CN220651103U - Embedded device - Google Patents
Embedded device Download PDFInfo
- Publication number
- CN220651103U CN220651103U CN202322408760.3U CN202322408760U CN220651103U CN 220651103 U CN220651103 U CN 220651103U CN 202322408760 U CN202322408760 U CN 202322408760U CN 220651103 U CN220651103 U CN 220651103U
- Authority
- CN
- China
- Prior art keywords
- memory
- embedded device
- processor
- dial switch
- manual dial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model belongs to the technical field of industrial control, and discloses an embedded device which is used for an industrial control system. The embedded device comprises: the device comprises a processor, a manual dial switch, a first memory and a secure cipher chip; the first pin terminal of the manual dial switch is connected with the first output end of the processor, the public end of the manual dial switch is connected with the input end of the first memory, and the second pin terminal of the manual dial switch is connected with the first output end of the security code chip; the first memory stores components. By the technical scheme, when the processor runs the component, the processor can be realized at the local end without acquiring permission in a network connection mode, so that the safety problem caused by adopting the network connection mode is avoided, and the safety of an industrial control system is improved.
Description
Technical Field
The utility model belongs to the technical field of industrial control, and particularly relates to an embedded device.
Background
The industrial control system can normally operate, and an embedded controller in the industrial control system plays a key role. In general, the embedded controller will use a component, and the component often needs to control the licensing rights in the process of issuing and using, otherwise, abuse is easy to cause, and the benefits of the issuer are damaged.
Currently, the software licensing method is generally implemented based on a network. And connecting the embedded controller with a server positioned at a remote side through a network, and after the connection, sending a corresponding permission request to the server by the embedded controller, and sending permission information to the embedded controller by the server, so that the embedded controller can use the components. However, the embedded controller is usually not connected to the external network during use, and if the external network is connected, the method can bring security risks to the embedded controller, thereby affecting the security of the whole industrial control system.
Disclosure of Invention
In order to solve at least the problems existing in the prior art: and the embedded controller obtains the component license information by adopting a mode of connecting an external network, so that the problem of safety risk is caused.
The utility model provides an embedded device for an industrial control system, comprising: the device comprises a processor, a manual dial switch, a first memory and a secure cipher chip; the first pin terminal of the manual dial switch is connected with the first output end of the processor, the public end of the manual dial switch is connected with the input end of the first memory, and the second pin terminal of the manual dial switch is connected with the first output end of the security code chip; the first memory stores components.
In the embedded device as described above, optionally, the first memory is a nonvolatile memory.
In the embedded device as described above, optionally, the secure crypto chip is disposed on a first board; the processor, the manual dial switch and the first memory are arranged on a second board card, and the second board card is connected with the first board card.
In the embedded device as described above, optionally, the processor is connected to the first memory using an SPI bus; the secure crypto chip is connected with the first memory by an SPI bus.
In the embedded device as described above, optionally, a cryptographic algorithm is stored in the secure cryptographic chip.
In the embedded device as described above, optionally, the cryptographic algorithm is an SM2 algorithm or an SM3 algorithm.
In the embedded device as described above, optionally, the embedded device further includes: a second memory; the input end of the second memory is connected with the second output end of the processor.
In the embedded device as described above, optionally, the second memory is a nonvolatile memory.
In the embedded device as described above, optionally, the embedded device further includes: a third memory; and the input end of the third memory is connected with the second output end of the secure password chip.
In the embedded device as described above, optionally, the third memory is a nonvolatile memory.
The technical scheme provided by the embodiment of the utility model has the beneficial effects that:
by providing hardware at the local end of the processor: the manual dial switch, the first memory and the safety password chip enable the processor to obtain permission in a local mode without interaction with the outside when the processor runs the assembly, so that the safety problem caused by adopting a network connection mode is avoided, and the safety of an industrial control system is improved.
Drawings
Fig. 1 is a schematic structural diagram of an embedded device according to an embodiment of the present utility model;
the symbols in the drawings are as follows:
the device comprises a processor 1, a first memory 2, a security code chip 3, a manual dial switch 4, a second memory 5 and a third memory 6.
Detailed Description
The utility model will be described in detail below with reference to the drawings in connection with embodiments.
Referring to fig. 1, an embodiment of the present utility model provides an embedded device, which is applied to an industrial control system. Specifically, the embedded device (or embedded controller) includes: a processor 1, a first memory 2, a security code chip 3 and a manual dial switch 4.
The processor 1 is the CPU of the embedded device, and in operation, the processor 1 runs the components. The processor 1 may be a Loongson processor series, or may be another processor series, which is not limited in this embodiment. In the production process, the component files in the components are preloaded into the first memory 2, so that the components required by the operation of the processor 1 are stored in the first memory 2. The component signature of the component is also loaded into the first memory 2. The component signature is generated by a signature tool, the signature method used by the signature tool is the prior art, and the specific process of the signature method is not limited in this embodiment. The encryption algorithm used by the signature method is preferably a cryptographic algorithm, such as SM2, SM3. The secure crypto chip 3 is used for signing the component signature and also stores therein encryption algorithms, preferably cryptographic algorithms, such as SM2, SM3. In application, a buzzer can be added, and when the verification sign fails, the user is reminded through the buzzing sound of the buzzer. The security code chip may be CCM3310S of the Tianjin country core, or may be another security code chip, which is not limited in this embodiment.
The manual dial switch 4 is used to provide an access switching function: the secure crypto chip 3 is connected to the first memory 2 so that the secure crypto chip 3 can access (read) the first memory 2, or the processor 1 is connected to the first memory 2 so that the processor 1 can access the first memory 2. The public end of the manual dial switch 4 is connected with the input end of the first memory 2, the first pin terminal of the manual dial switch 4 is connected with the first output end of the processor 1, and the second pin terminal of the manual dial switch 4 is connected with the first output end of the security code chip 3. During operation, the safety password chip 3 is connected with the first memory 2 through the manual dial switch 4, and after the safety password chip 3 passes the signature verification, the processor 1 is connected with the first accessor 2 through the manual dial switch 2, so that the loading and operation of the component files can be completed. The time of the switching may be determined as appropriate, and this is not limited by the present embodiment.
By providing hardware at the local side of the processor 1: the first memory 2, the safety password chip 3 and the manual dial switch 4 enable the processor to obtain permission in a local mode without interaction with the outside when running the assembly, namely, the permission can be realized in a network connection mode, so that the safety problem caused by adopting the network connection mode is avoided, and the safety of an industrial control system is improved.
The first memory is preferably a non-volatile memory (NVM), for example: ROM (Read-only memory), PROM (Programmable Read-only memory), EAROM (Electrically alterable Read only memory, electrically rewritable Read-only memory), EPROM (Erasable programmable Read only memory, erasable programmable Read-only memory), EEPROM (Electrically erasable programmable Read only memory, electrically erasable programmable Read-only memory), flash memory, such that the first memory 2 has the ability to power down without losing data.
The processor 1, the first memory 2 and the manual dial switch 4 are typically provided on a motherboard (or second board card) of the embedded device. The security code chip 3 may be integrated on the motherboard, or may constitute an independent board (or first board) connected to the motherboard through terminals, so as to increase the applicability of the embedded device.
The embedded device uses an SPI (Serial Peripheral Interface ) bus, specifically, the connection between the processor 1 and the first memory 2 is through the SPI bus, and the connection between the secure crypto chip 3 and the first memory 2 is through the SPI bus.
The embedded device further comprises: the second memory 5 has an input connected to the second output of the processor 1, so that the memory space of the processor 1 can be expanded. The second memory 5 is preferably a nonvolatile memory, and the specific storage type of the second memory 5 is not limited in this embodiment.
When the secure crypto chip 3 works, a certain storage capacity is required, and in order to expand the storage capacity, the embedded device further comprises: and the input end of the third memory 6 is connected with the second output end of the secure password chip 3. The third memory 6 is preferably a nonvolatile memory, and the specific storage type of the third memory 6 is not limited in this embodiment.
It will be appreciated by those skilled in the art that the present utility model can be carried out in other embodiments without departing from the spirit or essential characteristics thereof. Accordingly, the above disclosed embodiments are illustrative in all respects, and not exclusive. All changes that come within the scope of the utility model or equivalents thereto are intended to be embraced therein.
Claims (8)
1. An embedded device for an industrial control system, the embedded device comprising: the device comprises a processor, a manual dial switch, a first memory and a secure cipher chip;
the first pin terminal of the manual dial switch is connected with the first output end of the processor, the public end of the manual dial switch is connected with the input end of the first memory, and the second pin terminal of the manual dial switch is connected with the first output end of the security code chip;
the first memory stores components.
2. The embedded device of claim 1, wherein the first memory is a non-volatile memory.
3. The embedded device of claim 1, wherein the secure crypto chip is disposed on a first board;
the processor, the manual dial switch and the first memory are arranged on a second board card, and the second board card is connected with the first board card.
4. The embedded device of claim 1, wherein the processor is coupled to the first memory using an SPI bus;
the secure crypto chip is connected with the first memory by an SPI bus.
5. The embedded device of claim 1, wherein the embedded device further comprises: a second memory;
the input end of the second memory is connected with the second output end of the processor.
6. The embedded device of claim 5, wherein the second memory is a non-volatile memory.
7. The embedded device of claim 1, wherein the embedded device further comprises: a third memory;
and the input end of the third memory is connected with the second output end of the secure password chip.
8. The embedded device of claim 7, wherein the third memory is a non-volatile memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202322408760.3U CN220651103U (en) | 2023-09-05 | 2023-09-05 | Embedded device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202322408760.3U CN220651103U (en) | 2023-09-05 | 2023-09-05 | Embedded device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN220651103U true CN220651103U (en) | 2024-03-22 |
Family
ID=90295690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202322408760.3U Active CN220651103U (en) | 2023-09-05 | 2023-09-05 | Embedded device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN220651103U (en) |
-
2023
- 2023-09-05 CN CN202322408760.3U patent/CN220651103U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114218592A (en) | Sensitive data encryption and decryption method and device, computer equipment and storage medium | |
| US10489612B2 (en) | Memory controller to verify authenticity of data | |
| JP5123524B2 (en) | Smart card with protected memory access | |
| WO2009064621A2 (en) | Smart storage device | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| JPH05217033A (en) | Data authenticating method | |
| CN220651103U (en) | Embedded device | |
| JP4723187B2 (en) | Update management of coded data in memory | |
| US7464260B2 (en) | Method for alternatively activating a replaceable hardware unit | |
| CN115454517B (en) | Method, system, storage medium, device and chip for multi-medium secure boot | |
| US8677137B2 (en) | Communication device, communication method, information processing device, information processing method, program, and communication system | |
| CN113704773B (en) | Relay protection safety chip operating system and communication method thereof | |
| JP5459845B2 (en) | Portable electronic device, method for controlling portable electronic device, and IC card | |
| JP4478580B2 (en) | Method and system for alternatively activating a replaceable hardware unit | |
| CN100524152C (en) | Method and apparats for configuration management for computing device | |
| CN115599407B (en) | Firmware burning method, firmware burning system and memory storage device | |
| JP7487837B1 (en) | ELECTRONIC INFORMATION STORAGE MEDIUM, IC CHIP, IC CARD, KEY DATA STORAGE METHOD, AND PROGRAM | |
| JP7444197B2 (en) | Electronic information storage medium, cryptographic operation method selection method, and program | |
| CN100395771C (en) | Microcircuit card whereof the performances can be modified after customization | |
| JP5269661B2 (en) | Portable electronic device and method for controlling portable electronic device | |
| JP6009854B2 (en) | IC card, portable electronic device, and IC card control program | |
| CN113935012A (en) | Method for executing a secure boot sequence of a control device | |
| CN118020071A (en) | Managing ownership of electronic devices | |
| CN117318934A (en) | Method and device for generating chip filling data, electronic equipment and medium | |
| JP2003223613A (en) | Method of controlling application of ic card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |