CN113673001A - Security protection assembly and related apparatus and method - Google Patents
Security protection assembly and related apparatus and method Download PDFInfo
- Publication number
- CN113673001A CN113673001A CN202110958686.5A CN202110958686A CN113673001A CN 113673001 A CN113673001 A CN 113673001A CN 202110958686 A CN202110958686 A CN 202110958686A CN 113673001 A CN113673001 A CN 113673001A
- Authority
- CN
- China
- Prior art keywords
- target event
- security
- event
- management unit
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 230000005540 biological transmission Effects 0.000 claims abstract description 86
- 238000006243 chemical reaction Methods 0.000 claims description 19
- 239000000284 extract Substances 0.000 claims description 6
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 abstract description 45
- 230000001960 triggered effect Effects 0.000 abstract description 12
- 238000004891 communication Methods 0.000 description 40
- 238000005516 engineering process Methods 0.000 description 16
- 239000003595 mist Substances 0.000 description 15
- 238000010586 diagram Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 11
- 230000004044 response Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000007774 longterm Effects 0.000 description 7
- 230000001413 cellular effect Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 5
- 101150018075 sel-2 gene Proteins 0.000 description 5
- 230000001052 transient effect Effects 0.000 description 5
- 241000700605 Viruses Species 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- IRLPACMLTUPBCL-KQYNXXCUSA-N 5'-adenylyl sulfate Chemical compound C1=NC=2C(N)=NC=NC=2N1[C@@H]1O[C@H](COP(O)(=O)OS(O)(=O)=O)[C@@H](O)[C@H]1O IRLPACMLTUPBCL-KQYNXXCUSA-N 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000001152 differential interference contrast microscopy Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- HBBGRARXTFLTSG-UHFFFAOYSA-N Lithium ion Chemical compound [Li+] HBBGRARXTFLTSG-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 229910001416 lithium ion Inorganic materials 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present disclosure provides a safety protection assembly, related devices and methods. The safety protection component is connected to an event management unit, the event management unit sets a transmission channel of a trigger signal between a target event generator and a target event user, and the safety protection component comprises: the attribute matching unit is used for acquiring the security attribute of the target event generator and the security attribute of the target event user and judging whether the two security attributes are matched to obtain a judgment result; and the arbitration unit is used for controlling the on-off of the transmission channel according to the judgment result so that the transmission channel is conducted only under the condition that the security attribute of the target event generator is matched with the security attribute of the target event user. The safety peripheral and the non-safety peripheral of the event management unit are isolated from each other, the safety peripheral can be triggered, and the non-safety peripheral can be triggered, so that the protection flexibility is enhanced, and the event management unit is suitable for the application field which is continuously expanded and changed.
Description
Technical Field
The present disclosure relates to the field of chips, and in particular, to a security protection assembly and related apparatus and method.
Background
The chip application field under the background of the Internet of things is rapidly expanded, and the functions of the equipment integrated by the infrastructure of the Internet of things are continuously increased, so that the updating iteration of the chip becomes necessary. In order to complete the updating iteration of the chip quickly, the event management unit is generated. The event management unit in the chip provides a channel which is completely triggered by hardware, software does not need to participate, the load of the processor is reduced, and meanwhile, the response speed is improved.
With the popularization of event management units in chips, new problems are exposed. The event management unit is easily used by an attacker to steal confidential data or interfere with the normal working state of the chip without protection, thereby causing great loss. In the related technology, the chip only adopts a simple latching mechanism for protecting the functional unit, namely a safety switch is set in the chip, the safety switch can only be opened under the control of an authorized user, the functional unit can be used after the safety switch is opened, and otherwise the functional unit cannot be used. The protection method is migrated to the event management unit, namely the event management unit can be protected. However, the above protection methods are not flexible enough to be used and cannot be adapted to the continuously expanding and variable application fields.
Disclosure of Invention
In view of the above, the present disclosure aims to optimize the protection mechanism of the event management unit and enhance the protection flexibility.
According to a first aspect of the present disclosure, there is provided a security protection component connected to an event management unit that sets a transmission channel of a trigger signal between a target event generator and a target event user, the security protection component comprising:
the attribute matching unit is used for acquiring the security attribute of the target event generator and the security attribute of the target event user, and judging whether the security attribute of the target event generator is matched with the security attribute of the target event user to obtain a judgment result;
and the arbitration unit is used for controlling the on-off of the transmission channel according to the judgment result so that the transmission channel is conducted only under the condition that the security attribute of the target event generator is matched with the security attribute of the target event user.
Optionally, the safety protection assembly further comprises:
the first data selector is used for receiving the security attributes of at least one candidate event generator of the event management unit and extracting the security attributes of the target event generator from the security attributes of the at least one candidate event generator according to the identification information of the target event generator so as to provide the security attributes to the attribute matching unit;
and the second data selector is used for receiving the security attributes of at least one candidate event user of the event management unit and extracting the security attributes of the target event user from the security attributes of the at least one candidate event user according to the identification information of the target event user so as to provide the security attributes to the attribute matching unit.
Optionally, the safety protection component further comprises an information conversion unit, wherein,
the first data selector extracts the security attribute of the target event generator under the control of first address selection information, and the second data selector extracts the security attribute of the target event user under the control of second address selection information;
the information conversion unit is used for converting the identification information of the target event generator into first address selection information and providing the first address selection information for the first data selector through connection with an address input end of the first data selector;
the information conversion unit is also used for converting the identification information of the target event user into second address selection information and providing the second address selection information for the second data selector through connecting with the address input end of the second data selector.
Optionally, the information conversion unit reads the identification information of the target event generator and the identification information of the target event user from a register;
the register is a device configured by the event management unit, the register is used for storing event management information of each transmission channel in the event management unit, and the event management information of one transmission channel comprises identification information of a target event generator configured by the transmission channel and identification information of a target event user configured by the transmission channel.
Optionally, the event management unit is provided with a plurality of transmission channels;
the safety protection component comprises at least one attribute matching unit, at least one first data selector, at least one second data selector and at least one information conversion unit, so that any one of a plurality of transmission channels has the corresponding attribute matching unit, the corresponding first data selector, the corresponding second data selector and the corresponding information conversion unit when in use;
each event management information stored in the register further includes a channel identifier of the transmission channel, and the information conversion unit corresponding to the target transmission channel reads the event management information of the target transmission channel by identifying the channel identifier of the target transmission channel from the register.
Optionally, the safety protection assembly further comprises:
a security configuration unit for registering security attributes of the at least one candidate event generator and the at least one candidate event consumer and providing the security attributes of the at least one candidate event generator to the first data selector by connecting to a data input of the first data selector and providing the security attributes of the at least one candidate event consumer to the second data selector by connecting to a data input of the second data selector.
Optionally, the attribute matching unit includes:
the first AND gate is used for respectively inputting the security attribute of the target event generator and the security attribute of the target event user;
a first not gate inputting a security attribute of the target event generator;
a second not gate for inputting the security attribute of the target event user;
the two input ends of the second AND gate are respectively connected with the output end of the first NOT gate and the output end of the second NOT gate;
and the two input ends of the OR gate are respectively connected with the output end of the first AND gate and the output end of the second AND gate, and the output end outputs the judgment result.
Optionally, an enabling unit for adjusting the on-off state of the transmission channel is arranged in the transmission channel, the arbitration unit is connected with the enabling unit, and the arbitration unit controls the on-off state of the transmission channel by controlling the enabling unit.
According to a second aspect of the present disclosure, there is provided a system on chip comprising:
a safety protection assembly according to any of the above;
the event management unit;
and the on-chip bus is used for coupling the event management unit and the safety protection component.
According to a third aspect of the present disclosure, there is provided an internet of things device comprising any one of the security protection components described above and the event management unit.
According to a fourth aspect of the present disclosure, there is provided a method of protecting an event management unit that sets a transmission channel of a trigger signal between a target event generator and a target event user, the method comprising:
acquiring the security attribute of the target event generator and the security attribute of the target event user;
judging whether the security attribute of the target event generator is matched with the security attribute of the target event user or not to obtain a judgment result;
and controlling the on-off of the transmission channel according to the judgment result so that the transmission channel is conducted only under the condition that the security attribute of the target event generator is matched with the security attribute of the target event user.
In the embodiment of the disclosure, the attribute matching unit obtains a judgment result after judging whether the security attribute of the target event generator is matched with the security attribute of the target event user; the arbitration unit controls the on-off of a transmission channel between the target event generator and the target event user according to the judgment result, so that the transmission channel is only conducted under the condition that the security attribute of the target event generator is the same as that of the target event user, the secure peripheral equipment of the event management unit can be triggered, the non-secure peripheral equipment can be triggered, but the secure peripheral equipment and the non-secure peripheral equipment are isolated from each other, and therefore, the safety of data in a secure space is guaranteed, and compared with the traditional technology (a plurality of trigger signals are allowed to pass after an authority user opens a security switch), the flexible event management quantity is provided for the secure space and even the non-secure space, the protection flexibility is enhanced, and the protection of the event management unit is suitable for the application field in which the event management unit is expanded and changed continuously.
Drawings
The foregoing and other objects, features, and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which refers to the accompanying drawings in which:
fig. 1 is a system architecture diagram of the internet of things (IoT) to which one embodiment of the present disclosure is applied;
fig. 2 is another system architecture diagram of the internet of things to which an embodiment of the present disclosure is applied;
fig. 3 is a block diagram of an internet of things device of one embodiment of the present disclosure;
FIG. 4 is a block diagram of an Internet of things processor of one embodiment of the present disclosure;
FIG. 5 is a block diagram of an event management unit of one embodiment of the present disclosure;
FIG. 6 is a block diagram of a system-on-chip of one embodiment of the present disclosure;
FIG. 7 is a block diagram of a system-on-chip of another embodiment of the present disclosure;
FIG. 8 is a flow diagram of a method of protecting an event management unit according to one embodiment of the present disclosure.
Detailed Description
The present disclosure is described below based on examples, but the present disclosure is not limited to only these examples. In the following detailed description of the present disclosure, some specific details are set forth in detail. It will be apparent to those skilled in the art that the present disclosure may be practiced without these specific details. Well-known methods, procedures, and procedures have not been described in detail so as not to obscure the present disclosure. The figures are not necessarily drawn to scale.
The following terms are used herein.
An event management unit: the system comprises a plurality of transmission channels, and each transmission channel is used for transmitting the trigger signal sent by the target event generator to the target event user so as to realize the triggering of the target event user. Compared with the traditional processing mechanism based on interrupt response, the transmission of the trigger signal in the event management unit is completely realized by hardware, processor intervention is not needed, and system resources such as a bus and the like and the bandwidth of a random access memory are not occupied.
An event generator: and a peripheral arranged at the entrance of the event management unit for issuing a trigger signal to cause a trigger event, wherein the condition for generating the trigger signal is determined by the event generator itself. For example, a timer is used as the event generator, and the condition that the timer counts to reach a preset time period can be used as the condition for generating the trigger signal.
The candidate event generator: whether the peripheral to be connected configured at the entrance of the event management unit is connected with the entrance of the event management unit is determined by the current trigger event managed by the event management unit.
A target event generator: selected from the candidate event generators are the event generators currently connected to the event management unit portal.
Event user: and the peripheral equipment is arranged at the outlet of the event management unit and is used for executing some operations after being triggered by the trigger signal, and the specific operation executed is determined by the event user. For example, the event user is an analog-to-digital converter, and the operation performed after the analog-to-digital converter is triggered may be sampling analog data and converting the sampled analog data into digital data.
Candidate event users: whether the peripheral to be connected configured at the outlet of the event management unit is connected with the outlet of the event management unit is determined by the current trigger event managed by the event management unit.
Target event user: the selected candidate event user is the event user which is currently connected with the exit of the event management unit.
Security attributes: the parameter for describing whether the peripheral is safe or not has two optional values of safe and unsafe. For the event management unit, the security attribute of the target event generator and the security attribute of the target event user are related to whether the opposite party is attacked after triggering. If the target event generator triggers the target event user, the target event user is attacked, and the target event generator is unsafe; and if the target event generator triggers the target event user, the target event generator is attacked by the response operation of the target event user, and the target event user is unsafe. In practice, the security attributes of the target event generator and the target event user are related to whether each has a preset trigger/triggered right and whether the target event generator and the target event user carry viruses, so that the same peripheral has different security attributes at different time periods or after corresponding to different event users.
A secure peripheral: the security attribute takes the value of a secure peripheral, and the set of secure peripherals is referred to as a secure space.
Unsecured peripheral: the security attribute takes the value of an unsecured peripheral, and the set of unsecured peripherals is referred to as an unsecured space.
Peripheral equipment: i.e. external devices, in this disclosure devices external to the event management unit.
A data selector: the MUX, also known as multiplexer, is a logic circuit for implementing a data selection function, that is, for selecting a designated one of a group of data channels to receive a signal transmitted from the designated data channel or transmit a signal through the designated data channel. The data selector is provided with an address input terminal that receives address selection information indicating which of the plurality of data channels is a designated data channel, and a plurality of data channels.
Application environment of the present disclosure
The embodiment of the disclosure provides a universal safety protection component suitable for various event management units. The safety protection component is used for protecting the event management unit so that each safety peripheral arranged by the event management unit can not be attacked illegally. The security protection component is relatively universal for the entire protection scheme of the event management unit. The security protection component may exist separately from the event management unit, i.e. it may be a separate device which, after being mounted to the device or system-on-chip, is used in conjunction with the event management unit on the device or system-on-chip. The security protection component may be used for various hardware devices provided with an event management unit, such as an IoT (internet of things) device, an embedded device, and the like. The security protection component is independent of the hardware on which the event management unit is ultimately deployed. For exemplary description, however, the following description mainly refers to the internet of things as an application scenario. Those skilled in the art will appreciate that the disclosed embodiments are also applicable to other application scenarios.
Whole framework of thing networking
Fig. 1 is a system architecture diagram of an internet of things (IoT)100 to which an embodiment of the present disclosure is applied.
The cloud 110 may represent the internet, or may be a Local Area Network (LAN), or a Wide Area Network (WAN), such as a company's private network. IoT devices may include any number of different types of devices grouped in various combinations. For example, the traffic control group 206 may include IoT devices along streets in a city. These IoT devices may include traffic lights, traffic flow monitors, cameras, weather sensors, and the like. Each IoT device in the traffic control group 206 or other subgroup may communicate with the cloud 110 over a wireless link 208, such as an LPWA link or the like. Further, the wired or wireless subnetwork 212 can allow IoT devices to communicate with each other, such as over a local area network, wireless local area network, and so forth. The IoT device may use another device, such as the gateway 210, to communicate with the cloud 110.
Other groupings of IoT devices may include remote weather stations 214, local information terminals 216, alarm systems 218, automated teller machines 220, alarm panels 222, or mobile vehicles, such as emergency vehicles 224 or other vehicles 226, and the like. Each of these IoT devices may communicate with other IoT devices, with the server 140, or both.
As can be seen from fig. 1, a large number of IoT devices may communicate through the cloud 110. This may allow different IoT devices to autonomously request or provide information to other devices. For example, the traffic control group 206 may request a current weather forecast from a group of remote weather stations 214, which group of remote weather stations 214 may provide the forecast without human intervention. Further, the emergency vehicle 224 may be alerted by the automated teller machine 220 that a theft is occurring. As the emergency vehicle 224 proceeds toward the automated teller machine 220, it may access the traffic control group 206 to request permission to reach the location, for example, by turning a light red to block cross traffic at the intersection for sufficient time to allow the emergency vehicle 224 to enter the intersection unimpeded.
An IoT device cluster, such as the remote weather station 214 or the traffic control group 206, may be equipped to communicate with other IoT devices and with the cloud 110. This may allow IoT devices to form an ad-hoc network between devices, allowing them to act as a single device, which may be referred to as a fog device. The mist device is further discussed below with respect to fig. 2.
In fig. 2, the cluster of IoT devices enclosed by the dashed line may be referred to as a fog device 302, operating at the edge of the cloud 110. As used herein, a fog device 302 is a cluster of devices that may be grouped for performing a particular function, such as traffic control, weather control, plant control, and the like.
In this example, the fog device 302 includes a set of IoT devices at a traffic intersection. The mist device 302 may be established according to specifications published by the OpenFog consortium (OFC) or the like. These specifications allow a hierarchy of computing elements to be formed between the gateway 210 that couples the fog device 302 to the cloud 110 and to end point devices, such as the traffic light 304 and the data aggregator 306 in this example. The mist device 302 may utilize the combined processing and network resources provided by the set of IoT devices. Thus, the fog device 302 may be used for any number of applications including, for example, financial modeling, weather forecasting, traffic analysis, and the like.
For example, the flow of traffic through an intersection may be controlled by a plurality of traffic lights 304 (e.g., three traffic lights 304). Analysis of traffic flow and control schemes may be performed by the aggregator 306 communicating with the traffic lights 304 and each other through a mesh network. Data may be uploaded to the cloud 110 through the gateway 210. The gateway 210 receives commands from the cloud 110. The gateway 210 communicates with traffic lights 304 and an aggregator 306 over a mesh network.
Any number of communication links may be used in the mist device 302. For example, an IEEE 802.15.4 compatible short range link 308 may provide local communication between IoT devices near an intersection. For example, a longer range link 310 compatible with LPWA standards may provide communication between IoT devices and the gateway 210. To simplify the figure, not every communication link 308 or 310 is labeled with a reference numeral.
The mist device 302 may be considered a large-scale interconnection network, in which multiple IoT devices communicate with each other, for example, over communication links 308 and 310. The network may be established using the Open interconnection association (OIC) standard specification 1.0 published by the Open Connectivity Foundation (OCF) on 23/12/2015. This standard allows devices to discover each other and establish interconnect communications. Other interconnection protocols may also be used, including, for example, the AllJoyn protocol from the allsen alliance, the Optimized Link State Routing (OLSR) protocol, or better methods for mobile ad hoc networking (b.a.t.m.a.n.), etc.
In some aspects, communications from one IoT device may pass along the most convenient path to reach the gateway 210, e.g., the path with the least number of intermediate hops or the highest bandwidth, etc. In these networks, the number of interconnections provides a great deal of redundancy, allowing communications to be maintained even if many IoT devices are lost.
In some aspects, the mist device 302 may comprise a temporary IoT device. In other words, not all IoT devices may be permanent members of the mist device 302. For example, in fig. 2, three transient IoT devices have joined the mist device 302 as follows: a first vehicle 312, a second vehicle 314, and a pedestrian 316. In these cases, the IoT devices may be built into the vehicles 312 and 314, or may be applications on smartphones carried by the pedestrians 316. Other IoT devices may also be present, such as those in a cycle computer, motorcycle computer, drone, and the like.
The fog device 302 formed by the IoT devices may communicate with clients through the cloud 110, for example, with the server 140 as a single device located at the edge of the cloud 110. In this example, control communication to a particular resource in the mist device 302 may occur without identifying any particular IoT device within the mist device 302. Thus, if one IoT device within the mist device 302 fails, other IoT devices in the mist device 302 may be able to discover and control resources, such as actuators or other devices attached to the IoT device. For example, the traffic lights 304 may be wired to allow any one traffic light 304 to control the lights of the other traffic lights 304. The aggregator 306 may also provide redundancy in other functions of the fog device 302 under the control of the traffic light 304.
In some examples, the IoT devices may be configured using an imperative programming style, e.g., each having a particular function and communication partner. However, the IoT devices that form the mist device 302 may be configured in a declarative programming style in order to allow the IoT devices to reconfigure their operations and communications, such as to determine required resources in response to conditions, queries, and device failures. This may be performed when a transient IoT device, such as a pedestrian 316, joins the fog device 302.
Since the pedestrian 316 may travel slower than the vehicles 312 and 314, the fog device 302 may reconfigure itself to ensure that the pedestrian 316 has sufficient time to pass through the intersection. This may be performed by forming a temporary group of vehicles 312 and 314 and pedestrians 316 to control the traffic lights 304. If one or both of the vehicles 312 or 314 are autonomous, the temporary group may direct the vehicle to slow down before the traffic light 304. Further, if all vehicles at an intersection are autonomous, the need for traffic signals may be reduced, as the collision avoidance system of the autonomous vehicles may allow for a highly intersecting traffic pattern, which may be too complex for traffic lights to manage. However, the traffic light 304 may still be important to the pedestrian 316, the rider, or the involuntary vehicle.
When the transient devices 312, 314, and 316 leave the vicinity of the intersection of the fog device 302, the fog device 302 may reconfigure itself to eliminate those IoT devices from the network. When other transient IoT devices approach the intersection, the fog device 302 may reconfigure itself to include those devices.
The fog device 302 may include traffic lights 304 for multiple intersections, such as along streets, as well as all transient IoT devices along streets. The fog device 302 may then divide itself into functional units, such as traffic lights 304 and other IoT devices near a single intersection. This type of combination may enable larger IoT configurations to be formed in the mist device 302, e.g., groups of IoT devices that perform specific functions.
For example, if an emergency vehicle joins the fog device 302, an emergency build or virtual device may be created that includes all of the traffic lights 304 of a street, allowing control of the traffic flow pattern throughout the street. The emergency configuration may direct traffic lights 304 along the street to remain red for reverse traffic and green for emergency vehicles to accelerate passage of emergency vehicles.
As shown by the fog device 302, the organic evolution of the IoT network is central to improving or maximizing the utility, usability, and resilience of IoT implementations. Further, the examples demonstrate the usefulness of policies for improving confidence and thus security. Local identification of devices may be important in embodiments because decentralization of identities ensures that a central authority cannot be leveraged to allow impersonation of objects that may exist within an IoT network. Further, local identification reduces communication overhead and latency.
Blockchains may be used for decentralized identification as they may provide a protocol between devices regarding the name and identity currently in use. As used herein, a blockchain is a distributed database of identity records that is made up of blocks of data structures. Further, as used herein, a clause blockchain may include any one or more of the other distributed ledger systems. Other distributed ledger methods include rayleigh (Ripple), super ledger, multi-chain, keyless signing infrastructure, etc. Each data structure block is based on a transaction, where the new name of the issuing device, the compound device, or the virtual device is one example of a transaction.
Using blockchains for identification, impersonation can be detected by observing the re-issuance of names and identities without a corresponding termination. Common blockchains may be most useful because they may enable different groups of watchers to detect misnaming, malicious naming, or naming infrastructure failures.
Internet of things device
Fig. 3 is a block diagram of an internet of things device 400 according to an embodiment of the disclosure, which may be an internet of things device in the traffic control group 206 of fig. 1, an internet of things device in the remote weather station 214, the local information terminal 216, the alarm system 218, the automated teller machine 220, the alarm panel 222, the emergency vehicle 224, or the other vehicle 226, an internet of things device in the traffic light 304 and the data aggregator 306 of fig. 2, or an internet of things device related to the first vehicle 312, the second vehicle 314, and the pedestrian 316.
The internet of things device 400 may include an internet of things processor 402, which may be a microprocessor, a multi-core processor, a multi-threaded processor, an ultra-low voltage processor, an embedded processor, or other known processing element. The processor 402 may be part of a system on a chip (SoC) in which the processor 402 and other components are formed as a single integrated circuit or a single package, such as an edison (tm) or galileo (tm) SoC board from Intel. As an example, processor 402 may include an architecture core TM based processor, such as a Quark, AtomTM, i3, i5, i7, or MCU grade processor, or another such processor available from companies in Santa Clara, Calif. However, any number of other processors may be used, such as MIPS-based designs available from MIPS technologies, inc. of sunnyvale, california, an ARM-based design licensed by ARM holdings, inc. The processor may include units such as an A5-A9 processor from Inc., a Snapdagon processor from science and technology, Inc., or an OMAPTM processor from Texas instruments, Inc.
The processor 402 may communicate with a system memory 404 via a bus 406. Any number of memory devices may be used as the quantitative system memory 404. As an example, memory 404 may be a Random Access Memory (RAM) based on a Low Power Double Data Rate (LPDDR) design of Joint Electronic Device Engineering Council (JEDEC), such as the current LPDDR2 standard (published in 2009 on 4 months) according to EDEC JESD 209-2E, or a next generation LPDDR standard, such as LPDDR3 or LPDDR4 that would provide an extension of LPDDR2 to increase bandwidth. In various embodiments, the various memory devices may be any number of different package types, such as a Single Die Package (SDP), a Dual Die Package (DDP), or a quad die package (Q17P). In some embodiments, these devices may be soldered directly to the motherboard to provide a lower profile solution, while in other embodiments, these devices are configured as one or more memory modules, which in turn are coupled to the motherboard by a given connector. Any number of other memory implementations may be used, such as other types of memory modules, for example, different kinds of dual in-line memory modules (DIMMs), including but not limited to icroDIMM or MiniDIMM. For example, the memory may be between 2GB and 16GB in size and may be configured as a DR3LM package or LPDDR2 or LPDDR3 memory that is soldered to a motherboard by a Ball Grid Array (BGA).
To provide persistent storage of information such as data, applications, operating system, etc., a mass storage device 408 may also be coupled to the processor 402 via the bus 406. To achieve a thinner and lighter system design, the mass storage device 408 may be implemented by a Solid State Drive (SSD). Other devices that may be used for mass storage device 408 include flash memory cards, such as SD cards, microsD cards, xD graphics cards, and the like, as well as USB flash drives.
In a low power implementation, the mass storage device 408 may be an on-die memory or a register associated with the processor 402. However, in some examples, mass storage device 408 may be implemented using a micro Hard Disk Drive (HDD). Further, any number of new technologies may be used for the mass storage device 408 in addition to or in place of the described technologies, such as resistance change memory, phase change memory, holographic memory, or chemical memory, among others. For example, IoT device 400 may include 3D XPOINT memory from and.
The components may communicate over a bus 406. The bus 406 may include any number of technologies, including Industry Standard Architecture (ISA), extended ISA (eisa), Peripheral Component Interconnect (PCI), peripheral component interconnect extended (PCI x), PCI Express (PCIe), or any number of other technologies. Bus 406 may be a proprietary bus such as used in SoC-based systems. Other bus systems may be included, such as an I2C interface, an I3C interface, an SPI interface, a point-to-point interface, a power bus, and so forth.
The bus 406 may couple the processor 402 to a mesh transceiver 410 for communicating with other mesh/mist devices 302. Mesh transceiver 410 may use any number of frequencies and protocols, such as 2.4 gigahertz (GHz) transmission under the IEEE 802.15.4 standard, using a low power consumption (BLE) standard defined by the special interest group, or the like. Any number of radios configured for a particular wireless communication protocol may be used for the connection to the mesh/fog device 302. For example, the WLAN unit may be used to implement Wi-FiTM communications in accordance with the Institute of Electrical and Electronics Engineers (IEEE)802.11 standard. Additionally, for example, wireless wide area communication according to a cellular or other wireless wide area protocol may occur via a WWAN unit.
The mesh transceiver 410 may communicate using multiple standards or radios for different ranges of communication. For example, the internet of things device 400 may communicate with geographically nearby devices (e.g., within about 10 meters) using a BLE-based local transceiver or another low-power radio to conserve power. The further mesh/fog device 302 may be reached by ZigBee or other intermediate power radio, for example, within about 50 meters. The two communication techniques may occur at different power levels on a single radio or may occur on separate transceivers (e.g., a local transceiver using BLE and a separate mesh transceiver using ZigBee). Mesh transceiver/fog device 302 may be incorporated into the MCU as an address directly accessible by the chip.
An uplink transceiver 414 may be included to communicate with cloud 110. The uplink transceiver 414 may be an LPWA transceiver compliant with IEEE 802.15.4, IEEE 802.15.4g, IEEE 802.15.4e, IEEE 802.15.4k, or NB-IoT standards, among others. The internet of things device 400 can communicate over a wide area using LoRaWANTM (long distance wide area network) developed by Semtech and LoRa alliance. The techniques described herein are not limited to these techniques, but may be used with any number of other cloud transceivers implementing long-range, low-bandwidth communications, such as Sigfox and other techniques. Further, other communication techniques described in the IEEE 802.15.4e specification, such as time slot channel hopping, may be used.
In addition to the systems mentioned for mesh transceiver 410 and uplink transceiver 414, any number of other radio communications and protocols may be used, as described herein. For example, the radio transceivers 410 and 414 may include LTE or other cellular transceivers that use spread spectrum (SPA/SAS) communications to implement high speed communications, such as for video transmission. Further, any number of other protocols may be used, such as a network for medium speed communications, such as still pictures, sensor readings, and the provision of network communications.
The radio transceivers 410 and 414 may include radios compatible with any number of 3GPP (third generation partnership project) specifications, particularly Long Term Evolution (LTE), long term evolution-advanced (LTE-a), long term evolution-advanced professional (LTE-a Pro), or narrowband IoT (NB-IoT), among others. It may be noted that radios may be selected that are compatible with any number of other fixed, mobile, or satellite communication technologies and standards. These may include, for example, any cellular wide area radio communication technology, which may include, for example, a fifth generation (5G) communication system, a global system for mobile communications (GSM) radio communication technology, a General Packet Radio Service (GPRS) radio communication technology, or an enhanced data rates for GSM evolution (EDGE) radio communication technology. Other third generation partnership project (3GPP) radio communication technologies that may be used include UMTS (universal mobile telecommunications system), FOMA (free mobile multimedia access), 3GPP LTE (long term evolution), 3GPP LTE-advanced (long term evolution-advanced), 3GPP LTE-advanced professional (long term evolution-advanced), CDMA2000 (code division multiple access 2000), CDPD (cellular digital packet data), Mobitex, 3G (third generation), CSD (circuit switched data), HSCSD (high speed circuit switched data), UMTS (3G) (universal mobile telecommunications system (third generation)), W-CDMA (UMTS) (wideband code division multiple access (universal mobile telecommunications system)), HSPA (high speed packet access), HSDPA (high speed downlink packet access), HSUPA (high speed uplink packet access), HSPA + (high speed packet access Plus) ("HSUPA UMTS-TDD (Universal Mobile Telecommunications System-time division Duplex), TD-CDMA (time division-code division multiple Access), TD-SCDMA (time division-synchronous code division multiple Access), 3GPP Rel. 8(Pre-4G) (3 rd generation partnership project release 8(Pre-4 th generation)), 3GPP Rel. 9 (third generation partnership project release 9), 3GPP Rel. 10 (third generation partnership project release 10), 3GPP Rel. 11 (third generation partnership project release 11), 3GPP Rel. 12 (third generation partnership project release 12), 3GPP Rel. 13 (third generation partnership project release 13), 3GPP Rel. 14 (third generation partnership project release 14), 3GPP LTE Extra, LTE Licensed Assisted Access (LAA), UTRA (UMTS terrestrial radio access), E-UTRA (evolved UMTS terrestrial radio access), LTE advanced (4G) (long term evolution-advanced (4 th generation)), cdmaOne (2G), CDMA2000(3G) (code division multiple access 2000 (third generation)), EV-DO (evolution-data optimized or evolution-data only), AMPS (1G) (advanced mobile phone system (1 st generation)), TACS/ETACS (total access communication system/extended total access communication system), dacs (2G) (digital AMPS (2 nd generation)), PTT (push-to-talk), MTS (mobile phone system), IMTS (enhanced mobile phone system), AMTS (advanced mobile phone system), OLT (norwegian "ofviable LTE bundled mobile terminal), public land mobile phones), MTD (abbreviation of mobile phone system D in sweden, or mobile phone system D), Autotel/PALM (public automatic land mobile), ARP (acronym of "autoadopuhein", "car radio telephone"), NMT (nordic mobile phone), Hicap (high capacity version of NTT (japan telegraph telephone company), CDPD (cellular digital packet data), Mobitex, DataTAC, iDEN (integrated digital enhanced network), PDC (personal digital cellular), CSD (circuit switched data), PHS (personal handyphone system), WiDEN (broadband integrated digital enhanced network), iBurst, unlicensed mobile access (UMA, also known as 3GPP universal access network, or GAN standard), wireless gigabit (WiGig) standard, general waveve standard (wireless systems operate at 10-90GHz and above, such as gig, IEEE802.11 ad, ieee802.11121, etc.). In addition to the standards listed above, any number of satellite uplink technologies may be used for the uplink transceiver 1014, including, for example, radios conforming to standards promulgated by the ITU (international telecommunications union) or ETSI (european telecommunications standards institute), among others. Accordingly, the examples provided herein are understood to apply to various other communication technologies that are existing and that have not yet been explicitly expressed.
A Network Interface Controller (NIC)416 may be included to provide wired communications to the cloud 110 or other devices, such as mesh device 302. The wired communication may provide an ethernet connection, or may be based on other types of networks, such as a Controller Area Network (CAN), a Local Interconnect Network (LIN), a device network (DeviceNet), a control network (ControlNet), a data highway, a process field bus (PROFIBUS) or process field network (PROFINET), and so forth. Additional NICs 416 may be included to allow connection to a second network, such as a NIC416 that provides communication to the cloud over ethernet, and a second NIC416 that provides communication to other devices over another type of network.
The bus 406 may couple the processor 402 to an interface 418 for connecting external devices. The external device may include sensors 420, such as accelerometers, level sensors, flow sensors, temperature sensors, pressure sensors, barometric pressure sensors, and the like. The interface 418 may be used to connect the internet of things device 400 to an actuator 422, such as a power switch, valve actuator, audible sound generator, visual warning device, or the like.
The event management unit 412 supports autonomous and low-latency communication among a plurality of peripherals, such that the peripheral, which is an event generator, can be triggered by the event management unit 412 transmitting a trigger signal to enable the peripheral, which is an event user, to be triggered, wherein the event management unit 412 provides a channel for completely hardware-implemented transmission of the trigger signal. Since the target event generator and the target event user of the event management unit 412 are determined by configuration, that is, the target event generator and the target event user are adjustable, the same internet of things device 400 can be used in the same application field for adjusting functions and expanding the application fields, and the functions of the internet of things device 400 can be increased by configuring a plurality of channels through the event management unit 412. The peripheral device described above is a device external to the event management unit 412, and may be a device included in the internet of things device 400 except for the event management unit 412, or may be a device outside the internet of things device 400.
In some examples, the target event generator of the event management unit 412 is configured according to the identification information of the target event generator stored in the register 413, and the target event user of the event management unit 412 is configured according to the identification information of the target event user stored in the register 413. The bus 406 may couple the register 413 to the processor 402 such that the identification information of the target event generator and the identification information of the target event user stored within the register 413 are configured by the processor 402.
In order to protect the secure peripherals within the event management unit 412 from malicious attacks, the internet of things apparatus 400 further comprises a security protection component 630 that protects the event management unit 412. The security protection component 630 is coupled to the event management unit 412 and blocks communication between the secure peripheral and the non-secure peripheral, i.e., such that the secure peripheral does not receive a trigger from the non-secure peripheral, and such that the secure peripheral does not request the non-secure peripheral. Since the safety shield assembly 530 is a substantial improvement over the embodiments of the present disclosure, the specific components that it includes are described in detail below.
Although not shown, various input/output (I/O) devices may be present within or connected to the internet of things device 400. For example, a display may be included to show information such as sensor readings or actuator positions. An input device such as a touch screen or keypad may be included to accept input.
The battery 424 may power the internet of things device 400, but in examples where the internet of things device 400 is installed in a fixed location, it may have a power source coupled to the power grid. The battery 424 may be a lithium ion battery, a metal-air battery, such as a zinc-air battery, an aluminum-air battery, a lithium-air battery, a hybrid supercapacitor, or the like.
A battery monitor/charger 426 may be included in the internet of things device 400 to track the state of charge (SoCh) of the battery 424. The battery monitor/charger 426 may be used to monitor other parameters of the battery 424 to provide fault prediction, such as the state of health (SoH) and the functional state (SoF) of the battery 424. The battery monitor/charger 426 may include a battery monitoring integrated circuit. The battery monitor/charger 426 may communicate information about the battery 424 to the processor 402 via the bus 406. The battery monitor/charger 426 may also include an analog-to-digital (ADC) converter that allows the processor 402 to directly monitor the voltage of the battery 426 or the current from the battery 424.
The battery parameters may be used to determine actions that the internet of things device 400 may perform, such as transmission frequency, mesh network operation, sensing frequency, and the like.
A power supply block 428 or other power source coupled to the power grid may be coupled with the battery monitor/charger 426 to charge the battery 424. In some examples, the power block 428 may be replaced with a wireless power receiver to obtain power wirelessly, for example, through a loop antenna in the internet of things device 400. Wireless battery charging circuitry may be included in the battery monitor/charger 426. Selected of
The particular charging circuit depends on the size of the battery 424 and, therefore, the current required. The charging may be performed using the Airfuel standard promulgated by the Airfuel Consortium, the Qi Wireless charging standard promulgated by the Wireless Power Consortium, or the Rezence charging standard promulgated by the Wireless Power Consortium, or the like. In some examples, the power block 428 may be augmented or replaced with a solar panel, wind generator, water generator, or other natural power system.
Fig. 4 is a block diagram of an internet of things processor 402 according to one embodiment of the disclosure. Since the internet of things processor 402 may be a microprocessor, a multi-core processor, a multi-threaded processor, an ultra low voltage processor, an embedded processor, or other known processing elements, fig. 4 illustrates a block diagram of the internet of things processor 402, with the microprocessor being merely an example.
The program storage ROM (read only memory) 504 is a read-only and non-writable memory in the internet-of-things processor 402, and is mainly used to store the programs developed by users, and its nature belongs to data that is not changed or changed. The operation of the microcontroller 402 is based on program instructions stored in this area. Unlike a general CPU executing various instructions, the microcontroller 402 generally executes only programs developed by a user (for example, in the case of a camera internet-of-things device, a video of a position where a camera is placed is captured, and an alarm is given when an abnormal situation is recognized from the video), and other programs are rarely involved.
Register file 506 may include a plurality of registers, which may be of different types, for storing different types of data and/or instructions. For example, register file 506 may include: integer registers, floating point registers, status registers, instruction registers, pointer registers, and the like. The registers in the register file 506 may be implemented by general purpose registers, or may be designed specifically according to the actual requirements of the processor 402.
An Arithmetic Logic Unit (ALU)507 is used to execute a sequence of instructions (i.e., a program). The process of executing each instruction by the arithmetic logic unit 507 includes: the instruction is fetched from the program storage ROM 504 storing instructions via the bus 503, decoded, executed, and the instruction execution result and the like are stored in the result accumulator 508, and this is circulated until all the instructions in the instruction sequence are executed or a halt instruction is encountered, and the execution result can be output to the input/output port 509.
Specifically, the arithmetic logic unit 507 transfers the instruction from the program storage ROM 504 to the instruction register in the register 506 via the bus 503, and receives the next instruction fetch address or calculates the next instruction fetch address according to an instruction fetch algorithm, which includes, for example: the address is incremented or decremented according to the instruction length. The arithmetic logic unit 507 then decodes the fetched instruction according to a predetermined instruction format to obtain operand fetch information required by the fetched instruction. The operand fetch information points to, for example, operands stored in a Random Access Memory (RAM) 505. The arithmetic logic unit 507 acquires operands in the RAM 505 via the bus 503, and performs arithmetic operations. The result of the execution of the operation is written in the result accumulator 508 and is output through the input/output port 509 as appropriate.
The internet of things devices 402 often need to be timed and counted to produce some action when a certain amount of time or a certain number of events have accumulated. For example, the internet of things device 402 of the camera at the traffic light needs to switch the red/yellow/green light at regular time and send the collected video data to other nodes in the internet of things when the light changes, for example, to the aggregator 306 for traffic data analysis. The timer/counter 501 is a unit for counting time. A Timer (Timer) provides several different time bases (TimeBase) from an externally added oscillator crystal through a frequency divider circuit. The Counter (Event Counter) is dedicated to counting external events, possibly in the form of pulses or other types, and can be used to generate the correct time delay.
The interrupt generator 502 is a unit for generating an interrupt in the internet of things device 402, and is used to process an immediate event or an event listed as a priority event, and is responsible for operations such as timeout interrupt of a time counter and generation of an interrupt request by an external event. The interrupt processing system of most microcontrollers is multi-layer, and an interrupt priority circuit is arranged in the interrupt processing system to determine the sequence. It is often applied to the situation that the IOT processor 402 is in a standby state (Halt-Stop) at ordinary times, and is awakened by an external signal, or an event needs to be processed immediately (sensor, switch, alarm, power failure alarm), or a fixed interval is needed for processing (Display, Key Scan, Read-Time Clock). In the internet of things device 400, interrupt handling is often involved. For example, in the internet of things device 400 of the camera, it is often necessary to generate an alarm when some person or event is detected, or to generate a series of actions (for example, transmitting a video record to the aggregator 306 or a police monitoring node), and in these cases, an interrupt is generated to control the execution of the arithmetic logic unit 507. In addition, in the internet of things device 400, the interrupt generator 502 often cooperates with the timer/counter 501 to generate interrupts. For example, the internet of things device 402 of the camera at the traffic light needs to switch the red/yellow/green light at regular time, after the counter measures a fixed time length, the interrupt generator 502 generates an interrupt, the operation logic unit 507 controls the action of generating the light change, and sends the collected video data to other nodes in the internet of things as needed, for example, to the aggregator 306 for traffic data analysis.
Fig. 5 is a block diagram of the event management unit 412 of one embodiment of the present disclosure. Referring to fig. 5, the event management unit 412 includes a plurality (w shown) of channels 4121 and generator configuration modules 4122 and user configuration modules 4123 associated with each channel 4121. Illustrated by channel 1, the generator configuration module 1 configures a target event generator connected at the entrance of channel 1, i.e. a plurality of candidate event generators a arranged at the entrance of channel 11-An+1Is configured as a target event generator; the user configuration module 1 configures target event users connected at the exit of the channel 1, namely a plurality of candidate event users B arranged at the exit of the channel 11-Bm+1Is configured as a target event user.
Unlike interrupt response based processing mechanisms, the channel 4121 transmits the trigger signal without intervention from the processor 402 and without using device resources such as the bus 406 and the system memory 404 included in the internet of things device 400 of fig. 3. Taking the internet of things device 400 of a camera at a traffic light as an example, the internet of things device 400 needs to switch traffic lights at regular time, as described above, the conventional interrupt response-based processing mechanism adopts the IOT processor 402 shown in fig. 4, specifically: when the timer/counter 501 measures a fixed time length, the interrupt generator 502 generates an interrupt to let the arithmetic logic unit 507 generate a light-changing control signal, and then the control signal is transmitted through the input/output port 509 shown in fig. 4 and the bus 406 and the interface 418 shown in fig. 3 to trigger the actuator 422, so that the actuator 422 controls one traffic light to be turned off and the other traffic light to be turned on to realize the switching of the traffic lights; if the event management unit 412 is used for processing, the specific process is as follows: configuring a timer as a target event generator of the event management unit 412 and configuring an actuator as a target event user; then, a timer measures a fixed time length to generate a trigger signal, and the trigger signal is transmitted through the event management unit 412 to trigger the actuator (this process uses a timer different from the timer/counter 501 provided in the IOT processor 402 in fig. 4, the timer is provided outside the IOT device 400 as a peripheral of the event management unit 412, and may be provided inside the IOT device 400 or outside the IOT device 400; the actuator is not required to be connected to the bus 406 through the interface 418 as shown in fig. 3, but is directly connected to the outlet of the event management unit 412).
In connection with the above example, the trigger response procedure based on the event management unit 412 does not require the processor 402 to participate, thus saving processor resources; but also saves memory space of system memory 404 and overhead of bus 406. The interrupt response scheme based on the processor 402 is slow, and the trigger response scheme based on the event management unit can control the transmission duration of the trigger signal to be in the order of several clock cycles, so that the method has the advantage of real-time performance. Furthermore, if there are a large number of similar events to be processed sequentially, the event management unit 412 saves the resource consumption and time overhead of the processor 402 due to a large number of interrupt responses by managing the trigger signal transmission in a timely manner.
Safety protection assembly
Currently, no protective measures are taken by the event management unit 412. The event management unit 412 is easily attacked in a malicious manner without protection, so that the peripheral connected to the event management unit 412 is attacked after a trigger event occurs, including leakage of confidential data and abnormal operation. For example, the remote weather station group 214 is provided with the event management unit 412, and after the event management unit 412 receives the trigger signal, the remote weather station group 214 provides the weather forecast to the target event generator generating the trigger signal without human intervention, in the process: if the target event generator is an external device that does not subscribe to the weather forecast from the remote weather station group 214 (i.e., the weather forecast for the remote weather station group 214 is confidential data for the target event generator), the confidential data of the remote weather station group 214 is stolen; if the remote weather station group 214 carries a virus and transmits the virus while providing the weather forecast, the target event generator (e.g., the traffic control group 206) may be disturbed by the virus after receiving the weather forecast and may not work properly to control traffic.
In the related art, the chip only adopts a simple latch mechanism for protecting the functional unit, that is, a safety switch is set in the chip, and the safety switch can be opened only under the control of an authorized user. In general, when the user is authorized to use the device, the safety switch is turned on to use the functional unit, and after the use is finished, the safety switch is turned off in time, so that the user is prevented from being unauthorized to use the device. The protection method is migrated to the event management unit 412, and the event management unit 412 may also be protected, that is, the event management unit 412 sets a security switch, after the security switch is turned on, the target event generator of the event management unit 412 can trigger the target event user, and if the authorized user prepares to let a safe target event generator trigger a safe target event user, the security switch of the event management unit 412 is turned on. However, after the internet of things device 400 including the event management unit 412 is applied to more different fields, not only a secure target event generator may be required to trigger a secure target event user, but also an unsecure target event generator may be required to trigger an unsecure target event user, so that trigger events may become denser, and it is difficult for an authorized user to continuously turn on or off a security switch in response to a trigger event requirement, that is, the protection method described above cannot cope with an application field in which the event management unit 412 is continuously expanded and varied, and has a technical defect of being not flexible in use. In view of this, the internet of things device 400 provided by the embodiment of the present disclosure is provided with a security protection component 630.
The security protection component 630 is connected to the event management unit 412 to control the connection and disconnection of the transmission channel in the event management unit 412. Under the condition that both the target event generator and the target event user are safe or unsafe, the safety protection component 630 controls the transmission channel to be conducted, and the trigger signal sent by the target event generator can pass through the transmission channel of the event management unit 412, so that the target event user can be triggered; in the case where only one of the target event generator and the target event user is secure, the trigger signal transmitted by the target event generator cannot pass through the transmission channel of the event management unit 412, and thus the target event user cannot be triggered. Therefore, the secure peripheral and the non-secure peripheral connected to the event management unit 412 are isolated from each other, which not only ensures the security of data in the secure space, but also provides a flexible event management margin for the non-secure space, so that the protection of the event management unit is applicable to an ever-expanding and variable application field.
The security protection component 630 may be a separate device that is mounted to the internet of things device 400 to protect the event management unit 412 on the internet of things device 400; or may be integrated with the event management unit 412 in the same system on chip, and then installed on the internet of things device 400 together with the event management unit 412 in the form of the system on chip. Since the security protection component 630 is used by the event management unit 412, the security protection component 630 will be described in detail in the system on chip integrating the security protection component 630 and the event management unit 412 with reference to fig. 6 (hereinafter, in the system on chip 600, the event management unit 412 is also referred to as the event management unit 620, and the register 413 is also referred to as the register 640).
Referring to fig. 6, the system on chip 600 includes an on-chip bus 610, the on-chip bus 610 for coupling an event management unit 620 and a security protection component 630. It should be understood that the system-on-chip 600 may also integrate other necessary devices, and the disclosure does not limit the integration of the system-on-chip 600 to other necessary devices unless otherwise specified.
Referring to fig. 6, the event management unit 620 receives the trigger signal srcj _ trig sent by the target event generator, and the trigger signal srcj _ trig can be used as the trigger signal dstk _ trig of the target event user to trigger the target event user after passing through the event management unit 620 (in order to achieve effective triggering on the target event user, in some examples, the trigger signal srcj _ trig sent by the target event generator is amplitude-adjusted to be used as the trigger signal dstk _ trig of the target event user). The security protection component 630 includes an attribute matching unit 631 and an arbitration unit 632 connected to each other, where the arbitration unit 632 is connected to the event management unit 620 through the on-chip bus 610, so that the arbitration unit 632 controls the on-off of a transmission channel in the event management unit 620 by using the control signal Con, and the trigger signal srcj _ trig cannot pass through the event management unit 620 after the transmission channel is disconnected.
The attribute matching unit 631 is configured to obtain the security attribute srcj _ secure of the target event generator and the security attribute dstj _ secure of the target event user, and determine whether the security attribute srcj _ secure of the target event generator and the security attribute dstj _ secure of the target event user are matched to obtain a determination result Res. The arbitration unit 632 is configured to control the on/off of the transmission channel in the event management unit 620 according to the determination result Res. Specifically, if the security attribute srcjsecure of the target event generator srcj and the security attribute dstj _ secure of the target event user dstj are both secure or both secure, the determination result Res is a match, and the arbitration unit 632 controls the transmission channel to be conducted; if one of the security attribute srcjsecure of the target event generator srcj and the security attribute dstj _ secure of the target event user dstj is secure and the other is unsecure, the determination result Res is not matched, and the arbitration unit 632 controls the transmission channel to be disconnected.
In some examples, the event management unit 620 is provided with a plurality of transmission channels 4121 as shown in fig. 5. The security protection component 630 includes at least one attribute matching unit 631 and at least one arbitration unit 632 in correspondence with the event management unit 620 provided with a plurality of transmission channels to ensure that each transmission channel 4121 has a corresponding attribute matching unit 631 and arbitration unit 632 when in use. Since one transmission channel 4121 is configured with one attribute matching unit 631 and one arbitration unit 632 when in use, how the event management unit 620 of only one transmission channel is protected by the security protection component 630 is explained below mainly in conjunction with fig. 7. If not specifically stated, in the case where the event management unit 620 includes a plurality of transmission channels, the protection scheme of each transmission channel only needs to refer to one transmission channel.
Referring to fig. 7, the security protection component 630 may further include a first data selector 633 and a second data selector 634, wherein the first data selector 633 is configured to receive a security attribute scru _ secure of at least one candidate event generator scru (u ═ 0, 2, …, n, (n +1) being the number of candidate event generators) of the event management unit 620, and extract the security attribute scrj _ secure of the target event generator scrj from the security attribute scru _ secure of the at least one candidate event generator scru under the control of first address selection information sel1 to be supplied to the attribute matching unit 631, the first address selection information sel1 being address selection information converted from identification information scrj _ config of the target event generator scrj; the second data selector 634 is configured to receive the security attribute dstv _ secure of the at least one candidate event user dstv (v ═ 0, 2, … m, (m +1) is the number of candidate event users) of the event management unit 620, and extract the security attribute dstk _ secure of the target event user dstk from the security attribute dstv _ secure of the at least one candidate event user dstv under the control of second address selection information sel2 to be provided to the attribute matching unit 631, the second address selection information sel2 being address selection information converted from the identification information dst _ config of the target event user dstk.
Further, the security protection component 630 may further set the information converting unit 635 to convert the identification information scr _ config of the target event generator scrj into the first address selection information sel1, and to convert the identification information dst _ config of the target event user dstk into the second address selection information sel2, through the information converting unit 635. Since the data selector is usually implemented by a gate circuit, the above-described first address selection information sel1 and second address selection information sel2 are each a multi-bit binary number. The information converting unit 635 may be constructed by a microprocessor so that the identification information scr _ config and dst _ config are each converted into address selection information represented by a multi-bit binary number by the microprocessor.
In some examples, a register 640 provided by the event management unit 620 is provided on the system-on-chip 600, the register 640 is coupled to the event management unit 620 and the security protection component 630 through the on-chip bus 610, identification information scr _ config of the target event generator scrj and identification information dst _ config of the target event user dstk are stored in the register 640, and the event management unit 620 configures the target event generator and the target event user of the transmission channel by reading the identification information scr _ config and dst _ config stored in the register 640. Specifically, for the security protection component 630, the information conversion unit 635 reads the identification information scr _ config and dst _ config stored in the register 640, and then obtains the first address selection information sel1 and the second address selection information sel2 through information conversion, so that the security protection component 630 and the event management unit 620 can share the source device of the identification information scr _ config and dst _ config.
It should be noted that the identification information scr _ config and dst _ config both belong to event management information and correspond to transmission channels, that is, one transmission channel corresponds to one set of identification information scr _ config and dst _ config in the register 640. In the case where the event management unit 620 is provided with a plurality of transmission channels, the event management information corresponding to each transmission channel further includes identification information nel _ config for the transmission channel, so that one register 640 can configure the event management information of the plurality of transmission channels in the event management unit 620. Specifically, the data structure of the event management information may be: the first preset bit sets the channel identification nel _ config, the second preset bit sets the identification information scr _ config of the target event generator scrj, and the third preset bit sets the identification information dst _ config of the target event user dstk.
It should be understood that, although one transmission channel 4121 is configured with one attribute matching unit 631 and one arbitration unit 632 when in use, since the event management unit 620 may be provided with redundant transmission channels 4121, or the security protection component 630 is provided with redundant units, or one unit in the security protection component 630 can be multiplexed with a plurality of transmission channels 4121 which are not used simultaneously through dynamic adjustment, it is not strictly required that the number of the attribute matching unit 631, the first data selector 633, the second data selector 634, or even the information conversion unit 635 is equal to the number of the transmission channels 4121, as long as each device provided in the security protection component 630 can be provided with a corresponding attribute matching unit 631, first data selector 633, second data selector 634, or information conversion unit 635 when in use.
Referring to fig. 7, similar to the security protection component 630 described above, the event management unit 620 may also construct a generator configuration module 622 (i.e., the generator configuration module 4122 indicated in fig. 5) and a user configuration module 623 (i.e., the user configuration module 4123 indicated in fig. 5) through the data selector, wherein the generator configuration module 622 receives the trigger signal src _ trig sent by the plurality of candidate event generators src and selects the trigger signal src _ trig of the target event generator src from the plurality of trigger signals src _ trig through the event configuration unit 625; the trigger signal srcj _ trig of the target event generator srcj reaches the user configuration module 623 via the transmission channel 621, and the user configuration module 623 is connected to a plurality of candidate event users dstv via a plurality of output ports (one output port is connected to one candidate event user dstv), and selects an output port connected to the target event user srcj from the plurality of output ports via the event configuration unit 625. The event configuration unit 625 is included in the event management unit 620, and its operation principle refers to the above-mentioned information conversion unit 635, which is not described in detail here.
Further, the security protection component 630 may also be provided with a security configuration unit 636. The security configuration unit 636 is adapted to register the security attribute scru _ secure of the at least one candidate event generator src and the security attribute dstv _ secure of the at least one candidate event consumer dstv and to provide the security attribute scru _ secure of the at least one candidate event generator src to the first data selector 633 via a data input connection to the first data selector 633 and to provide the security attribute dstv _ secure of the at least one candidate event consumer dstv to the second data selector 634 via a data input connection to the second data selector 634. The security configuration unit 636 may be generated according to a security attribute configuration instruction from the internet of things processor 402 or other components, and may also be burned in the security protection component 630 at the product manufacturing stage, so that the construction is flexible.
In some examples, the security attribute scru _ secure of the at least one candidate event generator src and the security attribute dstv _ secure of the at least one candidate event user dstv are both represented by a 1-bit binary number, and different security attributes are represented using different binary numbers. For example, when the security attribute value is secure, it is represented by binary number 1, and when the security attribute value is not secure, it is represented by binary number 0. In view of the ratio, the attribute matching unit 631 may be constructed by a gate circuit, specifically including: a first and gate 6311, a first not gate 6312, a second not gate 6313, a second and gate 6314, and an or gate 6315, wherein the first and gate 6311 is connected to the output terminals of the first data selector 633 and the second data selector 634 respectively, so that the first and gate 6311 inputs the security attribute src _ secure of the target event generator src j and the security attribute dstj _ secure of the target event user dstj, respectively; the first not gate 6312 is connected to an output terminal of the first data selector 633 such that the first not gate 6312 inputs the security attribute srcj _ secure of the target event generator srcj; the second not gate 6313 is connected to an output terminal of the second data selector 634, so that the second not gate 6313 inputs the security attribute dstj _ secure of the target event user dstj; then, two input terminals of the second and gate 6314 are respectively connected to the output terminal of the first not gate 6312 and the output terminal of the second not gate 6313, and two input terminals of the or gate 6315 are respectively connected to the output terminal of the first and gate 6311 and the output terminal of the second and gate 6314, and the output terminal outputs the determination result Res.
For the attribute matching unit 631 configured by the above gate circuit, there is a truth table shown in table one, where Res is 1 in the case where srcj _ secure is 0 and dstj _ secure is 0 or in the case where srcj _ secure is 1 and dstj _ secure is 1; srcj _ secure is 0 and dstj _ secure is 1, or srcj _ secure is 1 and dstj _ secure is 0, Res is 0. Thus, the attribute matching unit 631 constructed by gates preferably realizes the judgment as to whether the security attribute srcj _ secure and the security attribute dstj _ secure match.
In some examples, an enabling unit 624 is disposed in the transmission channel 621 for adjusting the on/off state of the transmission channel 621. Illustratively, the enabling unit 624 is a fet, and has an input terminal connected to the event configuration unit 622, an output terminal connected to the user configuration unit 623, and a control terminal connected to the arbitration unit 632. After receiving the determination result Res, the arbitration unit 632 generates control signals Con of different levels for the fets according to the determination result Res, so that when the determination result Res is that the security attribute src _ secure matches the security attribute dstj _ secure, the arbitration unit 632 controls the fets to be turned on by the control signals Con, and thus the trigger signal src _ trig of the target event generator src j can pass through the transmission channel 621; conversely, the arbitration unit 632 controls the fet to be turned off by the control signal Con, so that the trigger signal src _ trig of the target event generator src cannot pass through the transmission channel 621.
Method for protecting event management unit
Fig. 8 is a flowchart of a method for protecting the event management unit 620 according to an embodiment of the present disclosure. Referring to fig. 8, the method in one embodiment comprises:
step S110, acquiring a security attribute srcj _ secure of a target event generator srcj and a security attribute dstj _ secure of a target event user dstj;
step S120, judging whether the security attribute srcj _ secure of the target event generator srcj is matched with the security attribute dstj _ secure of the target event user dstj to obtain a judgment result Res, wherein if the judgment result Res is that the security attribute srcj _ secure is matched with the security attribute dstj _ secure, the step S130 is executed, otherwise, the step S140 is executed;
step S130, controlling the transmission channel 621 to conduct;
in step S140, the transmission path 621 is controlled to be disconnected.
The method of the embodiment of the present disclosure is executed by any one of the above-mentioned security protection components 630, and the security protection component 630 enables triggering between security peripherals and triggering between non-security peripherals of the event management unit 620, but the security peripherals and the non-security peripherals are isolated from each other, so that not only is the security of data in the security space ensured, but also a flexible event management margin is provided for the non-security space, and thus the protection of the event management unit 620 is applicable to the application field in which the event management unit 620 is continuously expanded and varied.
The implementation details of the above method embodiment have been described in detail in the foregoing device embodiment, and reference may be made to the foregoing device embodiment, so that details are not described herein.
Commercial value of the disclosed embodiments
The embodiment of the present disclosure is verified by experiments that the safety protection component 630 is configured to better isolate the safety peripheral and the non-safety peripheral of the event management unit 620, thereby satisfying the protection requirement of the event management unit 620 in the continuously expanded and changeable application field, and having a good market prospect.
It should be understood that the embodiments in this specification are described in a progressive manner, and that the same or similar parts in the various embodiments may be referred to one another, with each embodiment being described with emphasis instead of the other embodiments. In particular, as for the method embodiments, since they are substantially similar to the methods described in the apparatus and system embodiments, the description is simple, and the relevant points can be referred to the partial description of the other embodiments.
It should be understood that the above description describes particular embodiments of the present specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
It should be understood that an element described herein in the singular or shown in the figures only represents that the element is limited in number to one. Furthermore, modules or elements described or illustrated herein as separate may be combined into a single module or element, and modules or elements described or illustrated herein as single may be split into multiple modules or elements.
It is also to be understood that the terms and expressions employed herein are used as terms of description and not of limitation, and that the embodiment or embodiments of the specification are not limited to those terms and expressions. The use of such terms and expressions is not intended to exclude any equivalents of the features shown and described (or portions thereof), and it is recognized that various modifications may be made within the scope of the claims. Other modifications, variations, and alternatives are also possible. Accordingly, the claims should be looked to in order to cover all such equivalents.
Claims (11)
1. A security protection assembly connected to an event management unit that sets a transmission channel of a trigger signal between a target event generator and a target event user, the security protection assembly comprising:
the attribute matching unit is used for acquiring the security attribute of the target event generator and the security attribute of the target event user, and judging whether the security attribute of the target event generator is matched with the security attribute of the target event user to obtain a judgment result;
and the arbitration unit is used for controlling the on-off of the transmission channel according to the judgment result so that the transmission channel is conducted only under the condition that the security attribute of the target event generator is matched with the security attribute of the target event user.
2. The safety assembly of claim 1, further comprising:
the first data selector is used for receiving the security attributes of at least one candidate event generator of the event management unit and extracting the security attributes of the target event generator from the security attributes of the at least one candidate event generator according to the identification information of the target event generator so as to provide the security attributes to the attribute matching unit;
and the second data selector is used for receiving the security attributes of at least one candidate event user of the event management unit and extracting the security attributes of the target event user from the security attributes of the at least one candidate event user according to the identification information of the target event user so as to provide the security attributes to the attribute matching unit.
3. The security protection assembly of claim 2, further comprising an information conversion unit, wherein,
the first data selector extracts the security attribute of the target event generator under the control of first address selection information, and the second data selector extracts the security attribute of the target event user under the control of second address selection information;
the information conversion unit is used for converting the identification information of the target event generator into first address selection information and providing the first address selection information for the first data selector through connection with an address input end of the first data selector;
the information conversion unit is also used for converting the identification information of the target event user into second address selection information and providing the second address selection information for the second data selector through connecting with the address input end of the second data selector.
4. The safety protection assembly of claim 3,
the information conversion unit reads the identification information of the target event generator and the identification information of the target event user from a register;
the register is a device configured by the event management unit, the register is used for storing event management information of each transmission channel in the event management unit, and the event management information of one transmission channel comprises identification information of a target event generator configured by the transmission channel and identification information of a target event user configured by the transmission channel.
5. The safety protection assembly of claim 4,
the event management unit is provided with a plurality of transmission channels;
the safety protection component comprises at least one attribute matching unit, at least one first data selector, at least one second data selector and at least one information conversion unit, so that any one of a plurality of transmission channels has the corresponding attribute matching unit, the corresponding first data selector, the corresponding second data selector and the corresponding information conversion unit when in use;
each event management information stored in the register further includes a channel identifier of the transmission channel, and the information conversion unit corresponding to the target transmission channel reads the event management information of the target transmission channel by identifying the channel identifier of the target transmission channel from the register.
6. The safety assembly of claim 2, further comprising:
a security configuration unit for registering security attributes of the at least one candidate event generator and the at least one candidate event consumer and providing the security attributes of the at least one candidate event generator to the first data selector by connecting to a data input of the first data selector and providing the security attributes of the at least one candidate event consumer to the second data selector by connecting to a data input of the second data selector.
7. The security protection assembly of claim 1, wherein the attribute matching unit comprises:
the first AND gate is used for respectively inputting the security attribute of the target event generator and the security attribute of the target event user;
a first not gate inputting a security attribute of the target event generator;
a second not gate for inputting the security attribute of the target event user;
the two input ends of the second AND gate are respectively connected with the output end of the first NOT gate and the output end of the second NOT gate;
and the two input ends of the OR gate are respectively connected with the output end of the first AND gate and the output end of the second AND gate, and the output end outputs the judgment result.
8. The safety protection assembly according to claim 1, wherein an enabling unit for adjusting the on-off state of the transmission channel is arranged in the transmission channel, the arbitration unit is connected with the enabling unit, and the arbitration unit controls the on-off state of the transmission channel by controlling the enabling unit.
9. A system on a chip, comprising:
the safety protection assembly of any one of claims 1-8;
the event management unit;
and the on-chip bus is used for coupling the event management unit and the safety protection component.
10. An internet of things device comprising a security protection component according to any one of claims 1 to 8 and the event management unit.
11. A method of protecting an event management unit that sets a transmission path of a trigger signal between a target event generator and a target event user, the method comprising:
acquiring the security attribute of the target event generator and the security attribute of the target event user;
judging whether the security attribute of the target event generator is matched with the security attribute of the target event user or not to obtain a judgment result;
and controlling the on-off of the transmission channel according to the judgment result so that the transmission channel is conducted only under the condition that the security attribute of the target event generator is matched with the security attribute of the target event user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110958686.5A CN113673001B (en) | 2021-08-20 | 2021-08-20 | Security assembly and related apparatus and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110958686.5A CN113673001B (en) | 2021-08-20 | 2021-08-20 | Security assembly and related apparatus and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113673001A true CN113673001A (en) | 2021-11-19 |
| CN113673001B CN113673001B (en) | 2024-06-21 |
Family
ID=78544145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110958686.5A Active CN113673001B (en) | 2021-08-20 | 2021-08-20 | Security assembly and related apparatus and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113673001B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030197632A1 (en) * | 2002-04-10 | 2003-10-23 | Systel Development & Industries Ltd. | System on chip for digital control of electronic power devices |
| US20120162828A1 (en) * | 2010-12-22 | 2012-06-28 | Atmel Corporation | Battery management and protection |
| US20180102810A1 (en) * | 2015-06-19 | 2018-04-12 | GWF Messysteme AG | Method and device for data transmission and counter unit |
| US20190044818A1 (en) * | 2018-01-12 | 2019-02-07 | Intel Corporation | Self-adjusting data processing system |
| CN109479073A (en) * | 2016-08-25 | 2019-03-15 | 英特尔公司 | The adjustment of IOT solution size |
| CN110912884A (en) * | 2019-11-20 | 2020-03-24 | 深信服科技股份有限公司 | Detection method, detection equipment and computer storage medium |
| US20200383284A1 (en) * | 2019-06-10 | 2020-12-10 | Smart Rain Systems, LLC | Artificially intelligent irrigation system |
-
2021
- 2021-08-20 CN CN202110958686.5A patent/CN113673001B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030197632A1 (en) * | 2002-04-10 | 2003-10-23 | Systel Development & Industries Ltd. | System on chip for digital control of electronic power devices |
| US20120162828A1 (en) * | 2010-12-22 | 2012-06-28 | Atmel Corporation | Battery management and protection |
| US20180102810A1 (en) * | 2015-06-19 | 2018-04-12 | GWF Messysteme AG | Method and device for data transmission and counter unit |
| CN109479073A (en) * | 2016-08-25 | 2019-03-15 | 英特尔公司 | The adjustment of IOT solution size |
| US20190044818A1 (en) * | 2018-01-12 | 2019-02-07 | Intel Corporation | Self-adjusting data processing system |
| US20200383284A1 (en) * | 2019-06-10 | 2020-12-10 | Smart Rain Systems, LLC | Artificially intelligent irrigation system |
| CN110912884A (en) * | 2019-11-20 | 2020-03-24 | 深信服科技股份有限公司 | Detection method, detection equipment and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113673001B (en) | 2024-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220066858A1 (en) | Remote debugging and management | |
| US10313977B2 (en) | Adaptive network topology | |
| US11388217B2 (en) | Edge or fog gateway assisted out-of-band remote management for managed client devices | |
| US11373406B2 (en) | Transmission, caching, and searching of video streams based on frame dependencies and content | |
| US11252786B2 (en) | IoT networking extension with bi-directional packet relay | |
| CN109496416A (en) | Future authentication and prototype are carried out to Internet of Things network | |
| US20190044737A1 (en) | Secure wireless network association | |
| CN109479073A (en) | The adjustment of IOT solution size | |
| US11310643B2 (en) | Subject matching for distributed access control scenarios | |
| US11019150B2 (en) | Internet-of-thing gateway and related methods and apparatuses | |
| US20190033910A1 (en) | Throughput optimization for bus protocols | |
| Desnitsky et al. | Security event analysis in XBee-based wireless mesh networks | |
| Almiani et al. | Bluetooth application-layer packet-filtering for blueborne attack defending | |
| CN113708946B (en) | Computing system and message routing method | |
| CN113673001B (en) | Security assembly and related apparatus and method | |
| CN113766590B (en) | Method and wireless device for application in wireless networking | |
| Barbareschi et al. | On the adoption of fpga for protecting cyber physical infrastructures | |
| CN113672075A (en) | Peripheral management component, related device and method | |
| US20220015140A1 (en) | Random access channel security | |
| Araujo et al. | Cognitive wireless sensor networks framework for green communications design | |
| CN114641056B (en) | Processing unit and method for adjusting gain of receiver | |
| WO2018237176A1 (en) | Data model visibility in iot network implementations | |
| Hasan et al. | Zigbee based wireless mesh network controlling through web server | |
| Bandara et al. | Towards optimising wi-fi energy consumption in mobile phones: A data driven approach | |
| Cai et al. | Novel design and implementation of IEEE 802.11 medium access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240222 Address after: 310052 Room 201, floor 2, building 5, No. 699, Wangshang Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: C-SKY MICROSYSTEMS Co.,Ltd. Country or region after: China Address before: 311121 room 525, floor 5, building 3, No. 969, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Applicant before: Pingtouge (Hangzhou) Semiconductor Co.,Ltd. Country or region before: China |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |