CN114826576A - Terminal equipment safety control system and method - Google Patents
Terminal equipment safety control system and method Download PDFInfo
- Publication number
- CN114826576A CN114826576A CN202210416013.1A CN202210416013A CN114826576A CN 114826576 A CN114826576 A CN 114826576A CN 202210416013 A CN202210416013 A CN 202210416013A CN 114826576 A CN114826576 A CN 114826576A
- Authority
- CN
- China
- Prior art keywords
- control
- chip
- execution mechanism
- safety
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000007246 mechanism Effects 0.000 claims abstract description 47
- 230000002093 peripheral effect Effects 0.000 claims abstract description 16
- 230000000875 corresponding effect Effects 0.000 claims abstract description 9
- 230000001276 controlling effect Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Selective Calling Equipment (AREA)
Abstract
The invention discloses a terminal equipment safety control system and a method, wherein the system comprises a background management end, a main control singlechip, a safety chip and a peripheral execution mechanism; the background management end is used for sending the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the master control singlechip in a ciphertext mode; the safety chip is used for decrypting and verifying the received ciphertext and outputting a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding actions. The security chip is used as a core and is provided with various communication interfaces and general IO (general purpose input/output) ports (GPIO ports) and used for realizing the safe control of the peripheral execution mechanism of the terminal equipment of the Internet of things and ensuring the safety of the terminal equipment of the Internet of things in the control of the peripheral execution mechanism.
Description
Technical Field
The invention relates to the technical field of equipment safety, in particular to a terminal equipment safety control system and a terminal equipment safety control method.
Background
The existing terminal equipment of the internet of things generally realizes the control of a peripheral execution mechanism by a main control singlechip, and a safety chip in the equipment is only used for realizing the functions of identity authentication, data encryption and decryption operation, safety storage and the like. Under the environment of the internet of things, especially, the terminal device of the internet of things of key infrastructure (such as power grid, traffic and energy) often becomes an attack target of hackers, the main control single chip microcomputer in the terminal device is a key attack object, and the hackers often break the control mechanism of the main control single chip microcomputer on the peripheral execution mechanism through methods such as decompilation and the like, so that the normal operation of the terminal device of the internet of things is damaged, and further, even the malicious control on the terminal device can be carried out.
Disclosure of Invention
Therefore, the invention provides a terminal device safety control system and a terminal device safety control method, so as to realize the safety control of the terminal device of the Internet of things on a peripheral execution mechanism of the terminal device of the Internet of things.
In order to achieve the above purpose, the invention provides the following technical scheme:
according to a first aspect of the embodiments of the present invention, a terminal device security control system is provided, where the system includes a background management terminal, a main control single chip, a security chip, and a peripheral execution mechanism; the background management end is in communication connection with the main control single chip microcomputer, the main control single chip microcomputer is in communication connection with a safety chip, and the safety chip is in communication connection with the peripheral actuating mechanism;
the background management end is used for sending configuration parameters and control commands of the terminal execution mechanism to the security chip through the main control single chip microcomputer in a ciphertext mode;
the safety chip is used for decrypting and verifying the received ciphertext and outputting a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding actions.
Further, the encryption and decryption algorithm of the ciphertext supports the national ciphers SM2, SM3, SM4 and SSF33 algorithms.
Further, the encryption and decryption algorithm of the ciphertext supports international AES, TDES, RSA, ECC and SHA algorithms.
Further, the security chip comprises a high-performance processor and a plurality of interfaces connected with the high-performance processor through an internal bus, and the interfaces are used for connecting a master control single chip microcomputer or an execution mechanism.
Further, the interface comprises ISO7816, SPI, UART, IIC, USB, PWM, ADC and GPIO interface.
Further, the security chip is also used for detecting various attacks.
Further, the secure chip is also used for performing on-chip key management, including key generation, key storage, key update, and the like.
According to a second aspect of the embodiments of the present invention, a method for safely controlling a terminal device is provided, where the method includes:
the background management end sends the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the main control single chip microcomputer in a ciphertext mode;
and the safety chip decrypts and verifies the received ciphertext and outputs a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding action.
The invention has the following advantages:
the invention provides a terminal equipment safety control system and a method, wherein the system comprises a background management end, a main control single chip microcomputer, a safety chip and a peripheral execution mechanism; the background management end is used for sending the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the master control singlechip in a ciphertext mode; the safety chip is used for decrypting and verifying the received ciphertext and outputting a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding actions. The security chip is used as a core and is provided with various communication interfaces and general IO (general purpose input/output) interfaces, and the security chip is used for realizing the security control of the peripheral execution mechanism of the terminal equipment of the Internet of things and ensuring the security of the terminal equipment of the Internet of things in the control of the peripheral execution mechanism. The security chip is adopted to control the executing mechanism of the terminal equipment, and due to the inherent anti-attack performance of the security chip, the attack of a hacker can be effectively prevented, the safe operation of the terminal equipment in the Internet of things is ensured, and the loss caused by the attack of the terminal equipment is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic structural diagram of a security chip in a terminal device security control system according to embodiment 1 of the present invention;
fig. 2 is a schematic view of a first control instance in the terminal device security control system according to embodiment 1 of the present invention;
fig. 3 is a schematic view of a second control instance in the terminal device security control system according to embodiment 1 of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides a terminal device safety control system, which comprises a background management end, a main control single chip, a safety chip and a peripheral execution mechanism; the background management end is in communication connection with the main control single chip microcomputer, the main control single chip microcomputer is in communication connection with the safety chip, and the safety chip is in communication connection with the peripheral executing mechanism.
The background management end is used for sending the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the master control singlechip in a ciphertext mode;
the safety chip is used for decrypting and verifying the received ciphertext and outputting a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding actions.
In the embodiment, the security chip has the characteristics of cracking prevention and attack prevention, and the professional security operating system carried by the security chip controls the peripheral execution mechanism of the internet of things terminal device by using the GPIO port of the security chip, so that the control security of the execution mechanism is ensured. The structure of the secure chip is shown in fig. 1, the secure chip includes a high-performance processor and a plurality of interfaces connected to the high-performance processor through an internal bus, and the high-performance processor employs an ARM SC300 core. The interface is used for connecting a master control singlechip or an actuating mechanism.
The security chip is a system-level password security chip with the characteristics of multifunction, high performance, high security, low power consumption and the like, a professional security operating system is loaded, and the main functions realized by the chip comprise:
and various interfaces such as ISO7816, SPI, UART, IIC, USB, PWM, ADC, GPIO interfaces and the like are supported. Supporting the SM2, SM3, SM4 and SSF33 algorithms. Meanwhile, the method supports international AES, TDES, RSA, ECC and SHA algorithms. And various attacks are supported for detection. On-chip key management is supported, including key generation, key storage, key update, and the like.
In the first control example, a street lamp controller (as shown in fig. 2) is taken as an example to illustrate a specific implementation process: the main control single chip microcomputer and the safety chip are communicated through an IIC interface, and the safety chip controls the switch of the relay through the GPIO interface. The street lamp controller sends a street lamp starting command to the security chip according to the street lamp starting and closing time rule set by the system centralized management background when the real-time clock is 18 points, and the security chip receives the command, analyzes the command and verifies the command correctly, sets the GPIO port to output a street lamp starting control signal and starts the street lamp; when the real-time clock is 5 o' clock, the main control single chip sends the street lamp closing command to the safety chip, after the safety chip receives the command, the command is analyzed and verified to be correct, the GPIO port is set to output the street lamp closing control signal, and the street lamp is closed.
In the second control example, a motor controller (as shown in fig. 3) is taken as an example to illustrate a specific implementation process: the communication chip is in networking communication with the system centralized management background to realize communication between the background and the main control singlechip; the master control singlechip is communicated with the safety chip through a UART interface; the safety chip regulates and controls the rotating speed of the motor through the PWM interface. The system centralized management background issues a rotating speed control ciphertext instruction to the motor controller through the Internet of things according to the working condition, the motor controller receives the instruction and forwards the instruction to the safety chip, the safety chip decrypts the control instruction, and after the instruction is judged to be complete and correct, the system centralized management background sets an output PWM control signal and controls the rotating speed of the motor.
In the embodiment, the GPIO port of the security chip is used for controlling the actuating mechanism of the terminal device, and due to the inherent anti-attack performance of the security chip, the attack of a hacker can be effectively prevented, the safe operation of the terminal device in the Internet of things is ensured, and the loss caused by the attack of the terminal device is avoided.
Example 2
Corresponding to the foregoing embodiment 1, this embodiment provides a method for safely controlling a terminal device, where the method includes:
the background management end sends the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the main control single chip microcomputer in a ciphertext mode;
the safety chip decrypts and verifies the received ciphertext and outputs a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding action.
The functions executed in each step in the method for safely controlling terminal equipment provided by the embodiment of the present invention have been described in detail in embodiment 1, and therefore, redundant description is not repeated here.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (8)
1. A terminal equipment safety control system is characterized by comprising a background management end, a main control single chip microcomputer, a safety chip and a peripheral execution mechanism; the background management end is in communication connection with the main control single chip microcomputer, the main control single chip microcomputer is in communication connection with a safety chip, and the safety chip is in communication connection with the peripheral actuating mechanism;
the background management end is used for sending the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the master control singlechip in a ciphertext mode;
the safety chip is used for decrypting and verifying the received ciphertext and outputting a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding actions.
2. The terminal device security control system according to claim 1, wherein the encryption and decryption algorithm of the ciphertext supports the SM2, SM3, SM4 and SSF33 algorithms.
3. The system of claim 1, wherein the encryption and decryption algorithm of the ciphertext supports the international AES, TDES, RSA, ECC, SHA algorithms.
4. The system according to claim 1, wherein the security chip comprises a high-performance processor and a plurality of interfaces connected to the high-performance processor through an internal bus, and the interfaces are used for connecting a master control single chip or an execution mechanism.
5. The system as claimed in claim 4, wherein the interface includes ISO7816, SPI, UART, IIC, USB, PWM, ADC and GPIO interface.
6. The system according to claim 1, wherein the security chip is further configured to detect multiple attacks.
7. The system according to claim 1, wherein the secure chip is further configured to perform on-chip key management, including key generation, key storage, and key update.
8. A terminal device safety control method is characterized by comprising the following steps:
the background management end sends the configuration parameters and the control commands of the terminal execution mechanism to the security chip through the main control single chip microcomputer in a ciphertext mode;
and the safety chip decrypts and verifies the received ciphertext and outputs a control signal to the execution mechanism according to a decryption result so as to control the execution mechanism to execute corresponding action.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210416013.1A CN114826576A (en) | 2022-04-20 | 2022-04-20 | Terminal equipment safety control system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210416013.1A CN114826576A (en) | 2022-04-20 | 2022-04-20 | Terminal equipment safety control system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114826576A true CN114826576A (en) | 2022-07-29 |
Family
ID=82505738
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210416013.1A Pending CN114826576A (en) | 2022-04-20 | 2022-04-20 | Terminal equipment safety control system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114826576A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103761848A (en) * | 2014-01-03 | 2014-04-30 | 北京润锋思创科技有限公司 | Meter reading and controlling system for intensively acquiring data |
CN205541148U (en) * | 2016-01-22 | 2016-08-31 | 广州御银科技股份有限公司 | Go out paper money system based on close algorithm of state |
CN107181722A (en) * | 2016-03-11 | 2017-09-19 | 比亚迪股份有限公司 | Vehicle safety communications method, device, vehicle multimedia system and vehicle |
-
2022
- 2022-04-20 CN CN202210416013.1A patent/CN114826576A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103761848A (en) * | 2014-01-03 | 2014-04-30 | 北京润锋思创科技有限公司 | Meter reading and controlling system for intensively acquiring data |
CN205541148U (en) * | 2016-01-22 | 2016-08-31 | 广州御银科技股份有限公司 | Go out paper money system based on close algorithm of state |
CN107181722A (en) * | 2016-03-11 | 2017-09-19 | 比亚迪股份有限公司 | Vehicle safety communications method, device, vehicle multimedia system and vehicle |
US20190089681A1 (en) * | 2016-03-11 | 2019-03-21 | Byd Company Limited | Secure communication method and apparatus for vehicle, vehicle multimedia system, and vehicle |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9935933B2 (en) | Systems and methods for secure operation of an industrial controller | |
US8037306B2 (en) | Method for realizing network access authentication | |
US8438631B1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
US8214914B2 (en) | Securing wakeup network events | |
US20180212951A1 (en) | Secure login information | |
KR101575862B1 (en) | Security association system between heterogeneous power devices | |
US20080022124A1 (en) | Methods and apparatus to offload cryptographic processes | |
KR20130013588A (en) | System for protecting information and method thereof | |
CN111711686A (en) | Safety protection method based on power distribution terminal | |
CN109255259B (en) | High-security encryption and decryption computing capability expansion method and system | |
CN102255109A (en) | Authentication method for mobile terminal battery, and mobile terminal thereof | |
WO2012108869A1 (en) | Systems, methods, and apparatus to authenticate communications modules | |
CN112632562B (en) | Device starting method, device management method and embedded device | |
US20200128042A1 (en) | Communication method and apparatus for an industrial control system | |
WO2014105914A1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
CN112270020B (en) | Terminal equipment safety encryption device based on safety chip | |
CN110750794B (en) | BIOS (basic input output System) safe starting method and system | |
CN115486030A (en) | Rogue certificate detection | |
CN103207964B (en) | A kind of multifunction intelligent key equipment and method of work thereof | |
CN113360887A (en) | Authentication encryption method and module for relay protection equipment | |
CN116663075B (en) | Industrial control programming platform safety communication method and system based on cryptographic algorithm | |
CN114826576A (en) | Terminal equipment safety control system and method | |
CN104486082A (en) | Authentication method and router | |
CN109905272B (en) | Industrial firewall firmware safety dynamic cleaning method | |
US11650558B2 (en) | Method and device for checking the integrity of modules of a wind turbine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |