CN207427190U - The discrete safety management interchanger of power supply - Google Patents
The discrete safety management interchanger of power supply Download PDFInfo
- Publication number
- CN207427190U CN207427190U CN201720580878.6U CN201720580878U CN207427190U CN 207427190 U CN207427190 U CN 207427190U CN 201720580878 U CN201720580878 U CN 201720580878U CN 207427190 U CN207427190 U CN 207427190U
- Authority
- CN
- China
- Prior art keywords
- data
- unit
- crosspoint
- interface
- administrative unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The utility model is related to the safety management interchanger that a kind of power supply is discrete, the interchanger includes:Exchange administrative unit, safe unit and second source unit;Exchanging administrative unit includes:Interface unit obtains initial data from external node;Crosspoint converts raw data into the first switched data transmission to storage unit, and generates activation signal;Storage unit receives first and exchanges data;Administrative unit determines whether the first exchange data are secure data according to activation signal;Safe unit includes processing module and the first power supply;Processing module, which receives and exchanges data to first, carries out safety inspection calculating, and calculation result data is returned to administrative unit;First power supply is powered for processing module;Administrative unit exchanges data generation second according to calculation result data and first and exchanges data, and data forwarding is exchanged to designated port by second by crosspoint and interface unit;Second source is interface unit, crosspoint, storage unit and administrative unit are powered.
Description
Technical field
The utility model is related to the safety management interchangers that switch technology field more particularly to a kind of power supply are discrete.
Background technology
The believable information network of building security is the important process of " 13 " in the works.The safety of existing network
Controllable designing scheme, mainly (application vendor-business is put down at the service nodes such as storage, server, business chain, mobile equipment
Between platform, between business platform-user) it with high safety believable deploys to ensure effective monitoring and control of illegal activities.
Credible deploy to ensure effective monitoring and control of illegal activities of service node is integrality and secret in order to meet business datum, on condition that each service node
The data for receiving or sending are not stolen or are destroyed in itself.This requires in network transmission switching layer to similar leakage of data thing
Part is accomplished to take precautions against and can be prevented.And Solutiion of Building of Network current at present exchanges the safety management of level not to network transmission
Have and cause enough attention.
From " Snowdon prism door " and " painstaking effort loophole " etc. both at home and abroad considerable safety event, we just it can be seen that, be based on
Leaking data is caused to become other party collection research already for the back door firmware of network transmission switching equipment or distort destruction we is confidential
Information influences one of important channel that our regular traffic performs.
Utility model content
The defects of the purpose of this utility model is for the prior art provides a kind of discrete safety management of power supply and exchanges
Machine by the way of the autonomous controllable device of safe unit is installed additional, carries out physical isolation to interchanger, is attacked with preventing malicious code
Hit whole network so that the equipment level security hardening that bottom data transmission exchanges, so as to ensure that the whole network business stablizes safety.This
The safety management interchanger that the power supply of utility model embodiment offer is discrete provides technical support for the whole network business, weakens
Equipment vendors are swum in the dynamics of participation of network management level, reduce management difficulty and risk.
To achieve the above object, the utility model provides a kind of discrete safety management interchanger of power supply, including exchanging
Manage power supply, safe unit and second source;
Administrative unit is exchanged, is led to for providing electric signal between the external node and designated port for exchange administrative unit
Road;Exchanging administrative unit includes interface unit, crosspoint, storage unit and administrative unit;
Interface unit connects external node and designated port;
The request signal that interface unit is sent according to designated port obtains the port address of designated port, and from external node
Obtain initial data;
Crosspoint is connected with interface unit, converts raw data into the first switched data transmission to storage unit,
And it generates activation signal and is sent to administrative unit;
Storage unit is connected with crosspoint, receives and stores the first exchange data;
Administrative unit is mutually connected respectively with storage unit and crosspoint, and according to activation signal, inquiry first exchanges data,
Determine whether the first exchange data are secure data;When it is secure data to determine the first exchange data, generation checks signal, and
First, which is sent, to safe unit exchanges data;
Safe unit is connected with administrative unit, and safe unit includes the first power supply and processing module;
Processing module receives first and exchanges data, and exchanges first data progress safety inspection calculating according to signal is checked
Calculation result data is obtained, and calculation result data is returned to administrative unit;
First power supply is electrically connected with processing module, is powered for processing module;
Administrative unit exchanges data generation second according to calculation result data and first and exchanges data, and generates call signal
It is sent to crosspoint;
Crosspoint obtains second according to call signal and exchanges data, is sent to interface unit, is obtained according to interface unit
Designated port address exchange data forwarding to designated port by second;
Second source is electrically connected with interface unit, crosspoint, storage unit and administrative unit, is interface unit, is exchanged
Unit, storage unit and administrative unit power supply.
Preferably, interface unit includes interface end and converter;
Interface end connects external node and designated port, and interface end obtains initial data from external node, and to designated ends
Mouth sends second and exchanges data;
The external signal of external node is converted to initial data by converter.
Preferably, safe unit includes:Processor, input/output interface and memory;
Input/output interface is connected with administrative unit, checks signal and first and exchanges data, and exports result of calculation
Data;
Memory is connected with input/output interface, and storage first exchanges data;
Processor is connected with memory, exchanges data according to first, calculation result data is calculated.
It is further preferred that processor exchanges data according to first, calculation result data, which is calculated, is specially:Processor
Data are exchanged to first according to the default safety regulation of application layer and carry out safety inspection calculating, generate calculation result data.
Preferably, administrative unit is specially according to calculation result data and first exchange data generation the second exchange data:
Administrative unit exchanges data generation second according to calculation result data and first and exchanges data, and by calculation result data and second
Data sending is exchanged to storage unit.
Preferably, administrative unit generation call signal is sent to crosspoint, and crosspoint obtains the according to call signal
Two, which exchange data, is specially:Administrative unit generates call signal, and exchanges data sending to storage unit by second;Crosspoint
Second is obtained from storage unit exchange data according to call signal.
Preferably, the discrete safety management interchanger of power supply further includes signal lamp;
Signal lamp includes signal lamp interface;
Signal lamp interface is connected with interface unit, is flickered according to request signal drive signal lamp.
Safe unit in the discrete safety management interchanger of power supply that the utility model embodiment provides can be independently of
The processing of administrative unit complete independently, therefore malice firmware can not obtain, crack algorithm logic in safe unit.In addition, this reality
It is realized, can not had to conventional switch using independent board with the discrete safety management interchanger of the power supply of new embodiment offer
Type is transformed, convenient to be upgraded on the basis of existing switch, is conducive to the discrete safety management interchanger of power supply
Manufacture or upgrade cost control.Also, the discrete safety management interchanger of power supply that the utility model embodiment provides
Safe unit uses independently-powered pattern, makes its clamping down on from exchanger host power supply, can continually and steadily work.
Description of the drawings
Fig. 1 is the schematic diagram of the discrete safety management interchanger of the power supply that provides of the utility model embodiment.
Specific embodiment
Below by drawings and examples, the technical solution of the utility model is described in further detail.
Fig. 1 is the schematic diagram of the discrete safety management interchanger of the power supply that provides of the utility model embodiment, such as Fig. 1 institutes
Show, the discrete safety management interchanger of the power supply that the utility model embodiment provides includes:Exchange administrative unit 1, safe unit 2
With second source 3.
It exchanges administrative unit 1 with safe unit 2 to be connected, exchanges the external node data of the access of administrative unit 1 through safety list
After member 2 carries out safety inspection calculating processing, designated port output is returned.
Wherein, exchanging administrative unit 1 includes:Interface unit 11, crosspoint 12, storage unit 13 and administrative unit 14.
