CN114844727B - Switch and protection circuit, protection system thereof - Google Patents

Switch and protection circuit, protection system thereof Download PDF

Info

Publication number
CN114844727B
CN114844727B CN202210768416.2A CN202210768416A CN114844727B CN 114844727 B CN114844727 B CN 114844727B CN 202210768416 A CN202210768416 A CN 202210768416A CN 114844727 B CN114844727 B CN 114844727B
Authority
CN
China
Prior art keywords
switch
power supply
key
selector
control chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210768416.2A
Other languages
Chinese (zh)
Other versions
CN114844727A (en
Inventor
耿震磊
王于波
李延
袁艳芳
王振林
易玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical Beijing Smartchip Microelectronics Technology Co Ltd
Priority to CN202210768416.2A priority Critical patent/CN114844727B/en
Publication of CN114844727A publication Critical patent/CN114844727A/en
Application granted granted Critical
Publication of CN114844727B publication Critical patent/CN114844727B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/10Packet switching elements characterised by the switching fabric construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q1/00Details of selecting apparatus or arrangements
    • H04Q1/18Electrical details
    • H04Q1/28Current-supply circuits or arrangements for selection equipment at exchanges

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The invention relates to the technical field of switches, and discloses a switch, a protection circuit and a protection system thereof, wherein the circuit comprises: the device comprises a configuration module, a selector, a first power supply electronic circuit, a second power supply electronic circuit and a control chip; the configuration module is connected in the first power supply electronic circuit through the selector, and the first power supply electronic circuit supplies power to the configuration module so as to deploy the switch; after deployment is completed, the configuration module is connected into the second power supply electronic circuit through the selector, the operation and maintenance key is authenticated when the operation and maintenance key is detected through the control chip, the second power supply electronic circuit is controlled to be closed when the authentication is passed, and the second power supply electronic circuit supplies power to the configuration module so as to change the configuration of the switch. Therefore, the double-loop power supply can be carried out on the configuration module, the safety management can be carried out in a staged mode, the authentication protection can be carried out through the operation and maintenance key, and the switch is prevented from being remotely controlled.

Description

Switch and protection circuit, protection system thereof
Technical Field
The invention relates to the technical field of switches, in particular to a switch protection circuit, a switch and a switch protection system.
Background
In the related art, the digital communication devices such as the switch, the router, the firewall and the like all have remote login and management functions for the convenience of remote maintenance, and although the devices such as the switch and the like all have the identity authentication function based on cryptography in product design, the digital communication devices face the risk of being remotely authorized and controlled due to the problems of weak passwords, default passwords, product leaks, backdoors and the like in the actual deployment process.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, a first objective of the present invention is to provide a switch protection circuit, which can perform dual-loop power supply for a configuration module, perform security management in a staged manner, and perform authentication protection through an operation and maintenance key, so as to protect a switch from being remotely controlled.
A second object of the present invention is to provide a switch protection circuit.
A third object of the present invention is to provide a switch and a switch protection system.
In order to achieve the above object, a first embodiment of the present invention provides a switch protection circuit, where the circuit includes a configuration module, a selector, a first power supply electronic circuit, a second power supply electronic circuit, and a control chip, where the first power supply electronic circuit is a normally closed circuit, and the second power supply electronic circuit is a normally open circuit; the configuration module is connected in the first power supply electronic circuit through the selector, and the first power supply electronic circuit supplies power to the configuration module so as to deploy the switch; after deployment is completed, the configuration module is connected into the second power supply electronic circuit through the selector, the operation and maintenance key is authenticated through the control chip when the operation and maintenance key is detected, the second power supply electronic circuit is controlled to be closed when the authentication is passed, and the second power supply electronic circuit supplies power to the configuration module so as to change the configuration of the switch.
According to the switch protection circuit provided by the embodiment of the invention, double-loop power supply can be carried out on the configuration module, safety management can be carried out in stages, and the switch is protected by authentication through the operation and maintenance key, so that the switch is prevented from being remotely controlled.
In addition, the switch protection circuit of the embodiment of the present invention may also have the following additional technical features:
according to an embodiment of the present invention, the first power supply circuit includes a first power supply, a first pole of the first power supply is connected to the first end of the configuration module, a second pole of the first power supply is connected to the first end of the selector, and a second end of the configuration module is connected to the second end of the selector.
According to an embodiment of the present invention, the second power supply circuit includes a delay switch and a second power supply, a first pole of the second power supply is connected to the first terminal of the configuration module, a second pole of the second power supply is connected to the first terminal of the delay switch, and a second terminal of the delay switch is connected to the third terminal of the selector; the control chip is connected with the third end of the time delay switch, and the control chip is used for controlling the time delay switch to be closed when the operation and maintenance key passes the authentication.
According to an embodiment of the present invention, the control chip is further connected to the selector, and further configured to: and in the deployment stage, controlling the first end of the selector to be connected with the second end of the selector, disconnecting the first end of the selector from the second end of the selector after deployment is completed, and controlling the second end of the selector to be connected with the third end of the selector.
According to an embodiment of the invention, the switch is provided with a slot, the second power supply electronic circuit further comprises a normally open switch, and the normally open switch is connected in series with the time delay switch, wherein when the operation and maintenance key is inserted into the slot, the normally open switch is linked to be closed, and the control chip is triggered to authenticate the operation and maintenance key.
According to an embodiment of the invention, the time delay switch is further configured to automatically open when the closing time reaches a first preset time.
According to one embodiment of the invention, the control chip adopts a symmetric key algorithm or an identification cipher algorithm to authenticate the operation and maintenance key; when a symmetric key algorithm is adopted, the key of the operation and maintenance key is a root key, and the key of the control chip is a sub-key.
According to an embodiment of the present invention, the key of the control chip is obtained by encrypting the root key and the ID of the control chip by using a digest algorithm.
In order to achieve the above object, a second embodiment of the present invention provides a switch, where the switch includes: the switch protection circuit.
Further, the switch further comprises: the slot is used for inserting an operation and maintenance key, wherein the operation and maintenance key triggers the control chip to authenticate the operation and maintenance key when being inserted into the slot.
Further, the switch further comprises: and the linkage assembly is mechanically connected with the normally open switch and the slot and is used for linking the normally open switch to be closed when the operation and maintenance key is inserted into the slot.
According to one embodiment of the invention, the slot is a USB slot.
According to the switch provided by the embodiment of the invention, the switch protection circuit can supply power to the configuration module in a double-loop manner, perform safety management in a staged manner, and perform authentication protection through the operation and maintenance key, so that the switch is prevented from being remotely controlled.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a switch protection system, including: an operation and maintenance key and the exchanger.
Furthermore, the number of the switches is multiple, and the secret key of the control chip of each switch is obtained by encrypting the secret key of the operation and maintenance key and the ID of the control chip by adopting an abstract algorithm.
According to the switch protection system provided by the embodiment of the invention, the operation and maintenance key and the switch can be used for carrying out double-loop power supply on the configuration module, carrying out safety management in a staged mode, and carrying out authentication protection through the operation and maintenance key so as to prevent the switch from being remotely controlled.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a schematic block diagram of a switch protection circuit according to an embodiment of the present invention;
FIG. 2 is a topology diagram of a switch protection circuit in accordance with one embodiment of the present invention;
FIG. 3 is a topology diagram of a switch protection circuit in accordance with another embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an operation and maintenance key linked with a normally open switch according to an embodiment of the present invention;
FIG. 5 is a schematic block diagram of a switch according to an embodiment of the invention;
fig. 6 is a schematic structural diagram of a switch guard system according to an embodiment of the present invention.
Detailed Description
In some application scenarios of the switch, for example, in a substation and distribution automation application scenario, after the switch is deployed, the switch has few configuration change requirements and less remote login configuration change requirements in a long operation and maintenance time period in the later period. Therefore, from the perspective of information security, it is not necessary that the remote configuration function of the switch be exposed for a long time as an attack plane of the switch. The remote login of the switch often causes the problem of irregular configuration such as weak passwords and the like, and the remote login of the switch is a common attack point for attackers.
In order to solve the above problems, the present invention proposes to turn off the configuration module of the switch within the operation and maintenance time period by using a physical switch and protect the switch by using cryptography authentication, thereby protecting the switch from being remotely controlled on a physical level.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The switch and its protection circuit and protection system according to the embodiment of the present invention will be described with reference to fig. 1 to 6.
Fig. 1 is a block diagram of a switch fence circuit according to an embodiment of the present invention. As shown in fig. 1, the switch protection circuit 100 includes a configuration module 10, a selector 20, a first power supply sub-circuit 30, a second power supply sub-circuit 40, and a control chip 50, where the first power supply sub-circuit 30 is a normally closed circuit, and the second power supply sub-circuit 40 is a normally open circuit.
In this embodiment, the configuration module 10 is connected in the first power supply electronic circuit 30 through the selector 20, and the first power supply electronic circuit 30 supplies power to the configuration module 10 for switch deployment; after deployment is completed, the configuration module 10 is connected to the second power supply electronic circuit 40 through the selector 20, the operation and maintenance key is authenticated through the control chip 50 when the operation and maintenance key is detected, the second power supply electronic circuit 40 is controlled to be closed when the authentication is passed, and the second power supply electronic circuit 40 supplies power to the configuration module 10 to change the configuration of the switch.
Specifically, the configuration module 10 is powered by two loops (i.e., the first power supply circuit 30 and the second power supply circuit 40). When the configuration module 10 is in a default deployment stage in a factory state, the selector 20 connects the configuration module 10 to the first power supply electronic circuit 30, and the first power supply electronic circuit 30 supplies power to the configuration module 10 to deploy the switch. After deployment is completed and switch configuration is solidified, an operation and maintenance stage is entered, the configuration module 10 is connected to the second power supply electronic circuit 40 through the selector 20, when the operation and maintenance key is detected through the control chip 50, the operation and maintenance key is authenticated, the second power supply electronic circuit 40 is controlled to be closed when the authentication is passed, and the second power supply electronic circuit 40 supplies power to the configuration module 10 so as to change the switch configuration.
As an example, the control chip 50 authenticates the operation and maintenance key by using a symmetric key algorithm or an identification cipher algorithm; when a symmetric key algorithm is adopted, the key of the operation and maintenance key is a root key, the key of the control chip 50 is a sub-key, and the key of the control chip 50 is obtained by encrypting the root key and the ID of the control chip 50 by using a digest algorithm.
Specifically, when the symmetric key algorithm is adopted, the keys (i.e., the sub-keys) of the control chip 50 of each switch are generated based on the key (i.e., the root key) of the operation and maintenance key, so that one operation and maintenance key can realize the authentication of a plurality of switches. The key of the control chip 50 is obtained by encrypting the root key and the ID of the control chip 50 by using a digest algorithm, for example: the key of the control chip 50 is obtained by encrypting the root key and the ID of the control chip 50 by using the SM3 algorithm. The key of the control chip 50 is initialized in the control chip 50 of the exchange at the time of shipment of the exchange, and is used for authentication with the operation and maintenance key. In addition, the key of the control chip 50 is dispersed by using a digest algorithm, and the key dispersion scheme ensures that each switch has a separate key, and can realize that all the switch keys are authenticated with the operation and maintenance key.
Therefore, the switch protection circuit 100 supplies power to the configuration module 10 through the selector 20, the first power supply sub-circuit 30, the second power supply sub-circuit 40, and the control chip 50, divides the life cycle of the switch into a deployment phase and an operation and maintenance phase, and performs security management in stages.
As an example, referring to fig. 2, the first power supply circuit 30 may include a first power supply BT1, a first pole (i.e., a positive pole) of the first power supply BT1 is connected to the first terminal 1 of the configuration module 10, a second pole (i.e., a negative pole) of the first power supply BT1 is connected to the first terminal 1 of the selector 20, and a second terminal 2 of the configuration module 10 is connected to the second terminal 2 of the selector 20. Specifically, when the configuration module 10 is connected in the first power supply electronic circuit 30 by controlling the connection of the first terminal 1 of the selector 20 and the second terminal 2 of the selector 20, the first power supply BT1 supplies power to the configuration module 10 for switch deployment.
As an example, referring to fig. 2, the second power supply circuit 40 may include a delay switch S1 and a second power supply BT2, wherein a first pole (i.e., a positive pole) of the second power supply BT2 is connected to the first terminal 1 of the configuration module 10, a second pole (i.e., a negative pole) of the second power supply BT2 is connected to the first terminal 1 of the delay switch S1, and the second terminal 2 of the delay switch S1 is connected to the third terminal 3 of the selector 20. The control chip 50 is connected with the third terminal 3 of the delay switch S1, and the control chip 50 is used for controlling the closing of the delay switch S1 when the operation and maintenance key is authenticated.
Specifically, after the deployment is completed (i.e., the switch configuration is solidified), the operation and maintenance phase is entered, the second end 2 of the selector 20 is controlled to be connected to the third end 3 of the selector 20, the configuration module 10 is connected to the second power supply electronic circuit 40, the operation and maintenance key is authenticated by the control chip 50 when the operation and maintenance key is detected, and when the authentication is passed and the delay switch S1 is controlled to be closed, the second power supply electronic circuit 40 supplies power to the configuration module 10 to change the switch configuration. Therefore, the operation and maintenance key is used for authentication protection, and the configuration module of the switch in the operation and maintenance stage is closed in a physical switch mode, so that the switch is prevented from being remotely controlled on a physical layer.
It should be noted that the delay switch S1 is also used for automatically opening when the closing time reaches the first preset time. Specifically, the delay switch S1 has a timed tripping function, and the first preset time may be set according to a time requirement for switch configuration change in the operation and maintenance phase.
As an example, the control chip 50 is further connected to the selector 20, and is further configured to: the first terminal of the selector 20 is controlled to be connected with the second terminal of the selector 20 during the deployment stage, and after the deployment is completed, the connection between the first terminal of the selector 20 and the second terminal of the selector 20 is disconnected, and the second terminal of the selector 20 is controlled to be connected with the third terminal of the selector 20.
Specifically, referring to fig. 2, in the deployment phase, the first end of the selector 20 is controlled by the control chip 50 to be connected with the second end of the selector 20, the configuration module 10 is connected in the first power supply electronic circuit 30, the configuration module 10 is powered by the first power supply electronic circuit 30 to perform switch deployment, after the switch deployment is completed and the switch configuration is solidified, the connection between the first end of the selector 20 and the second end of the selector 20 is disconnected by the control chip 50, the operation and maintenance phase is entered, the second end 2 of the selector 20 is controlled by the control chip 50 to be connected with the third end 3 of the selector 20, the configuration module 10 is connected in the second power supply electronic circuit 40, the operation and maintenance key is authenticated by the control chip 50 when the operation and maintenance key is detected, and the configuration module 10 is powered by the second power supply electronic circuit 40 when the control delay switch S1 is closed when the authentication is passed, to make switch configuration changes. Therefore, the control chip is connected with the selector to supply power to the configuration module in a double-loop mode.
As an example, referring to fig. 3-4, the switch is provided with a slot, the second power supply electronic circuit 40 further includes a normally open switch S2, the normally open switch S2 is connected in series with the delay switch S1, wherein when the operation and maintenance key is inserted into the slot, the normally open switch S2 is linked to close, and the control chip 50 is triggered to authenticate the operation and maintenance key.
Specifically, in the deployment phase, the normally open switch S2 is in the normally open state, which ensures that the configuration module 10 is physically unavailable, and the switch configuration is physically solidified in this state, thereby completely preventing the switch configuration from being maliciously and remotely changed. After deployment is completed (i.e. switch configuration is solidified), an operation and maintenance stage is entered, the second end 2 of the selector 20 is controlled to be connected with the third end 3 of the selector 20, the configuration module 10 is connected in the second power supply electronic circuit 40, the control chip 50 is used for linking the closing of the normally open switch S2 and triggering the authentication of the operation and maintenance key when detecting that the operation and maintenance key is inserted into the slot, and the second power supply electronic circuit 40 supplies power to the configuration module 10 to change the switch configuration when the authentication is passed and the control delay switch S1 is closed. Therefore, the linked normally open switch is realized by inserting the operation and maintenance key into the slot.
To sum up, the switch protection circuit connects the configuration module to the first power supply sub-circuit through the selector, and the first power supply sub-circuit supplies power to the configuration module to deploy the switch; after deployment is completed, the configuration module is connected into the second power supply electronic circuit through the selector, the operation and maintenance key is authenticated when the operation and maintenance key is detected through the control chip, the second power supply electronic circuit is controlled to be closed when the authentication is passed, the configuration module is powered by the second power supply electronic circuit to change the configuration of the switch, the configuration module can be powered by double loops, safety management is performed in a staged mode, authentication protection is performed through the operation and maintenance key, and the switch is prevented from being remotely controlled.
Fig. 5 is a schematic structural diagram of a switch according to an embodiment of the present invention. As shown in fig. 5, the switch 200 includes: the switch fence circuit 100 described above.
As an example, referring to fig. 4, the switch 200 may further include: and the slot is used for inserting the operation and maintenance key, wherein when the operation and maintenance key is inserted into the slot, the control chip 50 is triggered to authenticate the operation and maintenance key.
Specifically, after the deployment is completed (i.e., the switch 200 is configured and cured), the control chip 50 disconnects the connection between the first end of the selector 20 and the second end of the selector 20, and enters the operation and maintenance stage, and then the control chip 50 controls the second end 2 of the selector 20 to be connected with the third end 3 of the selector 20, so as to connect the configuration module 10 in the second power supply electronic circuit 40, and when the control chip 50 detects that the operation and maintenance key is inserted into the slot, the operation and maintenance key is authenticated, and when the authentication is passed and the delay switch S1 is controlled to be closed, the second power supply electronic circuit 40 supplies power to the configuration module 10, so as to change the configuration of the switch 200.
As another example, the switch 200 may further include: and the linkage assembly is mechanically connected with the normally open switch S2 and the slot and is used for linking the normally open switch S2 to be closed when the operation and maintenance key is inserted into the slot.
Specifically, after the deployment is completed (i.e., the switch 200 is configured and cured), the operation and maintenance phase is entered, the second end 2 of the selector 20 is controlled to be connected to the third end 3 of the selector 20, the configuration module 10 is connected to the second power supply electronic circuit 40, and when the control chip 50 detects that the operation and maintenance key is inserted into the slot, the linkage assembly linkage normally-open switch S2 is closed, the authentication of the operation and maintenance key is triggered, and when the authentication is passed and the control delay switch S1 is closed, the second power supply electronic circuit 40 supplies power to the configuration module 10, so as to change the configuration of the switch 200. Therefore, the linked normally open switch is realized by inserting the operation and maintenance key into the slot.
To sum up, the switch through foretell switch protection circuit, can carry out the double circuit power supply to the configuration module to carry out safety control in a staged mode, and carry out authentication protection through the fortune dimension key, let the switch avoid by remote control.
Fig. 6 is a schematic structural diagram of a switch guard system according to an embodiment of the present invention. As shown in fig. 6, switch guard system 300 includes: an operation and maintenance key 310 and the switch 200 described above.
Specifically, the number of the switches 200 is plural, and the key of the control chip 50 of each switch 200 is obtained by encrypting the key of the operation and maintenance key 310 and the ID of the control chip 50 itself by using a digest algorithm.
Specifically, the key of the control chip 50 of each switch 200 is obtained by encrypting the key of the operation and maintenance key 310 and the ID of the control chip 50 by using a digest algorithm, for example: the key of the control chip 50 is obtained by encrypting the key of the operation and maintenance key 310 and the ID of the control chip 50 by using the SM3 algorithm. The key of the control chip 50 is initialized in the control chip 50 of the exchange at the time of shipment of the exchange, and is used for authentication with the operation and maintenance key 310. In addition, the keys of the control chip 50 are distributed by using a digest algorithm, and this key distribution scheme ensures that each switch has a separate key, and can implement that all the switch keys are authenticated with the operation and maintenance key 310.
To sum up, the switch protection system can carry out the double-circuit power supply to the configuration module through fortune dimension key and foretell switch to carry out safety control in a mode of stepping, and carry out authentication protection through fortune dimension key, let the switch avoid by remote control.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be considered limiting of the invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood according to specific situations by those of ordinary skill in the art.
In the present invention, unless otherwise expressly stated or limited, the first feature "on" or "under" the second feature may be directly contacting the first and second features or indirectly contacting the first and second features through an intermediate. Also, a first feature "on," "above," and "over" a second feature may be directly on or obliquely above the second feature, or simply mean that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature may be directly under or obliquely under the first feature, or may simply mean that the first feature is at a lesser elevation than the second feature.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (14)

1. A switch protection circuit is characterized by comprising a configuration module, a selector, a first power supply electronic circuit, a second power supply electronic circuit and a control chip, wherein the first power supply electronic circuit is a normally closed circuit, and the second power supply electronic circuit is a normally open circuit; wherein the content of the first and second substances,
connecting the configuration module in the first power supply electronic circuit through the selector, and supplying power to the configuration module by the first power supply electronic circuit so as to deploy the switch;
after deployment is completed, the configuration module is connected into the second power supply electronic circuit through the selector, the operation and maintenance key is authenticated through the control chip when the operation and maintenance key is detected, the second power supply electronic circuit is controlled to be closed when the authentication is passed, and the second power supply electronic circuit supplies power to the configuration module so as to change the configuration of the switch.
2. The switch fabric circuit of claim 1, wherein the first power supply comprises a first power supply, a first pole of the first power supply is connected to a first terminal of the configuration module, a second pole of the first power supply is connected to a first terminal of the selector, and a second terminal of the configuration module is connected to a second terminal of the selector.
3. The switch guarder circuit of claim 2 in which the second power supply electronic circuit includes a delay switch and a second power supply, a first pole of the second power supply being connected to the first terminal of the configuration module, a second pole of the second power supply being connected to the first terminal of the delay switch, a second terminal of the delay switch being connected to the third terminal of the selector;
the control chip is connected with the third end of the time delay switch, and the control chip is used for controlling the time delay switch to be closed when the operation and maintenance key passes the authentication.
4. The switch guardian circuit of claim 3, wherein the control chip is further coupled to the selector and is further configured to:
in the deployment stage, the first end of the selector is controlled to be connected with the second end of the selector, after deployment is completed, the first end of the selector is disconnected with the second end of the selector, and the second end of the selector is controlled to be connected with the third end of the selector.
5. The switch protection circuit according to claim 3, wherein the switch is provided with a slot, the second power supply electronic circuit further comprises a normally open switch connected in series with the time delay switch, and when the operation and maintenance key is inserted into the slot, the normally open switch is linked to close and the control chip is triggered to authenticate the operation and maintenance key.
6. The switch protection circuit of claim 3, wherein the delay switch is further configured to automatically open when the closing time reaches a first predetermined time.
7. The switch protection circuit of claim 1, wherein the control chip authenticates the operation and maintenance key using a symmetric key algorithm or an identification cipher algorithm;
when a symmetric key algorithm is adopted, the key of the operation and maintenance key is a root key, and the key of the control chip is a sub-key.
8. The switch protection circuit of claim 7, wherein the key of the control chip is obtained by encrypting the root key and the ID of the control chip by using a digest algorithm.
9. A switch, characterized in that the switch comprises: the switch fabric circuit of any of claims 1-8.
10. The switch of claim 9, further comprising:
the slot is used for inserting the operation and maintenance key, wherein the operation and maintenance key triggers the control chip to authenticate the operation and maintenance key when being inserted into the slot.
11. The switch of claim 10, further comprising:
the linkage assembly is mechanically connected with the normally open switch and the slot and is used for linking the normally open switch to be closed when the operation and maintenance key is inserted into the slot; the first power supply electronic circuit comprises a first power supply, a first pole of the first power supply is connected with a first end of the configuration module, a second pole of the first power supply is connected with a first end of the selector, and a second end of the configuration module is connected with a second end of the selector; the second power supply electronic circuit further comprises a delay switch, a second power supply and the normally open switch, wherein a first pole of the second power supply is connected with a first end of the configuration module, a second pole of the second power supply is connected with a first end of the delay switch, and a second end of the delay switch is connected with a third end of the selector; the normally open switch is connected with the delay switch in series.
12. The switch of claim 10, wherein the slot is a USB slot.
13. A switch guard system, comprising: an operation and maintenance key and a switch as claimed in any one of claims 9 to 12.
14. The switch protection system according to claim 13, wherein the number of the switches is plural, and the key of the control chip of each switch is obtained by encrypting the key of the operation and maintenance key and the ID of the control chip itself by using a digest algorithm.
CN202210768416.2A 2022-07-01 2022-07-01 Switch and protection circuit, protection system thereof Active CN114844727B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210768416.2A CN114844727B (en) 2022-07-01 2022-07-01 Switch and protection circuit, protection system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210768416.2A CN114844727B (en) 2022-07-01 2022-07-01 Switch and protection circuit, protection system thereof

Publications (2)

Publication Number Publication Date
CN114844727A CN114844727A (en) 2022-08-02
CN114844727B true CN114844727B (en) 2022-09-23

Family

ID=82575117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210768416.2A Active CN114844727B (en) 2022-07-01 2022-07-01 Switch and protection circuit, protection system thereof

Country Status (1)

Country Link
CN (1) CN114844727B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7673337B1 (en) * 2007-07-26 2010-03-02 Dj Inventions, Llc System for secure online configuration and communication
WO2013123453A1 (en) * 2012-02-16 2013-08-22 Master Lock Company Data storage devices, systems, and methods
CN104158035A (en) * 2014-08-28 2014-11-19 河海大学常州校区 Automatic dual-loop switching extension socket and switching method
CN107275934A (en) * 2017-06-19 2017-10-20 国网山东省电力公司电力科学研究院 A kind of electric power system power distribution protection device, using with method
CN110323724A (en) * 2019-06-25 2019-10-11 国网浙江省电力有限公司金华供电公司 A kind of the ring distribution system protective relaying device and control method of automatic discriminating direction
CN111817864A (en) * 2020-07-01 2020-10-23 嘉善数能技术有限公司 Communication base station energy control system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7673337B1 (en) * 2007-07-26 2010-03-02 Dj Inventions, Llc System for secure online configuration and communication
WO2013123453A1 (en) * 2012-02-16 2013-08-22 Master Lock Company Data storage devices, systems, and methods
CN104158035A (en) * 2014-08-28 2014-11-19 河海大学常州校区 Automatic dual-loop switching extension socket and switching method
CN107275934A (en) * 2017-06-19 2017-10-20 国网山东省电力公司电力科学研究院 A kind of electric power system power distribution protection device, using with method
CN110323724A (en) * 2019-06-25 2019-10-11 国网浙江省电力有限公司金华供电公司 A kind of the ring distribution system protective relaying device and control method of automatic discriminating direction
CN111817864A (en) * 2020-07-01 2020-10-23 嘉善数能技术有限公司 Communication base station energy control system

Also Published As

Publication number Publication date
CN114844727A (en) 2022-08-02

Similar Documents

Publication Publication Date Title
US8793767B2 (en) Network access management via a secondary communication channel
US20110015795A1 (en) Smart Outlet with Valid Plug Management and Activation
US10680814B2 (en) Device key security
CN103227776A (en) Configuration method, configuration device, computer program product and control system
JP2018500823A (en) Device key protection
US20190318131A1 (en) Methods and system for high volume provisioning programmable logic devices with common and unique data portions
CN114080782B (en) Method and system for preventing luxury software or phishing attack
US10623436B2 (en) System and method of architectural security and resilience for microgrid systems
CN106685775A (en) Self-inspection type invasion prevention method and system for intelligent household electrical appliance
CN105872848A (en) Credible two-way authentication method applicable to asymmetric resource environment
EP3519975B1 (en) Access control for integrated circuit devices
CN108266061A (en) Fingerprint lock
US20150186677A1 (en) Server chassis physical security enforcement
CN110601820A (en) Method and apparatus for safe operation of a field device
EP3337085B1 (en) Reloading cryptographic program instructions
Stabili et al. Analyses of secure automotive communication protocols and their impact on vehicles life-cycle
CN114844727B (en) Switch and protection circuit, protection system thereof
CN110298939A (en) It locks the method for the function of electrical equipment and implements the electrical equipment of this method
KR101533857B1 (en) System and method of tamper-resistant control
CN110417769A (en) A kind of industry internet platform Multi Identity Attestation method
CN102804724B (en) The transfer of data of anti-manipulation between automation equipment
KR102411797B1 (en) Hardware-based vehicle cyber security system
CN115065554B (en) Security chip, identity authentication method and device thereof, and storage medium
CN109787953B (en) Infrared port protection method based on DLMS encrypted communication
CN115021957B (en) Substation network equipment access authentication method and system, chip and network equipment thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant