TWI284809B - Method preventing illegal intrusion via bus - Google Patents

Abstract

The present invention relates to a method preventing illegal instruction via bus. The method provides an identification module between a bus and a plurality of electronic devices, in which a microprocessor and a storage unit is disposed in the identification module. The storage unit stores a signal mapping table, in which the signal mapping table contains a plurality of storage signals and a plurality of identification codes, and matches each storage signal with an identification code. When the microprocessor receives a transmission signal outputted through a bus, and the identification code in the transmission signal is identical to the matching identification code of a storage signal, the objective of preventing the illegal intrusion of all sorts of data packets through the bus can be achieved even if the transmission signal passes through the identification module.

Description

1284809 V. INSTRUCTION DESCRIPTION OF THE INVENTION (1) Technical Field of the Invention The present invention relates to a method for preventing illegal intrusion from a busbar, and more particularly to identifying a signal outputted from a busbar to prevent various data. The packet passes through the bus intruder. [Prior Art] In recent years, due to the rise of the Internet, people have been mired in the Internet. However, there are many potential security issues in the enjoyment of funds. The problem of road safety is becoming more and more severely attacked. The page information is for its purpose, and there is also or tampering with the webpage material, and the “distributeddeni DDoS attack” is used to spread the fake source address (spoofed package '瘫痪 the victim’s network is below 1%, resulting in network servoing In response to the aforementioned attacks and road devices (such as: switches), the official mechanism, and the violation of the network break, so that the network security mechanism can be wall (Firewal1), the rapid growth of the system - plus the possible When the business opportunities come from, there is the convenience brought by the unlimited technology, but also the threat of Internet hacking attacks, making the Internet, in general, Internet hackers attack to invade the computer system to steal or The purpose of tampering with the net is not to invade the computer system to steal a so-called "distributed blocking service attack". Multiple computers, sending a large number of source IP addresses) of road closures server, so the normal completion rate drop can not provide normal services.烕 threat, that is, some operators have developed a number of networks to establish network traffic monitoring and network access control policies, abnormal packets or connections to prevent or maintain, and the so-called "fire protection" is built on the internal network.

__

Page 5 1284809

(Intranet) and the Internet (Internet) can be monitored and managed by the buffer interface (Gateway), enabling network administrators to filter out the weird forgery source 丨p packets by means of a prior data access mechanism. Such as ··· 10. 〇· 0· 0/8, 172· 16· 0· 0/12, 192· 168· 0· 0/16~, or the service that is not needed for the network computer (Serv丨ce p〇 Rt) is turned off, the same as 3, the transmission of information packets can also be transmitted by Ip address, P〇rt and packet transmission direction. t 刺,,周路, the so-called "System Management Bus (SMBus)", is a two-wire (tw〇-wire) busbar for electronic elements, is set in a South Bridge chip) and plural Electronic components (such as Monitor, Clock Generat〇r), through the system between the South Bridge chip and the electronic components can be used to obtain information about the electronic components, such as manufacturer information, error signals and status, and Having the system receive signals transmitted in its own state for transmitting an electronic device, and controlling the electronic devices, or having a security mechanism for network access control compared to a general system For example, the aforementioned firewall-like system does not have any system management system, so that various data packets can be easily managed through the system:: Yuan: 'will cause the information in the electronic components: the damage of the pieces' even Affect the system's production situation' Therefore, if it can be applied to this _ security hole

The management of the communication device developed the bridge chip (South Hardware management bus, the transmission, so that the system, model, control resources to the electronic device control signals to these adjustments. Road traffic monitoring and network protection measures, what? Protection measures, flow to the safety machine that has been changed, or such unstable or downtime

1284809 V. Description of invention (3) The system will ensure the security of the system more completely [issuing all kinds of people in accordance with the cumulative force of research and development of the influx of the inclusion of the content of the recovery] In view of the previous data package its professional for many years The research and experimentation are illegally incorporated into the method of the present invention. In the group, several storage system tubes in the identification unit can be easily engaged in network knowledge, and after careful attention, finally invade the method for one purpose, the management w row does not have any The safety mechanism leads to many defects such as passing and causing damage, the technical experience of inventing equipment and system development, and researching various solutions. After long-term development, the invention realizes one of the inventions to prevent self-matching of one of the identification signals. Matching the identification group can effectively ensure that the system security system provides multiple pairs of signals with a plurality of signals to process the transmission, even if the data is sealed to prevent the illegal flow into the busbar and the plurality of electronic components from the busbar. The identification module stores a signal and a complex code. When this is the case, it is judged that the different codes are the same to prevent various types. . a microprocessor and a meter, the code, the signal received by the packet, the signal transmitted to the sink by the signal, and the signal of the identifier stored in the sink through the busbar non-storage unit The output of the flow row and the storage mode are invaded by the identification module. For another purpose of the present invention, a plurality of > factory horses are stored in the signal comparison table, and each of the status codes is respectively matched with a storage signal. When the device receives the transmission signal input, it determines whether the signal has the same storage signal as the transmission signal, and the identification code of the transmission signal matches the storage signal. Whether the identification codes are the same, and

1284809

And the signal transmitted by the stored signal passes through the identification module to illegally invade, and ensures the security of the system. The reviewer can make further understanding and detailed explanation as follows: The state code is on. Even if the pass prevents all kinds of data packets from passing through the bus. The present invention is directed to a method for preventing illegal intrusion from a busbar, as shown in Fig. 1, in a busbar 1 and A plurality of electronic components 2, a system, and a module 3 are provided. The identification module 3 is provided with a microprocessor 31 and a memory card 32. The storage unit 32 stores a signal comparison table. The k-reference table includes a plurality of storage signals and a plurality of identification codes, each of the stored f-signals respectively matching an identification code, and when the microprocessor 3 receives a transmission signal from the output of the busbar 1 If it is determined that the identification code in the transmission signal is the same as the identification code matched by the stored signal, even if the transmission signal passes through the identification module 3, the various data packets can be prevented from being illegally invaded by the bus 1 To ensure the safety of the system. ^ In order to better understand the method for preventing illegal intrusion from the bus, please refer to FIG. 2, and the processing steps are sequentially described: (2 0 1) The microprocessor 31 receives the transmission outputted by the bus 1. Signal (2 0 2), according to the transmission signal, find out whether the stored signal is the same as the transmission signal in the signal comparison table, and if not, proceed

Page 8 1284809 ugly, invention description (5) (2 0 5), if yes, continue with the following steps; (2 0 3) to determine whether the identification code in the transmission signal is the same as the identification code matched by the stored signal, No, the step (2 0 5) is performed, and if so, the following steps are continued; (204) the transmission signal is passed through the identification module 3; (205) the transmission of the transmission signal is cut off.

In an embodiment of the present invention, a setting signal and another setting signal are stored in the storage unit 32. When the microprocessor 31 receives the setting signal, it starts to determine the identification code in the transmission signal. The step of determining whether the identification code matched by the stored signal is the same, so that the identification module 3 determines the identification code in the transmission signal every time the transmission signal is received, so as to prevent various data packets from passing through the bus 1 If the microprocessor 31 receives the other setting signal, it stops determining whether the identification code in the transmission signal is the same as the identification code matched by the storage signal, so that the identification module 3 is Whenever the transmission signal is received, the transmission signal is directly output to the electronic components 2, and the busbar 1 can be prevented from being illegally invaded by the method of the present invention, and can be illegally set in the system. Freely carry the transmission of the transmission signal. In this embodiment, each of the stored signals is matched with an electronic component 2, and when the transmission signal is the same as the stored signal and is identical to the identification code of the stored signal, the transmission signal can be transmitted to the The electronic component 2 with the matching signal is obtained, and the transmission signal is transmitted between the bus bar and the electronic component 2 to obtain the electronic component 2

Page 9 l284809

5. Description of the invention (6) and enable the system to receive signals transmitted by the electronic devices in their own state, enabling the system to set, control or adjust the electronic components 2. In another embodiment of the present invention, as shown in FIG. 3, the signal comparison table further includes a plurality of status codes, each of which is matched with a storage signal, respectively. When receiving the transmission signal that is rotated from the bus i, the following steps are performed: (301) Finding, according to the transmission signal, whether the storage signal is the same as the transmission signal in the signal comparison table, if No, proceed to step (3 〇 5), and if yes, continue with the following steps; (3 0 2 ) determine whether the identification code in the transmission signal is the same as the identification code matched by the stored signal, if not, proceed to step (3 〇 5), if yes, continue with the following steps; (30 3) determine whether the status code matching the stored signal is set to the on state 'right no' to perform the step (3 〇 5), and if so, continue with the following steps; 0 4) passing the transmission signal through the identification module 3; (305) truncating the transmission of the transmission signal. In this embodiment, the status code may be changed by a status signal outputted from the bus 1 , the status signal is the same as one of the stored signals in the signal comparison table, and one of the status signals The status setting value is a status code that matches the stored signal. For example, when the status signal is received by the microprocessor 31, it is determined to be the same as the "Clock Generator" storage signal in the signal comparison table, and the Within the status signal

Page 10

1284809 V. Invention Description (Ό The status setting value is “0”, the status code matching the “Clock Generator” storage signal is changed to “〇”, so when the “C10Ck Generat 〇r” signal is transmitted to the identification In module 3, even if it is the same as the "Clock Generator" stored in the signal comparison table and the same as the identification code of the "Clock Generator" storage signal, the status code matching the "Clock Generator" storage signal is "0" 'so that the rcl〇ck Generator signal transmitted to the identification module is still unable to pass the identification module 3, thus, for each of the storages

The status code of the nickname is freely set and set for the important storage signal to improve the security of the system. In this embodiment, the signal comparison table may be a bit comparison using an I2C (In = r-lntegrated Circuit) protocol, by storing the storage signal and the identification code in the signal comparison table, The transmission of signals between the system and the electronic components 2 can be performed. Taike=The above is only one of the best embodiments of the present invention, but the tm: the feature is not limited thereto, and any one who is familiar with the art can easily change or modify it. In the following patent scope of this case. #

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic view of an embodiment of the present invention; FIG. 3 is a flow chart of another embodiment of the present invention; [Main component symbol description] Busbar...............1 Electronic component............2 Identification module....... .....3 Microprocessor............31 Storage unit............32

Page 12

Claims (1)

1284809 VI. Scope of Application for Patenting 1. A method for preventing illegal intrusion from a busbar and a plurality of electronic components is provided with an identification module. The internal system is provided with a microprocessor and a storage unit. The 硪 硪 module-signal comparison table, the signal comparison table includes:::: storing a plurality of identification codes, each of the stored signals is processed according to the following steps: when the output signal of the jin is output, according to the Transmitting a signal, if it finds the stored signal with the same signal to the signal, and judges that the transmission signal passes the identification module; <identification code, even if the transmission signal is transmitted, the identification code of the identification number is Different from the identification horse matched by the stored signal, the transmission of the transmission signal is cut off. The method of claim 1, wherein the microprocessor 3 finds that the signal has a signal with the transmission signal, that is, the transmission of the transmission signal is cut off. 1 storing the method according to claim 1, wherein each of the storage Φ stores;,: not matched with an electronic component, wherein the transmission signal is the same as the storage phase = and The identification signal of the transmission signal and the identification of the stored signal: 5, the transmission signal can be transmitted to the electronic component matching the storage signal. The method of claim 1, wherein the storage unit stores a setting signal, and when the microprocessor receives the setting signal, the device starts to determine the identification code in the transmission signal. With the storage signal 1284809 VI. Application for patent scope The steps for matching the identification codes are the same. 5. If another setting signal is stored in the module mentioned in item 1 of the patent application, when the micro-processing signal is issued, the step of determining whether the identification code matched by the signal in the transmission signal is the same is stopped. 6. If the party number table mentioned in item 1 of the patent application scope further includes a plurality of status codes, each of the status memory signals matches, and the microprocessor receives the following steps for processing: according to the transmission signal, The stored signal having the same control number is the same as the identification code matched by the stored signal; if the identification code in the transmitted signal is the same as the stored code, and it is determined that the stored signal matches The status 'even if the transmission signal passes the identification, and the party described in item 6 of the patent application is set to the off state, that is, the transmission signal is cut off, and the output is as described in item 6 of the patent application scope: The j state signal, the status signal is in phase with the one of the stored signals, and the system replaces the state method with the + + 亥 亥 亥 忒 忒 忒 忒 忒 忒 忒 忒 忒 忒 , , , , , 状态 状态 状态 状态 状态 状态 状态 状态 状态 状态The other setting and the storage method, wherein the signal pair code is respectively associated with a stored transmission signal, that is, whether the transmission code is matched by the number in the table. Do not set the system to match the signal status code module. Law, where the state of the stone horse is transmitted. Method, wherein the signal pair is in the code 0, the bus table is set in the table