewall module hardware part, and special firewall software is added on the basis of the hardware to form the industrial firewall; expanding the single-module industrial firewall into a multi-module architecture, and copying a plurality of copies of single-module hardware; adding a plurality of single module hardware copies as main control module hardware, wherein the main control module is responsible for managing the cooperative work of the plurality of single modules and sending a topology conversion command and a new version firewall firmware to the single modules;
(2) the dynamic topology of the industrial firewall with the multi-module architecture is variable:
the topological relation among the single modules of the industrial firewall multi-module architecture is series connection, parallel connection or series-parallel connection mixing, in the parallel connection and series-parallel connection mixed topological structure, the single module is in working and idle states, and the main control module is only responsible for managing the single module and does not participate in the multi-module architecture construction; the technology of serial-parallel dynamic topology variable of multiple modules of the industrial firewall is realized, more than n network ports are arranged on each single module, and n is the number of the single modules; one network port of each single module is a management port of the single module and is connected with the main control module, and the rest n-1 ports are data flow passing ports; the network ports of the modules are connected by network cables, and one data stream of each module is connected with one data stream of the other modules by the port during connection, and the connection method can ensure that each module is physically connected with each other in pairs;
the firewall main control module controls the flow direction of data flow in the module by sending commands to each single module management port, namely the data flow channels of which ports are communicated with each other in the n-1 data flow ports; the control process is the general operation of a common firewall; the dynamic topology change of the multi-module architecture is realized by adjusting the data communication relation among the ports;
(3) the safe dynamic cleaning of the industrial firewall firmware is realized:
when a certain module firmware of the industrial firewall needs to be dynamically cleaned, a command is sent to each module management port through the firewall main control unit, the topological relation among multiple modules is adjusted, the module needing to be cleaned is set to be idle, then the module firmware is dynamically updated, namely cleaned, and the old firmware is covered by new firmware;
after the firmware dynamic updating process is finished, dynamically adjusting the topological relation between the modules again to enable the modules with updated firmware to enter a working state until the firmware dynamic cleaning process of a certain module is finished; and updating all the modules of the multi-module firewall one by one according to the method until all the modules are updated.
2. The method of claim 1, wherein the method comprises: the copy number of the single module hardware is more than four and less than eight.
3. The method of claim 1, wherein the method comprises: the basic operation and storage module comprises a CPU, an internal memory and FLASH solid storage.
4. The method of claim 1, wherein the method comprises: the main control module is set to be three.
5. The method of claim 1, wherein the method comprises: the manufacturing method of the firewall firmware refers to a compiling method of a kernel module of a Linux system.
6. The method of claim 1, wherein the method comprises: the process of overwriting the old firmware with the new firmware comprises the following steps: firstly, dynamically unloading an old firewall firmware module by a firewall operating system; then, the firewall operating system acquires a new firewall firmware module from the main control module and covers the old firewall firmware module; finally, restarting and loading a new firewall firmware module into the kernel of the firewall operating system to complete the dynamic firmware updating work; the firmware is transmitted to the single board module by the main control module through an internal network, and the main control module has the threat of being hijacked, so the safety of the main control module needs to be verified; on the other hand, the veneer module also has a threat of being attacked, the transmission of the firmware from the master control to the veneer has a threat of being stolen and damaged, the security of the veneer needs to be verified, and the security of the firmware transmission process needs to be protected; the plurality of main control modules send the same firmware update version to the single board module; the single board module receives the updated firmware sent by the plurality of main control modules respectively, compares whether the firmware update is completely consistent, and implements the subsequent steps if the firmware update is consistent; if the firmware is inconsistent with the firmware, carrying out majority judgment, and selecting versions with consistent firmware updates sent by most modules to carry out subsequent steps; if the versions sent by the modules are not consistent, the updating is abandoned; the single board module verifies the safety of the firmware sent by the main control module through majority judgment; the main control module and the single board module define a shared secret before the equipment operates, in the operation process of the equipment, the main control module carries out Hash chain encryption on the new firmware version sent to the single board module, the single board module can only correctly decrypt the new firmware version and return a correct new firmware version check code if the single board module has a correct shared secret and a previous firmware version, and the main control module completes the safe updating process of the new firmware version after receiving the correct new firmware version check code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811624087.4A CN109905272B (en) | 2018-12-28 | 2018-12-28 | Industrial firewall firmware safety dynamic cleaning method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811624087.4A CN109905272B (en) | 2018-12-28 | 2018-12-28 | Industrial firewall firmware safety dynamic cleaning method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109905272A CN109905272A (en) | 2019-06-18 |
| CN109905272B true CN109905272B (en) | 2021-07-30 |
Family
ID=66943514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811624087.4A Active CN109905272B (en) | 2018-12-28 | 2018-12-28 | Industrial firewall firmware safety dynamic cleaning method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109905272B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457948A (en) * | 2013-08-29 | 2013-12-18 | 网神信息技术(北京)股份有限公司 | Industrial control system and safety device thereof |
| CN106850616A (en) * | 2017-01-24 | 2017-06-13 | 南京理工大学 | The method that distributed fire wall network consistent updates are solved using SDN technologies |
| US10057243B1 (en) * | 2017-11-30 | 2018-08-21 | Mocana Corporation | System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2844415B1 (en) * | 2002-09-05 | 2005-02-11 | At & T Corp | FIREWALL SYSTEM FOR INTERCONNECTING TWO IP NETWORKS MANAGED BY TWO DIFFERENT ADMINISTRATIVE ENTITIES |
| US9054863B2 (en) * | 2012-09-04 | 2015-06-09 | Rockwell Automation Asia Pacific Business Center Pte. Ltd. | Industrial protocol system authentication and firewall |
-
2018
- 2018-12-28 CN CN201811624087.4A patent/CN109905272B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457948A (en) * | 2013-08-29 | 2013-12-18 | 网神信息技术(北京)股份有限公司 | Industrial control system and safety device thereof |
| CN106850616A (en) * | 2017-01-24 | 2017-06-13 | 南京理工大学 | The method that distributed fire wall network consistent updates are solved using SDN technologies |
| US10057243B1 (en) * | 2017-11-30 | 2018-08-21 | Mocana Corporation | System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service |
Non-Patent Citations (1)
| Title |
|---|
| 基于分布式对等架构的Web应用防火墙设计与实现;姚琳琳;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20121110;I139-24 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109905272A (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10482291B2 (en) | Secure field-programmable gate array (FPGA) architecture | |
| Biham et al. | Rogue7: Rogue engineering-station attacks on s7 simatic plcs | |
| US8843739B2 (en) | Anti-tamper device, system, method, and computer-readable medium | |
| US20030233573A1 (en) | System and method for securing network communications | |
| US20130227286A1 (en) | Dynamic Identity Verification and Authentication, Dynamic Distributed Key Infrastructures, Dynamic Distributed Key Systems and Method for Identity Management, Authentication Servers, Data Security and Preventing Man-in-the-Middle Attacks, Side Channel Attacks, Botnet Attacks, and Credit Card and Financial Transaction Fraud, Mitigating Biometric False Positives and False Negatives, and Controlling Life of Accessible Data in the Cloud | |
| US20050221766A1 (en) | Method and apparatus to perform dynamic attestation | |
| US11233771B2 (en) | Communication interface for a low power wide area network, wireless device and server using such communication interface | |
| CN1659821A (en) | Method for secure data exchange between two devices | |
| CN113132087A (en) | Internet of things, identity authentication and secret communication method, chip, equipment and medium | |
| CN112968778A (en) | Block chain state encryption algorithm conversion method and system, computer equipment and application | |
| KR102645542B1 (en) | Apparatus and method for in-vehicle network communication | |
| Laghari et al. | ES-SECS/GEM: An efficient security mechanism for SECS/GEM communications | |
| CN109905272B (en) | Industrial firewall firmware safety dynamic cleaning method | |
| CN113360887A (en) | Authentication encryption method and module for relay protection equipment | |
| US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
| CN115865461B (en) | Method and system for distributing data in high-performance computing cluster | |
| WO2021084220A1 (en) | Iterative key generation for constrained devices | |
| US20140032908A1 (en) | Method for managing remote upgrading keys in an information security apparatus | |
| CN104486082A (en) | Authentication method and router | |
| CN115765985A (en) | Processing method and device for multi-party secure computation | |
| KR102539418B1 (en) | Apparatus and method for mutual authentication based on physical unclonable function | |
| CN210274109U (en) | Ethernet card device supporting encryption function | |
| CN218850785U (en) | Network data isolation encryption system | |
| TWI827465B (en) | Paired encryption-decryption method | |
| CN116566609A (en) | Quantum security module and encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230712 Address after: 311100 Room 401, Building 5, No. 1217, Wenyi West Road, Cangqian Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Zhejiang Mapfish Intelligent Technology Co.,Ltd. Address before: 310018 No. 2 street, Xiasha Higher Education Zone, Hangzhou, Zhejiang Patentee before: HANGZHOU DIANZI University |
|
| TR01 | Transfer of patent right |