Interface unit 11 is connected with being connected external node and designated port.External node is the data input pin of a service node,
Designated port is the data receiver of another node, and external node is exchanged with designated port by the discrete safety management of power supply
The pathway for electrical signals that machine provides realizes data exchange.The request signal that interface unit 11 is sent according to designated port obtains designated ends
The port address of mouth, and obtain initial data from external node.
Specifically, interface unit 11 includes interface end 111 and converter 112.Interface end 111 connects external node and specifies
Port to receive the request signal that designated port is sent, obtains the port address of designated port and the external letter of external node
Number, and external signal is sent to converter 112.The external signal of the external node received is converted to energy by converter 112
Enough initial data read by crosspoint 12, then initial data is returned into interface end 111.Power supply point can be unified by so doing
Data mode in vertical safety management interchanger, to carry out data exchange between unit.
The connection work of communication link is observed for ease of user, is also wrapped in exchange administrative unit 1 provided by the utility model
Include signal lamp 15.Signal lamp 15 includes signal lamp 151.It is connected by signal lamp interface 151 in interface unit 11, signal lamp 15
The blinking action of regular " bright-dark " is done, to show port working.Specifically, signal lamp interface 151 is obtained by interface end 111
Request signal, drive signal lamp 15 flicker.
Second source 3 is distinguished with interface unit 11, crosspoint 12, storage unit 13, administrative unit 14 and signal lamp 15
Electrical connection is powered for interface unit 11, crosspoint 12, storage unit 13, administrative unit 14 and signal lamp 15.
Crosspoint 12 is respectively connected with interface unit 11 and storage unit 13, wherein, 12 receiving interface of crosspoint
The initial data that unit 11 is sent extracts primary data information (pdi), and initial data is converted into the first exchange data forwarding to storage
Unit 13, after storage unit 13 receives and stores the first exchange data, crosspoint 12 generates activation signal and is sent to management list
Member 14, works to activate administrative unit 14.Here first exchange data can be positioning, it is quantitative, qualitatively or
The description type data or the data such as code type data of carrying identity information of timing.
Administrative unit 14 is respectively connected with storage unit 13 and crosspoint 12, and administrative unit 14 receives activation signal
Afterwards, inquiry first exchanges the data message of data, determines whether the first exchange data are secure data.Here secure data
It can be understood as needing the non-generic data for doing security inspection and processing.
If the first exchange data are not secure datas, administrative unit 14 generates the first call signal.Crosspoint 12
The first exchange data sending is transferred to interface unit 11 from storage unit 14 according to the first call signal.Interface unit 11 receives first
Data are exchanged, and data sending is exchanged to designated port by first according to the port address of designated port, complete data exchange mistake
Journey.
If the first exchange data are secure data, that is, need to do safety inspection calculating and processing to the first exchange data
When, the generation of administrative unit 14 checks signal, and receiving first according to inspection signal exchanges data, and sends first to safe unit 2
Exchange data.Safe unit 2 receives first according to inspection signal and exchanges data, and exchanges data to first and carry out safety inspection meter
It calculates, after the completion of calculating, calculation result data is returned to administrative unit 14.
When it is secure data that first, which exchanges data, the running of safe unit 2 specifically can be as follows.
In the present embodiment provides specific implementation, safe unit 2 includes 21 and first power supply 22 of processing module, wherein
Processing module 21 includes input/output interface 211, memory 212 and processor 213.First power supply 22 and input/output interface
211st, memory 212 and processor 213 are respectively connected with, and are powered for input/output interface 211, memory 212 and processor 213.
Input/output interface 211 is connected with administrative unit 14, and data are exchanged to check signal and first, and by the
One exchanges data sending to memory 212.Memory 212 is connected with input/output interface 211, to store the first exchange number
According to.Processor 213 is connected with memory 212, read memory 212 in first exchange data, and to first exchange data into
Row safety inspection calculates.After safety inspection calculates, calculation result data is sent to memory 212 and carried out by processor 213
Data store, meanwhile, calculation result data is sent to administrative unit 14 by input/output interface 211.
Safe unit 2 is computing module of the independent loads in the discrete safety management interchanger of power supply, it has independent
Memory 212 and independent processor 213, this framework so that the safety management discrete with power supply does not exchange safe unit 2
Other chip memories and/or storage in machine are shared, can exchange data and calculation result data with separate storage first.Meanwhile
Safe unit 2 has the first power supply 22 independently-powered for its, makes its clamping down on from second source 2, can continually and steadily work.
From hardware logic, physical isolation is provided to the attack of safe unit 2 to prevent malicious code.
In a specific example, the behaviour for the discrete safety management interchanger of power supply that the utility model embodiment provides
Make in system (hereinafter referred to as host computer operating system), there is the Software Development Kit (Software for processing module 21
Development Kit, SDK), the drive software for processing module 21 and the production for processing module 21 distribution and application
The management software of control.
SDK is interface software of the host computer operating system to processing module 21, mainly realize host computer operating system with
The communication of processing module 21 is established, using functions such as authentication, instruction interaction, communication end.SDK is by all of above function to apply
The mode of Program Interfaces (Application Programming Interface, API) provides, and is grasped according to host computer
Make system type and support WINDOWS systems, LINUX system and android system respectively.Its nucleus module includes SDK dos command line DOSs
Pattern, SDK channel managements, SDK using management, 21 operating system instruction set of processing module, 21 communication instruction collection of processing module and
Host computer operating system version management etc..
Drive software connects host computer operating system and processing module 21 so that safe unit 2 can be upper
Machine operating system.
Management software be for connecting, the host computer desktop application software of operation processing module 21.It is main that processing mould is provided
The functions such as installation, the upgrading of block 21.Management software mainly includes:Bottom communication module, user-interface design, safety management mould
Block, software cycle management module, script parsing (script syntax check, instruction parsing, batch processing), proof of algorithm module, number
According to modules such as encryption/decryption module, authentication management modules.
For processing module 21 itself, using independent operating system (hereinafter referred to as sub-operating system) and independent application
Function module.
The calculating of the storage and processing device 213 of memory 212 in sub-operating system management processing module 21, and input is provided
Output interface 211 receives the first exchange data and executes instruction collection to the return calculation result data of administrative unit 14.Processor
213 according to the default safety regulation of sub-operating system application layer, exchanges first data and carries out safety inspection calculating, described in generation
Calculation result data.That is, sub-operating system is provided using the independent memory 212 of processing module 21 and processor 213
Operation independent and the safety operation ability of storage.
The applied function module of sub-operating system includes:Input/output interface 211 drives, processor 213 drives, memory
212 read drivings, sub-operating system management module, using (patch) loading module, algorithm race module, data encrypting and deciphering module,
The key submodules such as authentication management module, Application Lifecycle Management module, the driving of the first power supply 22.
Applied function module realizes the application program of safety inspection calculating and data transmission, processor 213 for processor 213
It is only docked by memory 212 and input/output interface 211 with administrative unit 14 so that applied function module energy complete independently pair
The configuration of processing module 21 and management work.Also, applied function module is encryption to the transmission mode of the first exchange data
Pattern is illegally intercepted to prevent host computer operating system firmware.
From software logic, the discrete safety management exchange board structure of above-mentioned power supply causes 2 internal operation pipe of safe unit
Clamping down on from upper operating system is managed, dynamics of participation of the upper equipment vendors in network management level is weakened, reduces pipe
Manage difficulty and risk.
After processing module 21, which completes safety inspection, to be calculated, administrative unit 14 exchanges number according to calculation result data and first
Data are exchanged according to generation second, and calculation result data and second are exchanged into data sending to storage unit 13.
Compared with first exchanges data, the second exchange data eliminate after safety inspection calculates can in the first exchange data
Can be existing except malicious code, and transmission communication encryption and authentication have been carried out to the first exchange data, it is therefore prevented that second
Data are exchanged to be tampered or steal in transmission process.
After storage unit 13 makes a backup store calculation result data and the second exchange data, the generation of administrative unit 14 is adjusted
Use signal.Crosspoint 12 obtains second from storage unit 14 according to call signal and exchanges data, and exchanges data hair by second
It send to interface unit 11.Interface unit 11 receives second and exchanges data, and is exchanged according to the port address of designated port by second
Data sending completes the data exchange process to external node and designated port to designated port.
The discrete safety management interchanger of power supply that the utility model embodiment provides, using installing the autonomous of safe unit additional
The mode of controllable device carries out physical isolation to interchanger, to prevent malicious code attack whole network so that bottom data passes
The equipment level security hardening of defeated exchange, so as to ensure that the whole network business stablizes safety.Also, what the utility model embodiment provided
Safe unit in the discrete safety management interchanger of power supply is realized using independent board, is not handed over the discrete safety management of power supply
Exchange administrative unit in changing planes shares board.It can not have to be transformed conventional switch type using this framework, it is convenient
System upgrade is carried out on the basis of existing switch, be conducive to the discrete safety management interchanger of power supply manufacture or upgrading into
This control.Meanwhile the safe unit of the discrete safety management interchanger of power supply that the utility model embodiment provides is using only
Vertical powering mode, other units shared power supplys not with power supply in discrete safety management interchanger.This function mode makes peace
Full unit clamping down on from the discrete safety management exchanger host power supply of power supply, so that safe unit can be continual and steady
Work.
Above-described specific embodiment, the purpose of this utility model, technical solution and advantageous effect have been carried out into
One step is described in detail, it should be understood that the foregoing is merely specific embodiment of the present utility model, is not used to limit
Determine the scope of protection of the utility model, within the spirit and principle of the utility model, any modification for being made equally is replaced
It changes, improve, should be included within the scope of protection of this utility model.
Claims (7)
1. the discrete safety management interchanger of a kind of power supply, which is characterized in that the interchanger includes exchanging administrative unit, safety
Unit and second source;
The exchange administrative unit includes interface unit, crosspoint, storage unit and administrative unit;
The interface unit connection external node and designated port;
The port address for the request signal acquisition designated port that the interface unit is sent according to the designated port, and from
The external node obtains initial data;
The crosspoint is connected with the interface unit, and the initial data is converted to the first switched data transmission to depositing
Storage unit, and generate activation signal and be sent to the administrative unit;
The storage unit is connected with the crosspoint, receives and stores described first and exchanges data;
The administrative unit is mutually connected respectively with the storage unit and the crosspoint, according to the activation signal, inquiry
Described first exchanges data, determines that described first exchanges whether data are secure data;When the definite first exchange data are
During the secure data, generation checks signal, and sends described first to safe unit and exchange data;
The safe unit is connected with the administrative unit, and the safe unit includes the first power supply and processing module;
The processing module receives described first and exchanges data, and exchanges data to described first according to the inspection signal and carry out
Calculation result data is calculated in safety inspection, and returns to the calculation result data to the administrative unit;
The processing module includes independent operating system and independent applied function module;
First power supply is electrically connected with the processing module, is powered for the processing module;
The administrative unit exchanges data generation second according to the calculation result data and described first and exchanges data, and generates
Call signal is sent to the crosspoint;
The crosspoint obtains described second according to the call signal and exchanges data, is sent to the interface unit, passes through
The designated port address that the interface unit obtains exchanges data forwarding to designated port by described second;
Second source is electrically connected with the interface unit, crosspoint, storage unit and administrative unit, is the interface
Unit, crosspoint, storage unit and administrative unit power supply.
2. interchanger according to claim 1, which is characterized in that the interface unit includes interface end and converter;
The interface end connects the external node and the designated port, and the interface end obtains original from the external node
Data, and send second to the designated port and exchange data;
The external signal of the external node is converted to initial data by the converter.
3. interchanger according to claim 1, which is characterized in that the safe unit includes:Processor, input and output connect
Mouth and memory;
The input/output interface is connected with the administrative unit, receives the inspection signal and described first and exchanges data, and
Export the calculation result data;
The memory is connected with the input/output interface, and storage described first exchanges data;
The processor is connected with the memory, exchanges data according to described first, the calculation result data is calculated.
4. interchanger according to claim 3, which is characterized in that the processor exchanges data, meter according to described first
Calculation obtains the calculation result data:The processor is exchanged according to the default safety regulation of application layer described first
Data carry out safety inspection calculating, generate the calculation result data.
5. interchanger according to claim 1, which is characterized in that the administrative unit according to the calculation result data and
The first exchange data generation second exchanges data and is specially:The administrative unit is according to the calculation result data and described
First, which exchanges data generation second, exchanges data, and the calculation result data and described second are exchanged data sending to described
Storage unit.
6. interchanger according to claim 1, which is characterized in that the administrative unit generation call signal is sent to described
Crosspoint, the crosspoint obtain the second exchange data according to the call signal and are specially:The administrative unit
Call signal is generated, and data sending is exchanged to the storage unit by described second;The crosspoint is according to the calling
Signal obtains described second from the storage unit and exchanges data.
7. interchanger according to claim 1, which is characterized in that the discrete safety management interchanger of the power supply further includes
Signal lamp;
The signal lamp includes signal lamp interface;
The signal lamp interface is connected with the interface unit, according to the request signal signal lamp is driven to flicker.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201720580878.6U CN207427190U (en) | 2017-05-23 | 2017-05-23 | The discrete safety management interchanger of power supply |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201720580878.6U CN207427190U (en) | 2017-05-23 | 2017-05-23 | The discrete safety management interchanger of power supply |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN207427190U true CN207427190U (en) | 2018-05-29 |
Family
ID=62397849
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201720580878.6U Expired - Fee Related CN207427190U (en) | 2017-05-23 | 2017-05-23 | The discrete safety management interchanger of power supply |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN207427190U (en) |
-
2017
- 2017-05-23 CN CN201720580878.6U patent/CN207427190U/en not_active Expired - Fee Related
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101593389B (en) | Key management method and key management system for POS terminal | |
| CN102708324B (en) | A kind of screen unlocking system and method | |
| CN104335548B (en) | A kind of secure data processing unit and method | |
| CN108345806A (en) | A kind of hardware encryption card and encryption method | |
| CN107197041A (en) | A kind of safe cloud computing system | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| CN114448727B (en) | Information processing method and system based on industrial internet identification analysis system | |
| CN100550030C (en) | On portable terminal host, add the method for credible platform | |
| CN103430479A (en) | Systems, methods, and apparatus to authenticate communications modules | |
| CN110300108A (en) | A kind of power distribution automation message encryption transmission method, system, terminal and storage medium | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN103020542B (en) | Store the technology of the secret information being used for global data center | |
| CN104298936B (en) | A kind of FPGA encryptions and parameter configuring system based on CPLD chips | |
| CN110401528B (en) | Key management method for field bus channel encryption equipment | |
| CN113360887A (en) | Authentication encryption method and module for relay protection equipment | |
| CN207427190U (en) | The discrete safety management interchanger of power supply | |
| CN102842000A (en) | Method for realizing common software registration system | |
| CN207083111U (en) | Discrete safety management interchanger | |
| Gao et al. | Research on zero-trust based network security protection for power internet of things | |
| CN207083107U (en) | Integrated security manages interchanger | |
| CN207354328U (en) | The discrete integrated security management interchanger of power supply | |
| CN107426116A (en) | Integrated security manages interchanger | |
| CN110231950A (en) | A kind of upgrade method of BIOS, system and relevant apparatus | |
| CN114859810A (en) | System and method for safely downloading configuration engineering | |
| CN104299299A (en) | Unlocking and locking method for infrared/NFC based security intelligent lock system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180529 Termination date: 20190523 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |