CN114329513A - Device, method and server for limiting external access of physical interface - Google Patents
Device, method and server for limiting external access of physical interface Download PDFInfo
- Publication number
- CN114329513A CN114329513A CN202111434506.XA CN202111434506A CN114329513A CN 114329513 A CN114329513 A CN 114329513A CN 202111434506 A CN202111434506 A CN 202111434506A CN 114329513 A CN114329513 A CN 114329513A
- Authority
- CN
- China
- Prior art keywords
- module
- information
- interface
- channel switching
- power supply
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000006243 chemical reaction Methods 0.000 claims description 27
- 238000004519 manufacturing process Methods 0.000 claims description 14
- 239000003990 capacitor Substances 0.000 claims description 10
- 238000004146 energy storage Methods 0.000 claims description 6
- 230000009471 action Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 description 8
- 238000013461 design Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Landscapes
- Power Sources (AREA)
Abstract
The invention belongs to the technical field of server interface control, and particularly provides a device, a method and a server for limiting external access of a physical interface, wherein the device comprises a control module, the control module is connected with an interface chip through an interface driving module, and the interface chip is used for being connected to the physical interface; the control module is also connected with an information identification module and an encryption and decryption module; the information identification module is used for identifying the model information of the server where the physical interface is located and transmitting the identified information to the control module; the encryption and decryption module is used for setting encryption and decryption information to the control module; the control module is used for outputting control information to the interface driving module according to the received model information; outputting control information to an interface driving module according to the received encryption and decryption information; and the interface driving module is used for continuously outputting or disconnecting the output information to the interface chip according to the received control information. The server can not be invaded from the outside in the local environment, and the information security of the server is enhanced.
Description
Technical Field
The invention relates to the technical field of server interface control, in particular to a device, a method and a server for limiting external access of a physical interface.
Background
The server generally designs a physical interface to facilitate access to master control management modules or systems such as BMC and the like, and after the product volume is up, the interface is reserved to facilitate later maintenance. Such hardware interfaces are generally not used when the server is running a service normally. Such design may pose a certain security risk, and server information may be directly obtained through a hardware interface. Such risks can only be protected by restricting access to accounts and passwords, and certain hidden danger of disclosure exists.
After the server enters the mass production, the access authority of the hardware interface is generally limited by a mode of controlling the account authority, and the account cannot be accessed again after debugging, but still a highest authority account is reserved. A temporary account is established for convenient use in maintenance, and the account is deleted after a certain time. The management network port and the sharing network port can be configured through the BMC, and the access right of the management network port is closed.
At present, the limitation protection means are basically software and firmware control, only account operation permission can be limited, external acquisition of server information cannot be completely limited, and even the internet access permission can be modified in a temporary account. In the case where the physical interface is still externally accessible, there is a portion of the vulnerability that may bypass the software access restrictions to further access the server to obtain information. In the prior art, a great hidden danger of server disclosure still exists. The information security of the server cannot be effectively protected.
Disclosure of Invention
Aiming at the problems that the existing limiting protection means are basically controlled by software and firmware, only account operation permission can be limited, external acquisition of server information cannot be completely limited, and even the internet access permission can be modified in a temporary account. The invention provides a device, a method and a server for limiting the external access of a physical interface, and solves the problems that a part of bugs exist and software access limitation can be bypassed to further access the server to acquire information under the condition that the physical interface can still be accessed externally.
The technical scheme of the invention is as follows:
in a first aspect, the present invention provides a device for restricting external access of a physical interface, including a control module, the control module being connected to an interface chip through an interface driving module, the interface chip being used for connecting to the physical interface;
the control module is also connected with an information identification module and an encryption and decryption module;
the information identification module is used for identifying the model information of the server where the physical interface is located and transmitting the identified information to the control module;
the encryption and decryption module is used for setting encryption and decryption information to the control module;
the control module is used for outputting control information to the interface driving module according to the received model information; outputting control information to an interface driving module according to the received encryption and decryption information;
and the interface driving module is used for continuously outputting or disconnecting the output information to the interface chip according to the received control information.
Preferably, the interface driving module comprises a power supply module and a switch channel switching module;
the power supply module is respectively connected with the control module and the switch channel switching module; the power supply is used for supplying power to the control module and the switch channel switching module;
the switch channel switching module is respectively connected with the control module and the interface chip, the control module carries out logic processing according to the received information of the information identification module or the encryption and decryption module and outputs control information to the switch channel switching module, and the power supply access of the power supply module and the interface chip is controlled by controlling the action of the switch channel switching module.
Preferably, the power supply module comprises a power supply module and a voltage conversion module connected with the power supply module;
the switch channel switching module comprises a first switch unit and a first channel switching unit;
the power supply module is respectively connected with the encryption and decryption module and the interface chip through the first channel switching unit;
the voltage conversion module is connected with the first channel switching unit and used for providing a working power supply for the first channel switching unit;
the control module is connected with the first channel switching unit through the first switch unit, and the first switch unit acts according to the control information of the control module to further control the channel switching of the first channel switching unit, so that the power module supplies power to the encryption and decryption module or the interface chip.
Preferably, the first switching unit includes a transistor Q1, a base of a transistor Q1 is connected to the control module through a resistor R1, a base of a transistor Q1 is connected to an emitter of a transistor Q1 through a resistor R2, and a collector of a transistor Q1 is connected to the first channel switching unit; the collector of the transistor Q1 is also connected to the emitter of the transistor Q1 through a zener diode D1, and the emitter of the transistor Q1 is grounded.
Preferably, the first channel switching unit comprises a first relay, a common contact of the first relay is connected with the power supply module, a normally closed contact of the first relay is connected with the encryption and decryption module, and a normally open contact of the first relay is connected with the interface chip; the first end of the first relay coil is connected with the collector of the triode Q1, the second end of the first relay coil is connected with the voltage conversion module through the diode D2, wherein the anode of the diode D2 is connected with the voltage conversion module.
Preferably, the switch channel switching module further comprises a switching driving unit for accelerating the switching speed of the first relay;
the switching driving unit comprises a triode Q2, an emitter of a triode Q2 is connected with an anode of a diode D2, and a base of a triode Q2 is connected with a collector of a triode Q1 through a resistor R4; the second end of the first relay coil is grounded through an energy storage capacitor C1 and a resistor R3 which are connected in series, and the collector of a triode Q2 is connected to the connection point of the energy storage capacitor C1 and the resistor R3.
Preferably, the power supply module further comprises a battery module; the switch channel switching module also comprises a second switch unit and a second channel switching unit;
the second channel switching unit comprises a second relay, a common contact of the second relay is connected with the encryption and decryption module, a normally closed contact of the second relay is connected with the power supply module, and a normally open contact of the second relay is connected with the battery module; the first end of the second relay coil is connected with the second switch unit, and the voltage conversion module is connected with the second end of the second relay coil through a diode D4.
The circuit connection structure of the second switch unit is the same as that of the first switch unit.
The second switching unit comprises a triode Q3, the base electrode of the triode Q3 is connected to the control module through a resistor R5, the base electrode of the triode Q3 is connected with the emitting electrode of the triode Q3 through a resistor R6, and the collector electrode of the triode Q3 is connected with the second channel switching unit; the collector of the transistor Q3 is also connected to the emitter of the transistor Q3 through a zener diode D3, and the emitter of the transistor Q3 is grounded.
The collector of transistor Q3 is connected to a first terminal of the second relay coil.
In a second aspect, a technical solution of the present invention provides a method for limiting external access of a physical interface, including the following steps:
step 1: receiving model information of a server;
step 2: judging whether the current model is a mass production model; if not, executing the step 7, and if so, executing the step 3;
and step 3: the control module outputs control information to cut off a power supply path of the power supply module to the interface chip, so that the physical interface function is closed;
and 4, step 4: when the control module receives the password unlocking information, the power supply access of the interface chip is controlled to be switched on by the power supply module, and meanwhile, the state of the physical interface is monitored;
and 5: judging whether the control module receives the encrypted information; if yes, executing step 3; otherwise, executing step 6;
step 6: monitoring whether the physical interface has operation information at a set time interval; if yes, executing the step 3, otherwise, executing the step 7;
and 7: and controlling the normal use of the physical interface function.
Preferably, in step 7, the step of controlling the normal use of the physical interface function includes:
the control module outputs high level to the first switch unit to enable the first switch unit to be conducted, the power supply module is connected to the first channel switching unit after the voltage is increased through the voltage conversion module to enable the first channel switching unit to act, a channel with the interface chip is connected, and at the moment, the power supply module continues to supply power to the interface chip;
in step 3, the step of the control module outputting the control information to cut off the power supply path from the power module to the interface chip comprises:
the control module outputs low level to wait for the first switch unit to enable the first switch unit to be cut off, the first channel unit is not electrified, and the first channel switching unit is disconnected with the interface chip.
Preferably, the encryption and decryption module comprises a coded lock or a fingerprint lock.
In a third aspect, a technical solution of the present invention further provides a server for limiting external access of a physical interface, where the server includes the physical interface and a limiting device connected to the physical interface, and the limiting device includes the device for limiting external access of the physical interface according to the first aspect.
According to the technical scheme, the invention has the following advantages: external access is cut off by limiting the function of the physical interface, so that the access way of server information is reduced to the minimum, the server cannot be invaded from the outside in the local environment, and the information security of the server is enhanced. And when the server enters the mass production, all physical interface links used in the debugging stage are disconnected, so that local physical access is invalid and can be accessed only through a network end. In order to facilitate later maintenance, certain encryption measures can be reserved, and the physical interface access function can be unlocked through passwords, fingerprints and the like to carry out debugging and maintenance.
In addition, the invention has reliable design principle, simple structure and very wide application prospect.
Therefore, compared with the prior art, the invention has prominent substantive features and remarkable progress, and the beneficial effects of the implementation are also obvious.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a schematic block diagram of a control apparatus of one embodiment of the present invention.
Fig. 2 is a schematic circuit diagram of an apparatus according to an embodiment of the invention.
Fig. 3 is a schematic circuit diagram of an apparatus according to another embodiment of the present invention.
Fig. 4 is a schematic flow chart of a control method of one embodiment of the present invention.
In the figure, 100-power supply module, 101-power supply module, 102-voltage conversion module, 103-battery module, 200-interface chip, 300-encryption and decryption module, 400-switch channel switching module, 401-switch driving unit, 402-first switch unit, 403-second switch unit, 404-first channel switching unit, 405-second channel switching unit, 500-control module, 600-information identification module and 700-physical interface.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an apparatus for limiting external access of a physical interface, including a control module 500, where the control module 500 is connected to an interface chip 200 through an interface driver module, and the interface chip 200 is used for connecting to a physical interface 700;
the control module 500 is further connected with an information identification module 600 and an encryption and decryption module 300;
an information recognition module 600, configured to recognize model information of a server where the physical interface 700 is located and transmit the recognized information to the control module 500;
the encryption and decryption module 300 is used for setting encryption and decryption information to the control module 500;
the control module 500 is used for outputting control information to the interface driving module according to the received model information; outputting control information to an interface driving module according to the received encryption and decryption information;
and an interface driving module for continuously outputting or disconnecting the output information to the interface chip 200 according to the received control information.
The chip (interface chip) at the front end of the external physical interface is controlled, and when the server is identified to be of a mass production type, the output of the interface chip is disconnected or directly powered off (or the channel is cut away and locked, and the access to the channel corresponding to the external interface is forbidden), so that the function of the external physical interface is disabled.
Meanwhile, encryption measures are reserved outside or inside, a password lock or a fingerprint lock and other means are used for unlocking the maintenance mode, and the external access function of the physical interface is opened, so that the server is normally accessed locally. After the maintenance operation is finished or when the operation is not detected for a long time, the control logic triggers protection, so that the encryption measure is effective, and the external access function of the physical interface is disconnected.
The control module in actual work mainly comprises startup logic control and maintenance logic control:
the starting-up logic:
and controlling the logic power-on detection stage ID to judge whether the model ID is a mass production model ID.
If the detection result is a non-volume production type or a protection-free type, the physical interface is not limited, and the normal use of the function of the physical interface is ensured.
If the type of the device is detected to be a mass production type or a protection type, the device performs limit protection on the physical interface function, disconnects the output signal of the interface chip, and achieves the purpose by switching the corresponding signal channel to other internal channels and locking. At this point, none of the physical interfaces is accessible.
And (4) maintenance logic:
when the mass production machine normally limits the protection operation, when a coded lock or a fingerprint lock unlocking signal is detected, the physical interface function is controlled to open normal access. And simultaneously monitors whether encryption measures are triggered or long-time unaccessed operation.
And if the encryption measure is not monitored or the access operation is continued, the function of the external physical interface is kept normally available.
If the encryption measure is monitored to be effective or the operation is not accessed for a long time, the physical interface function is limited and protected, the output signal of the interface chip is disconnected, or the corresponding signal channel is cut into other internal channels and locked.
The control module 500 receives the model information identified by the information identification module 600; when the model is determined to be a non-volume-production model according to the model information, the control module 500 outputs a high level to the interface driving module to connect a passage with the interface chip 200, and controls the physical interface 700 to be normally used in function;
when the model is determined to be a mass production model according to the model information, the control module 500 outputs a low level to the interface driving module to disconnect the access with the interface chip 200, so that the physical interface function is closed;
when the control module 500 receives the decryption information input through the encryption and decryption module 300, the control module 500 outputs a high level to the interface driving module to connect the path with the interface chip 200, and controls the physical interface 700 to function normally; when the control module 500 receives the encrypted information input through the encryption and decryption module 300, outputting a low level to the interface driving module to disconnect the path with the interface chip 200, so that the physical interface function is closed; under the condition that the physical interface 700 functions normally, when it is monitored that the physical interface does not operate at the set time interval, the control module 500 outputs a low level to the interface driving module to disconnect the path with the interface chip 200, so that the physical interface functions are closed.
In some embodiments, the encryption/decryption module 300 comprises a combination lock or a fingerprint lock.
The input of encrypted information or the input of decryption information is carried out through a coded lock or a fingerprint lock, and the control module controls the function of the physical interface to be closed or opened according to the received encryption and decryption information.
In some embodiments, the interface driving module includes a power supply module 100 and a switch channel switching module 400;
the power supply module 100 is respectively connected with the control module 500 and the switch channel switching module 400; for providing power to the control module 500 and the switch channel switching module 400;
the switch channel switching module 400 is connected to the control module 500 and the interface chip 200, respectively, and the control module 500 performs logic processing according to the received information of the information identification module 600 or the encryption/decryption module 300 to output control information to the switch channel switching module 400, and controls the power supply path between the power supply module 100 and the interface chip 200 by controlling the operation of the switch channel switching module 400.
As shown in FIG. 2, in some embodiments, the power module 100 includes a power module 101 and a voltage conversion module 102 coupled to the power module 101;
the switch channel switching module 400 includes a first switch unit 402 and a first channel switching unit 404;
the power module 101 is connected to the encryption and decryption module 300 and the interface chip 200 through the first channel switching unit 404;
the voltage conversion module 102 is connected to the first channel switching unit 404, and is configured to provide a working power supply to the first channel switching unit 404;
the control module 500 is connected to the first channel switching unit 404 through the first switch unit 402, and the first switch unit 402 controls the channel switching of the first channel switching unit 404 according to the control information of the control module 500, so that the power module 101 supplies power to the encryption and decryption module 300 or the interface chip 200.
Here, the power supply module 101 may be a 3v-5v power supply, and the voltage conversion module 102 includes a boost chip that boosts the output voltage of the power supply module to about 12v for driving the operation of the first channel switching unit.
In some embodiments, the first switching unit 402 includes a transistor Q1, a base of a transistor Q1 is connected to the control module 500 through a resistor R1, a base of a transistor Q1 is connected to an emitter of a transistor Q1 through a resistor R2, and a collector of a transistor Q1 is connected to the first channel switching unit 404; the collector of the transistor Q1 is also connected to the emitter of the transistor Q1 through a zener diode D1, and the emitter of the transistor Q1 is grounded. The transistor Q1 is an NPN type transistor.
In some embodiments, the first channel switching unit 404 includes a first relay KM1, the common contact of the first relay KM1 is connected to the power module 101, the normally closed contact of the first relay KM1 is connected to the encryption and decryption module 300, and the normally open contact of the first relay KM1 is connected to the interface chip 200; a first end of the coil of the first relay is connected to the collector of the transistor Q1, a second end of the coil of the first relay KM1 is connected to the voltage conversion module 102 through a diode D2, wherein an anode of the diode D2 is connected to the voltage conversion module 102.
When the control module 500 receives the information that the information identification module identifies the non-volume production machine type information, and the control module 500 outputs a high level, the triode Q1 is conducted, the power supply module 101 raises the voltage through the voltage conversion module 102 and then enables the coil of the first relay to be electrified through the diode D2, the common contact of the first relay is connected with the normally open contact of the first relay, and at the moment, the power supply module 101 supplies power to the interface chip 200; when the control module 500 receives the information that the information identification module identifies the information of the mass production model, the control module 500 outputs a low level, the triode Q1 is cut off, the coil of the first relay is not electrified, the common contact of the first relay is connected with the normally closed contact of the first relay, and at the moment, the power module 101 supplies power to the encryption and decryption module 300.
In some embodiments, the switch channel switching module 400 further includes a switching driving unit for accelerating a switching speed of the first relay;
the switching driving unit comprises a triode Q2, an emitter of a triode Q2 is connected with an anode of a diode D2, and a base of a triode Q2 is connected with a collector of a triode Q1 through a resistor R4; the second end of the first relay coil is grounded through an energy storage capacitor C1 and a resistor R3 which are connected in series, and the collector of a triode Q2 is connected to the connection point of the energy storage capacitor C1 and the resistor R3.
The triode Q2 is a PNP type triode, when the triode Q1 is in an off state, the voltage converted by the voltage conversion module charges the capacitor C1 through D2 and R3, wherein the anode of the capacitor is connected with the cathode of the diode D2, so that the voltage at the two ends of the capacitor C1 approaches the actual voltage converted by the voltage conversion module; when the Q1 is turned on, the Q2 is also turned on, the voltage converted by the voltage conversion module is connected to the negative electrode of the C1 through the Q2, the voltage converted by the voltage conversion module is superposed with the voltage at the two ends of the capacitor C1 and is added to the coil of the first relay, so that a voltage doubling effect is formed, the pull-in of the first relay is accelerated, and the switching action is accelerated.
Since the switching speed is required to be fast in the switching process of the power supply path of the interface chip, a switching acceleration circuit is added in the embodiment.
As shown in fig. 3, in some embodiments, power module 100 further comprises a battery module; the switch channel switching module 400 further includes a second switch unit 403 and a second channel switching unit 405;
the second channel switching unit 405 comprises a second relay KM2, a common contact of the second relay KM2 is connected with the encryption and decryption module 300, a normally closed contact of the second relay KM2 is connected with the power module 101, and a normally open contact of the second relay KM2 is connected with the battery module 103; a first end of the second relay coil is connected to the second switching unit 403, and the voltage conversion module 102 is connected to a second end of the second relay coil through a diode D4.
The second switching unit 403 has the same circuit connection structure as the first switching unit 402.
The second switching unit 403 comprises a transistor Q3, a base of a transistor Q3 is connected to the control module 500 through a resistor R5, a base of a transistor Q3 is connected to an emitter of a transistor Q3 through a resistor R6, and a collector of a transistor Q3 is connected to the second channel switching unit 405; the collector of the transistor Q3 is also connected to the emitter of the transistor Q3 through a zener diode D3, and the emitter of the transistor Q3 is grounded.
The collector of transistor Q3 is connected to a first terminal of the second relay coil.
The control module controls the first switch unit to switch the first channel switching unit to the power module 101 to supply power to the interface chip 200, and controls the second switch unit to switch the second channel switching unit to the battery module 103 to supply power to the encryption/decryption module 300. Here, because the switching of the power supply route of encryption and decryption module, after first switching route unit switches the route interface with the interface chip, the power supply of encryption and decryption module switches to the battery module and supplies power, and this switching process is because after switching to the interface chip route, and encryption and decryption module is not real-time use state, and this switching process need not accelerate the setting.
Aiming at physical interfaces RS232, I2C, USB, VGA and the like commonly used by the current server, the switch of the physical interface function can be carried out by controlling the power supply path of the interface chip.
The encryption measure used in the scheme can use an external miniature coded lock/fingerprint lock, can also be built in, and can be operated after the case is opened. If a built-in design is used, the server can be controlled to be protected in a self-locking mode when unlocking fails within a certain time after the case is opened. If an external design is used, the server is subjected to self-locking protection after password unlocking fails for a certain number of times.
As shown in fig. 4, an embodiment of the present invention further provides a method for limiting external access to a physical interface, including the following steps:
step 1: receiving model information of a server;
step 2: judging whether the current model is a mass production model; if not, executing the step 7, and if so, executing the step 3;
and step 3: the control module outputs control information to cut off a power supply path of the power supply module to the interface chip, so that the physical interface function is closed;
and 4, step 4: when the control module receives the password unlocking information, the power supply access of the interface chip is controlled to be switched on by the power supply module, and meanwhile, the state of the physical interface is monitored;
and 5: judging whether the control module receives the encrypted information; if yes, executing step 3; otherwise, executing step 6;
step 6: monitoring whether the physical interface has operation information at a set time interval; if yes, executing the step 3, otherwise, executing the step 7;
and 7: and controlling the normal use of the physical interface function.
It should be noted that the method is applied to the above-mentioned apparatus, and in some method embodiments, the step of controlling normal use of the physical interface function in step 7 includes:
the control module outputs high level to the first switch unit to enable the first switch unit to be conducted, the power supply module is connected to the first channel switching unit after the voltage is increased through the voltage conversion module to enable the first channel switching unit to act, a channel with the interface chip is connected, and at the moment, the power supply module continues to supply power to the interface chip;
it should be further noted that when the control module 500 outputs a high level, the transistor Q1 is turned on, the power module 101 raises the voltage through the voltage conversion module 102, and then the coil of the first relay is powered on through the diode D2, the common contact of the first relay is connected to the normally open contact of the first relay, and at this time, the power module 101 supplies power to the interface chip 200;
in this step, the control module controls the first switch unit to switch the first channel switching unit to the power module 101 to supply power to the interface chip 200, and controls the second switch unit to switch the second channel switching unit to the battery module 103 to supply power to the encryption/decryption module 300.
That is, when the control module 500 outputs a high level, the transistor Q3 is turned on, the power module 101 increases the voltage through the voltage conversion module 102, and then the coil of the second relay is powered on through the diode D4, the common contact of the second relay is connected to the normally open contact of the second relay, and at this time, the battery module 103 supplies power to the encryption and decryption module 300.
In step 3, the step of the control module outputting the control information to cut off the power supply path from the power module to the interface chip comprises:
the control module outputs low level to wait for the first switch unit to enable the first switch unit to be cut off, the first channel unit is not electrified, and the first channel switching unit is disconnected with the interface chip.
It should be further noted that, the control module 500 outputs a low level, the transistor Q1 is turned off, the coil of the first relay is not powered, the common contact of the first relay is connected to the normally closed contact of the first relay, and at this time, the power module 101 supplies power to the encryption and decryption module 300.
The embodiment of the invention also provides a server for limiting the external access of the physical interface, wherein the server comprises the physical interface and a limiting device connected with the physical interface, and the limiting device comprises a device for limiting the external access of the physical interface in the embodiment of the device.
Although the present invention has been described in detail by referring to the drawings in connection with the preferred embodiments, the present invention is not limited thereto. Various equivalent modifications or substitutions can be made on the embodiments of the present invention by those skilled in the art without departing from the spirit and scope of the present invention, and these modifications or substitutions are within the scope of the present invention/any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A device for limiting external access of a physical interface is characterized by comprising a control module, wherein the control module is connected with an interface chip through an interface driving module, and the interface chip is used for being connected to the physical interface;
the control module is also connected with an information identification module and an encryption and decryption module;
the information identification module is used for identifying the model information of the server where the physical interface is located and transmitting the identified information to the control module;
the encryption and decryption module is used for setting encryption and decryption information to the control module;
the control module is used for outputting control information to the interface driving module according to the received model information; outputting control information to an interface driving module according to the received encryption and decryption information;
and the interface driving module is used for continuously outputting or disconnecting the output information to the interface chip according to the received control information.
2. The apparatus for limiting external access of a physical interface of claim 1, wherein the interface driving module comprises a power supply module and a switch channel switching module;
the power supply module is respectively connected with the control module and the switch channel switching module; the power supply is used for supplying power to the control module and the switch channel switching module;
the switch channel switching module is respectively connected with the control module and the interface chip, the control module carries out logic processing according to the received information of the information identification module or the encryption and decryption module and outputs control information to the switch channel switching module, and the power supply access of the power supply module and the interface chip is controlled by controlling the action of the switch channel switching module.
3. The apparatus for restricting external access to a physical interface of claim 2 wherein the power module comprises a power module and a voltage conversion module coupled to the power module;
the switch channel switching module comprises a first switch unit and a first channel switching unit;
the power supply module is respectively connected with the encryption and decryption module and the interface chip through the first channel switching unit;
the voltage conversion module is connected with the first channel switching unit and used for providing a working power supply for the first channel switching unit;
the control module is connected with the first channel switching unit through the first switch unit, and the first switch unit acts according to the control information of the control module to further control the channel switching of the first channel switching unit, so that the power module supplies power to the encryption and decryption module or the interface chip.
4. The apparatus of claim 3, wherein the first switching unit comprises a transistor Q1, a base of a transistor Q1 is connected to the control module through a resistor R1, a base of a transistor Q1 is connected to an emitter of a transistor Q1 through a resistor R2, and a collector of a transistor Q1 is connected to the first channel switching unit; the collector of the transistor Q1 is also connected to the emitter of the transistor Q1 through a zener diode D1, and the emitter of the transistor Q1 is grounded.
5. The device for limiting the external access of the physical interface according to claim 4, wherein the first channel switching unit comprises a first relay, a common contact of the first relay is connected with the power supply module, a normally closed contact of the first relay is connected with the encryption and decryption module, and a normally open contact of the first relay is connected with the interface chip; the first end of the first relay coil is connected with the collector of the triode Q1, the second end of the first relay coil is connected with the voltage conversion module through the diode D2, wherein the anode of the diode D2 is connected with the voltage conversion module.
6. The apparatus for restricting external access of a physical interface according to claim 5, wherein the switch channel switching module further comprises a switching driving unit for accelerating a switching speed of the first relay;
the switching driving unit comprises a triode Q2, an emitter of a triode Q2 is connected with an anode of a diode D2, and a base of a triode Q2 is connected with a collector of a triode Q1 through a resistor R4; the second end of the first relay coil is grounded through an energy storage capacitor C1 and a resistor R3 which are connected in series, and the collector of a triode Q2 is connected to the connection point of the energy storage capacitor C1 and the resistor R3.
7. The apparatus for restricting external access to a physical interface of claim 6 wherein the power module further comprises a battery module; the switch channel switching module also comprises a second switch unit and a second channel switching unit;
the second channel switching unit comprises a second relay, a common contact of the second relay is connected with the encryption and decryption module, a normally closed contact of the second relay is connected with the power supply module, and a normally open contact of the second relay is connected with the battery module; the first end of the second relay coil is connected with the second switch unit, and the voltage conversion module is connected with the second end of the second relay coil through a diode D4.
8. A method for restricting external access to a physical interface, comprising the steps of:
step 1: receiving model information of a server;
step 2: judging whether the current model is a mass production model; if not, executing the step 7, and if so, executing the step 3;
and step 3: the control module outputs control information to cut off a power supply path of the power supply module to the interface chip, so that the physical interface function is closed;
and 4, step 4: when the control module receives the password unlocking information, the power supply access of the interface chip is controlled to be switched on by the power supply module, and meanwhile, the state of the physical interface is monitored;
and 5: judging whether the control module receives the encrypted information; if yes, executing step 3; otherwise, executing step 6;
step 6: monitoring whether the physical interface has operation information at a set time interval; if yes, executing the step 3, otherwise, executing the step 7;
and 7: and controlling the normal use of the physical interface function.
9. The method of claim 8, wherein the step of controlling the normal use of the physical interface function comprises:
the control module outputs high level to the first switch unit to enable the first switch unit to be conducted, the power supply module is connected to the first channel switching unit after the voltage is increased through the voltage conversion module to enable the first channel switching unit to act, a channel with the interface chip is connected, and at the moment, the power supply module continues to supply power to the interface chip;
the step of the control module outputting the control information to cut off the power supply path of the power supply module to the interface chip comprises the following steps:
the control module outputs low level to wait for the first switch unit to enable the first switch unit to be cut off, the first channel unit is not electrified, and the first channel switching unit is disconnected with the interface chip.
10. A server for restricting access outside a physical interface, the server comprising the physical interface and restricting means connected to the physical interface, the restricting means comprising means for restricting access outside the physical interface as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111434506.XA CN114329513B (en) | 2021-11-29 | 2021-11-29 | Device, method and server for limiting external access of physical interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111434506.XA CN114329513B (en) | 2021-11-29 | 2021-11-29 | Device, method and server for limiting external access of physical interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114329513A true CN114329513A (en) | 2022-04-12 |
| CN114329513B CN114329513B (en) | 2023-11-03 |
Family
ID=81047607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111434506.XA Active CN114329513B (en) | 2021-11-29 | 2021-11-29 | Device, method and server for limiting external access of physical interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329513B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN204539302U (en) * | 2015-02-09 | 2015-08-05 | 李鑫建 | The system of the outside JA(junction ambient) of a kind of automatic identification HDMI |
| US20160342800A1 (en) * | 2015-05-19 | 2016-11-24 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Electronic device and hard disk device of electronic device |
| CN109302051A (en) * | 2018-09-27 | 2019-02-01 | 深圳市大迈科技有限公司 | Controller electrifying control circuit and control device |
| CN110096932A (en) * | 2018-01-31 | 2019-08-06 | 北京迈特科智能科技有限公司 | Lane intelligent control box |
| CN209657289U (en) * | 2019-05-09 | 2019-11-19 | 睿魔智能科技(深圳)有限公司 | A kind of universal serial bus multiplexing control circuit |
| CN209785003U (en) * | 2019-06-04 | 2019-12-13 | 山西大学商务学院 | Computer USB interface authority control circuit |
| CN111062063A (en) * | 2019-12-13 | 2020-04-24 | 济南大学 | System and method for controlling access of mobile storage equipment based on power supply strategy |
| CN211698644U (en) * | 2019-10-23 | 2020-10-16 | 万向集团公司 | Range extender controller with function safety and information safety |
| CN211719896U (en) * | 2019-03-26 | 2020-10-20 | 河南柒玖捌智能科技有限公司 | Intelligent USB concentrator based on power chip |
| CN212811669U (en) * | 2020-09-03 | 2021-03-26 | 江苏友奥电器有限公司 | Machine type identification device and system |
-
2021
- 2021-11-29 CN CN202111434506.XA patent/CN114329513B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN204539302U (en) * | 2015-02-09 | 2015-08-05 | 李鑫建 | The system of the outside JA(junction ambient) of a kind of automatic identification HDMI |
| US20160342800A1 (en) * | 2015-05-19 | 2016-11-24 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Electronic device and hard disk device of electronic device |
| CN110096932A (en) * | 2018-01-31 | 2019-08-06 | 北京迈特科智能科技有限公司 | Lane intelligent control box |
| CN109302051A (en) * | 2018-09-27 | 2019-02-01 | 深圳市大迈科技有限公司 | Controller electrifying control circuit and control device |
| CN211719896U (en) * | 2019-03-26 | 2020-10-20 | 河南柒玖捌智能科技有限公司 | Intelligent USB concentrator based on power chip |
| CN209657289U (en) * | 2019-05-09 | 2019-11-19 | 睿魔智能科技(深圳)有限公司 | A kind of universal serial bus multiplexing control circuit |
| CN209785003U (en) * | 2019-06-04 | 2019-12-13 | 山西大学商务学院 | Computer USB interface authority control circuit |
| CN211698644U (en) * | 2019-10-23 | 2020-10-16 | 万向集团公司 | Range extender controller with function safety and information safety |
| CN111062063A (en) * | 2019-12-13 | 2020-04-24 | 济南大学 | System and method for controlling access of mobile storage equipment based on power supply strategy |
| CN212811669U (en) * | 2020-09-03 | 2021-03-26 | 江苏友奥电器有限公司 | Machine type identification device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114329513B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104727658B (en) | Smart lock, Intelligent key and its control method and device | |
| CN101106264A (en) | Waterproof automatic protection device of electronic device | |
| CN103927809A (en) | Intelligent electronic lock management system and method | |
| CN107795199A (en) | The control method and control device of a kind of electronic lock | |
| CN104240355A (en) | Intelligent safety access control system | |
| CN102855428A (en) | Security control method of computer and computer | |
| CN108337473A (en) | A kind of low power-consumption intelligent lock monitoring system | |
| CN114329513B (en) | Device, method and server for limiting external access of physical interface | |
| CN104821028A (en) | Information-sharable internet home guard information service system | |
| CN201146575Y (en) | Electron monitoring front end equipment managing machine | |
| CN101144349A (en) | Household intelligent door lock system | |
| CN113034734B (en) | Authorization method of electronic key, storage medium and computer device | |
| CN2908708Y (en) | Key lock separated electronic trick lock | |
| CN201354059Y (en) | Anti-theft device for automobiles | |
| CN207976936U (en) | A kind of novel access control system | |
| CN207473710U (en) | A kind of remote monitoring intelligent Fingerprint Lock System | |
| CN110782573A (en) | Access control method, device and equipment | |
| CN115437346A (en) | Diagnosis method and device of vehicle-mounted system and electronic equipment | |
| CN105938647A (en) | Photovoltaic mobile end LIFI antitheft alarm apparatus | |
| CN105225446A (en) | Power switch cabinet intelligent anti-theft protection system | |
| CN109688355A (en) | A kind of display screen discharge control device of OLED TV | |
| CN104648320A (en) | RFID (radio frequency identification devices)-based vehicle alarm system and control method thereof | |
| EP3901639B1 (en) | Power supply peak current detecting circuit and method | |
| Mu et al. | Investigation and application of smart door locks based on Bluetooth control technology | |
| CN103198541A (en) | Motorcycle face recognition system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |