[go: up one dir, main page]

CN223110035U - Inverter and energy storage system - Google Patents

Inverter and energy storage system

Info

Publication number
CN223110035U
CN223110035U CN202422320714.2U CN202422320714U CN223110035U CN 223110035 U CN223110035 U CN 223110035U CN 202422320714 U CN202422320714 U CN 202422320714U CN 223110035 U CN223110035 U CN 223110035U
Authority
CN
China
Prior art keywords
inverter
control chip
port
main control
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202422320714.2U
Other languages
Chinese (zh)
Inventor
李良艳
吴志敢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hekang Xinneng Frequency Conversion Technology Co ltd
Midea Welling Motor Technology Shanghai Co Ltd
Original Assignee
Beijing Hekang Xinneng Frequency Conversion Technology Co ltd
Midea Welling Motor Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hekang Xinneng Frequency Conversion Technology Co ltd, Midea Welling Motor Technology Shanghai Co Ltd filed Critical Beijing Hekang Xinneng Frequency Conversion Technology Co ltd
Priority to CN202422320714.2U priority Critical patent/CN223110035U/en
Application granted granted Critical
Publication of CN223110035U publication Critical patent/CN223110035U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Inverter Devices (AREA)

Abstract

The application discloses an inverter and an energy storage system, which relate to the technical field of equipment safety and comprise a main control chip, a key injection port, a first communication port and a second communication port, wherein the key injection port is connected with the main control chip, the main control chip is arranged to store a decryption key injected by an external upper computer through the key injection port, the first communication port is connected with the main control chip and is arranged to receive encryption upgrading data sent by the upper computer and transmitted through an external user gateway, and the main control chip is arranged to decrypt the encryption upgrading data based on the decryption key to obtain data to be upgraded so as to perform safe upgrading based on the data to be upgraded. The application realizes the safe upgrading of the inverter on the premise of not depending on the safe design of the user gateway.

Description

Inverter and energy storage system
Technical Field
The application relates to the technical field of safety, in particular to an inverter and an energy storage system.
Background
Along with the wider application of the inverter in different fields, users also put forward higher requirements on the safe upgrading mode of the inverter.
The traditional inverter safety upgrading mode is to directly encrypt a data packet to be upgraded through a user gateway and then transmit the data packet to the inverter so as to finish the upgrading in the inverter, and the phenomenon of encrypting the data packet to be upgraded through the user gateway exists in the inverter safety upgrading mode, so that a new inverter is urgently needed, and the inverter safety upgrading is realized on the premise of not depending on the safety design of the user gateway.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present application and is not intended to represent an admission that the foregoing is prior art.
Disclosure of utility model
The application mainly aims to provide an inverter and an energy storage system, and aims to solve the technical problem of how to realize the safety upgrading of the inverter when a user gateway does not have safety.
To achieve the above object, the present application provides an inverter including:
a main control chip;
the key injection port is connected with the main control chip, and the main control chip is set to store decryption keys injected by an external upper computer through the key injection port;
The first communication port is connected with the main control chip, the first communication port is set to receive encrypted upgrade data sent by the upper computer and transmitted by an external user gateway, and the main control chip is set to decrypt the encrypted upgrade data based on the decryption key to obtain data to be upgraded so as to perform security upgrade based on the data to be upgraded.
In an embodiment, the inverter further comprises:
The input end of the internal control chip is connected with the first output end of the main control chip, and when the data to be upgraded is the upgrading firmware of the internal control chip, the internal control chip is set to perform safe upgrading based on the data to be upgraded;
And the input end of the external control chip is connected with the second output end of the main control chip, and when the data to be upgraded is the firmware to be upgraded of the external control chip, the external control chip is set to perform safe upgrading based on the data to be upgraded.
In one embodiment, the main control chip includes:
the random number generation module is used for generating random numbers;
The encryption and decryption operation module is connected with the random number generation module and the key injection port and is used for obtaining an encrypted decryption key based on the random number and the decryption key through encapsulation;
The secure storage module is connected with the encryption and decryption operation module and is used for storing the encrypted decryption key, wherein the encryption and decryption operation module is also used for decrypting the encrypted upgrade data based on the decryption key to obtain the data to be upgraded.
In one embodiment, the secure memory module is an EEPROM, FUSE or FLASH of the main control chip.
In one embodiment, the encryption and decryption operation module includes an HMAC module.
In an embodiment, the inverter further comprises:
the transmission module is respectively connected with the user gateway and the main control chip through the first communication port, wherein the transmission module comprises wire physical connection or serial port Bluetooth and RFID wireless transmission equipment communication connection.
In an embodiment, the key injection port comprises a serial communication interface and the first communication port comprises a 485 port.
In one embodiment, the master control chip includes a secure crypto engine component.
In addition, in order to achieve the above object, there is also provided an energy storage system including the inverter described above;
The key injection port of the inverter is connected with an output interface of an external upper computer, and the second communication port of the inverter is connected with an external user gateway.
In one embodiment, the energy storage system further comprises:
And the level controller is connected with a level control port of the inverter and is used for controlling the inverter to be in different operation states based on different levels, wherein the operation states comprise a power-on state, a key injection state and a normal state.
In one embodiment, the level controller includes:
a high level power supply;
The first end of the conduction switch is connected with the level control port and the high-level power supply, the second end of the conduction switch is grounded, the conduction switch is used for grounding the level control port when being pressed down, and the level control port is connected with the high-level power supply when not being pressed down.
The embodiment of the application provides an inverter, which comprises a main control chip, a key injection port, a first communication port and a first communication port, wherein the key injection port is connected with the main control chip, the main control chip is arranged to store a decryption key injected by an external upper computer through the key injection port, the first communication port is connected with the main control chip and is arranged to receive encryption upgrading data sent by the upper computer and transmitted through an external user gateway, the main control chip is arranged to decrypt the encryption upgrading data based on the decryption key to obtain data to be upgraded so as to perform safe upgrading based on the data to be upgraded, the decryption key is injected into the inverter through the key injection port of the upper computer so as to decrypt the encryption upgrading data based on the decryption key to obtain data to be upgraded when the inverter receives the encryption upgrading data sent by the upper computer and transmitted through the external user gateway, the phenomenon that the encryption upgrading data to be upgraded can be safely carried out based on the user gateway which is connected with the inverter is needed to be safely upgraded is avoided, and the safety upgrading can be realized on the premise that the user gateway is not dependent on the key is designed by setting the inverter as a safe upgrading position.
Drawings
Fig. 1 is a schematic diagram of a frame of a first embodiment of an inverter according to the present application;
fig. 2 is a schematic diagram of a frame of a second embodiment of an inverter according to the present application;
FIG. 3 is a schematic diagram of a third embodiment of an inverter according to the present application;
FIG. 4 is a schematic diagram of a connection of an inverter according to the present application;
FIG. 5 is a schematic diagram of an inverter according to the present application;
FIG. 6 is a schematic diagram of yet another scenario of the inverter of the present application;
FIG. 7 is a schematic diagram of a connection of the energy storage system of the present application;
Fig. 8 is a schematic diagram of a connection of a port turn-on selector in an inverter of an energy storage system according to the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Reference numerals illustrate:
100. The system comprises an upper computer, 101, an output interface, 102, a second communication port, 200, an inverter, 201, a key injection port, 202, a first communication port, 300, a user gateway, 400, a server, 210, a main control chip, 220, an internal control chip, 230, an external control chip, 203, a first control port, 204, a second control port, 510, a first signal output circuit, 511, a first power supply, 512, a first selection key switch, 520, a second signal output circuit, 521, a second power supply, 522, a second selection key switch, 600, a selector, an A, a selector input end, C1-Cn, a selector control end, B1-1-B1-4, a selector output end, 211, a random number generation module, 212, an encryption and decryption operation module, 213 and a safety storage module.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
For a better understanding of the technical solution of the present application, the following detailed description will be given with reference to the drawings and the specific embodiments.
The inverter can upgrade the application program by transmitting data wirelessly/wiredly, and when the application program is transmitted in the clear, the application program is easily captured by a hacker or tampered with the data due to signal interference. In order to prevent data from being tampered or copied for piracy in the transmission process, a program file needs to use a secret key to encrypt data, and use digital signature authentication to ensure the integrity of data packets which cannot be directly used, while in an inverter system, a secret key is usually set on a user gateway connected with an inverter (the secret key is firstly injected into the user gateway through an upper computer) so as to encrypt and transmit an application program on the user gateway, and if the user gateway is a client side user gateway, a user is required to configure the secret key on the client side, then the problem exists that if the secret key cannot be set on the user gateway because of confidentiality requirement or design requirement, the inverter cannot be safely used on the client side, and therefore, the phenomenon that the inverter cannot be safely upgraded can not be ensured because the user gateway connected with the inverter has no security (such as limiting the user to set the secret key on the user gateway because of internal confidentiality reason and design).
Therefore, based on the defects of the safety upgrading mode of the inverter, the inverter is provided, and the embodiment of the application injects the decryption key into the inverter through the key injection port of the inverter by the upper computer, so that when the inverter receives the encrypted upgrading data sent by the upper computer and transmitted by the external user gateway, the encrypted upgrading data can be decrypted based on the decryption key to obtain the data to be upgraded, and the safety upgrading is realized based on the data to be upgraded, thereby avoiding the phenomenon that the safety upgrading can only be carried out by relying on the user gateway connected with the inverter, and realizing the safety upgrading of the inverter on the premise of not depending on the safety design of the user gateway by taking the inverter as the position for safety upgrading verification of the setting key.
Based on this, an embodiment of the present application provides an inverter, referring to fig. 1, and fig. 1 is a schematic diagram of a frame of a first embodiment of the inverter of the present application.
Referring to fig. 1, the present application provides an inverter 200, the inverter 200 comprising:
A main control chip 210;
A key injection port 201, the key injection port 201 being connected to the main control chip 210, the main control chip 210 being configured to store a decryption key injected from an external host computer 100 via the key injection port 201;
The first communication port 202 is connected to the main control chip 210, the first communication port 202 is configured to receive encrypted upgrade data sent by the upper computer 100 and transmitted through the external user gateway 300, and the main control chip 210 is configured to decrypt the encrypted upgrade data based on the decryption key to obtain data to be upgraded, so as to perform a secure upgrade based on the data to be upgraded.
In an embodiment, the key injection port 201 comprises a serial communication interface and the first communication port 202 comprises a 485 port.
In one embodiment, the main control chip 210 includes a secure encryption engine component.
In this embodiment, unlike the conventional user gateway which is connected to the upper computer to perform key transmission, and further, unlike the scheme of performing security upgrade after encrypting the transmitted data based on the key on the user gateway, the present application stores the decryption key injected from the external upper computer 100 through the key injection port 201, and further performs verification and decryption in the inverter 200, so that the necessity of setting the key on the user gateway can be avoided, that is, the security upgrade of the inverter can be implemented on the premise of not depending on the security design of the user gateway. It should be noted that, except that the decryption key of the first time (in the production stage) is directly burned through the key injection port 201 of the upper computer 100 to the inverter 200, the upper computer 100 is subsequently transmitted to the inverter 200 through the user gateway 300, for example, manually or through a port downloaded to a server by a user, and the server is transmitted to the user gateway 300 in a wireless communication manner, that is, at this time, the encrypted upgrade data sent by the upper computer 100 and transmitted through the external user gateway 300 is received. Because the decryption key is already present in the inverter 200 at this time, the inverter 200 can encrypt and verify the signature of the transmitted data based on the decryption key, so as to ensure the security of the data. The decryption key refers to a key for decrypting data or a new key, and may be consistent with a common decryption manner, but is not limited thereto, and the encrypted upgrade data refers to upgrade data after encryption, and may be a key or firmware to be upgraded. Since the decryption key is stored in the main control chip 210 of the inverter 200, the secure upgrade of the inverter 200 can be realized without using the subscriber gateway 300, and thus the secure upgrade of the inverter can be realized without depending on the secure design of the subscriber gateway by setting the decryption key inside the inverter.
In one embodiment, after the decryption key is injected in the production stage, the decryption key is used to securely upgrade the encrypted upgrade data, and the encrypted upgrade data may be encrypted with the subsequent key or firmware, which is not limited herein. When the encrypted upgrade data is required to be transmitted (if the user sends an upgrade requirement), the upper computer 100 transmits the encrypted upgrade data to the inverter 200 through the user gateway 300, and the inverter 200 decrypts the encrypted upgrade data based on the stored decryption key to obtain the data to be upgraded so as to upgrade the program or the key inside the inverter 200 based on the data to be upgraded, wherein the encrypted upgrade data refers to the program or the key after the upper computer 100 encrypts, and the data to be upgraded refers to the program or the key after the inverter 200 decrypts the encrypted upgrade data and verifies the signature. The encryption, decryption, signature verification and signature may be performed in the same manner as in the prior art, and are not limited herein. A decryption chip (may be directly a control chip in the main control chip 210) may also be directly disposed in the main control chip 210, so as to transmit the decryption key and the encrypted upgrade data to the chip for processing. It should be noted that the key injection port 201 includes a serial communication interface, the second communication port 202 on the inverter 200 and connected to the subscriber gateway 300 includes a 485 port, and the first communication port 102 includes a wireless network port, but may be other communication ports, which is not limited herein. In another embodiment, to ensure the security of the data inside the inverter, the main control chip 210 includes a secure encryption engine component, where the secure encryption engine is a key component of the inverter, and integrates multiple security protection mechanisms to ensure that the inverter can maintain a safe, stable, and reliable operation state under various operation conditions. The safety protection functions include, but are not limited to, short-circuit protection, overload protection, overvoltage protection, undervoltage protection, overtemperature protection and the like, and can rapidly cut off a power supply or adjust the working state when abnormal conditions occur, so that equipment damage is prevented or safety accidents are caused, and the safety of internal decryption key storage and use is ensured. The whole process can realize the safe upgrading of the inverter by using the inverter with the safe encryption engine without depending on the safe design of the user gateway, so that the safe upgrading of the inverter can be realized by a new inverter on the premise of not depending on the safe design of the user gateway.
In the embodiment, the inverter comprises a main control chip, a key injection port, a first communication port and a first communication port, wherein the key injection port is connected with the main control chip, the main control chip is arranged to store a decryption key injected by an external upper computer through the key injection port, the first communication port is connected with the main control chip and is arranged to receive encryption upgrading data sent by the upper computer and transmitted through an external user gateway, the main control chip is arranged to decrypt the encryption upgrading data based on the decryption key to obtain data to be upgraded so as to conduct safe upgrading based on the data to be upgraded, the decryption key is injected into the inverter through the key injection port of the inverter through the upper computer so that when the inverter receives the encryption upgrading data sent by the upper computer and transmitted through the external user gateway, the encryption upgrading data can be decrypted based on the decryption key to obtain the data to be upgraded, the phenomenon that the user gateway connected with the inverter can conduct safe upgrading based on the data to be upgraded is avoided, and the safe upgrading can be achieved by the user gateway which is not dependent on the encryption upgrading can be conducted on the user gateway as a set position, and the safe upgrading can be achieved under the premise that the user gateway is designed.
Further, based on the above-mentioned first embodiment of the present application, a second embodiment of the inverter of the present application is proposed, referring to fig. 2, fig. 2 is a schematic frame diagram of the second embodiment of the inverter of the present application, and the inverter 200 further includes:
An internal control chip 220, wherein an input end of the internal control chip 220 is connected with a first output end of the main control chip 210, and when the data to be upgraded is the upgrade firmware of the internal control chip 220, the internal control chip 220 is configured to perform a secure upgrade based on the data to be upgraded;
An external control chip 230, an input terminal of the external control chip 230 is connected to a second output terminal of the main control chip 210, and when the data to be upgraded is the upgrade firmware of the external control chip 230, the external control chip 230 is configured to perform a secure upgrade based on the data to be upgraded.
In this embodiment, the inside of the inverter 200 includes at least a main control chip 210, an internal control chip 220 and an external control chip 230, wherein, because the main control chip 210 includes a secure encryption engine component, that is, the main control chip 210 is mainly used for storing a decryption key, and decrypting and verifying a signature of data transmitted by the second communication port 202 by using the decryption key, an input end of the main control chip 210 may be the same port, that is, the port may receive the decryption key burnt by the upper computer 100 or may receive the data burnt by the user gateway 300 for decryption, and an input end of the main control chip 210 may be different ports, that is, separately receive the decryption key burnt by the upper computer 100 through one port and separately receive the data burnt by the user gateway 300 through another port for decryption. It should be noted that, the decryption key burned from the host computer 100 or the decryption key in the data from the user gateway 300 needs to be directly stored into the main control chip 210, and the data to be upgraded in the data from the user gateway 300 can be safely upgraded in the main control chip 210, the internal control chip 220 or the external control chip 230 according to the requirement, that is, the main control chip 210 is responsible for operations such as key storage, decryption signature verification and the like. Because firmware upgrade is required for the internal control chip 220 and the external control chip 230, the main control chip 210 is also connected with the internal control chip 220 and the external control chip 230 inside the inverter 200 to transmit data to be upgraded among data from the subscriber gateway 300 to the corresponding chips through different ports of the main control chip 210, so as to implement program upgrade for the corresponding chips. The internal control chip 220 includes a digital signal processing chip and a programmable logic control chip, that is, the main control chip 210 may transmit an upgrade program of the digital signal processing chip and the programmable logic control chip to a corresponding chip through a specific interface, such as a process program upgrade of the digital signal processing chip, and a storage program upgrade of the programmable logic control chip, and the external control chip 230 includes a battery management chip, that is, the main control chip 210 may transmit an upgrade program of the battery management chip to a corresponding chip, such as a battery power control program of the battery management chip through a specific interface, which is only an example of a part of chips, and other different kinds of chips may exist, which are not limited herein.
In an embodiment, referring to fig. 2, the inverter 200 needs to be connected to an upper computer through the server 400 and the user gateway 300, where the server 400 is connected to the first communication port 102 and the user gateway 300 through a server or APP (Application), that is, is connected to the first communication port 102 in the user gateway 300 and the upper computer 100 through communication, where the first communication port 102 mainly refers to an output port of a key management tool in the upper computer 100, and the key management tool may be a software program in the upper computer 100, such as a program developer, etc., it is worth noting that the upper computer 100 may also be directly connected to the main control chip 210 (where the key injection port 201 of the inverter 200 is connected to the output interface 101 of a special key management tool in the upper computer 100), that is, a decryption key is directly injected (burned) in a production phase, but after the end of the production phase, data transmission between the key injection port 201 and the output interface 101 is limited, so as to ensure the data security inside the inverter. Further, referring to fig. 4, fig. 4 is a connection schematic diagram of the inverter according to the present application, in which connection relationships among the inverter 200, the host computer 100 and the user gateway 300 are described, and the host computer 100 and the inverter 200 are in serial communication, and when the inverter 200 is in a production stage (generally referred to as a state of the inverter 200), a key is directly injected into the inverter 200 in a serial communication manner, and after the key injection is completed or the production stage is completed, data transmission between the host computer 100 and the inverter 200 is cut off (for example, a port is limited, and a user disconnects a connection line) is cut off, and at this time, data is transmitted to the user gateway 300 through the host computer 100, so as to upgrade the key or upgrade the firmware, wherein the firmware refers to an upgrade program of the inverter 200, and at this time, the firmware and the key are collectively referred to as upgrade data, and the upgrade data can be transmitted in a communication manner, and at this time, direct communication between the host computer 100 and the inverter 200 can be limited to ensure that the data inside the inverter cannot be tampered or read, and further ensure the security of the inverter upgrade.
Further, based on the first embodiment and/or the second embodiment of the present application, a third embodiment of the inverter of the present application is proposed, referring to fig. 3, fig. 3 is a schematic frame diagram of the third embodiment of the inverter of the present application, and the main control chip 210 includes:
A random number generation module 211, wherein the random number generation module 211 is used for generating a random number;
The encryption and decryption operation module 212 is connected with the random number generation module 211 and the key injection port 201, and the encryption and decryption operation module 212 is used for obtaining an encrypted decryption key based on the random number and the decryption key;
The secure storage module 213 is connected to the encryption/decryption operation module 212, and the secure storage module 213 is configured to store the encrypted decryption key, where the encryption/decryption operation module 212 is further configured to decrypt the encrypted upgrade data based on the decryption key to obtain the data to be upgraded.
In one embodiment, the secure memory module 213 is an EEPROM, FUSE, or FLASH memory of the main control chip 210.
In one embodiment, the encryption and decryption operation module 212 includes an HMAC module.
In an embodiment, the inverter 200 further includes:
The transmission module is connected with the user gateway 300 and the main control chip 210 through the first communication port 202, wherein the transmission module comprises a wire physical connection or a serial port bluetooth and RFID wireless transmission device communication connection.
In this embodiment, the main control chip 210 includes a random number generating module 211, an encryption/decryption operation module 212, and a secure storage module 213, where the random number generating module 211 is configured to generate a random number, and package the random number and the decryption key in the decryption operation module 212 to obtain a decryption key after encryption, that is, encrypt the decryption key based on the random number and store the decryption key in the secure storage module 213. It should be noted that, the whole storage process may be to obtain an encryption key, encrypt with a random number, and store in the secure storage module 213, where the secure storage module 213 is an EEPROM, a FUSE, or a FLASH of the main control chip 210, and the encryption/decryption operation module 212 includes an HMAC module, and the encryption manner using the random number is the same as the existing manner, and is not limited herein. When the decryption key is used, the random number is used for decryption to obtain the decryption key, and the encryption and decryption operation module 212 performs decryption. It should be noted that, the inverter 200 further includes a transmission module, where the transmission module is configured to transmit data between the subscriber gateway 300 and the inverter 200, including a physical connection of wires, or a communication connection of serial bluetooth and RFID wireless transmission devices.
The present application also provides an energy storage system, referring to fig. 7, fig. 7 is a schematic connection diagram of the energy storage system, where the energy storage system includes the inverter 200 described above;
The key injection port 201 of the inverter 200 is connected to the output interface 101 of the external host computer 100, and the second communication port 202 of the inverter 200 is connected to the external user gateway 300.
The energy storage system may further include an enclosure formed by a device housing, the inverter may be disposed in the enclosure, the enclosure is provided with a corresponding port and is connected to the output interface 101 of the upper computer 100 and the external user gateway 300, and the second communication port 201 includes a wireless network port. It should be noted that the user gateway, the upper computer and the server may be directly disposed on the inverter, and the inverter may form a control system of the entire inverter.
The device provided by the application can solve the technical problem of realizing the safety upgrading of the inverter on the premise of not depending on the safety design of the user gateway. Compared with the prior art, the beneficial effects of the device provided by the application are the same as those of the device circuit provided by the embodiment, and the description is omitted here.
In an embodiment, referring to fig. 8, fig. 8 is a schematic diagram illustrating connection of a port conduction selector in an inverter of an energy storage system according to the present application, the energy storage system further includes:
And the level controller is connected with a level control port of the inverter and is used for controlling the inverter to be in different operation states based on different levels, wherein the operation states comprise a power-on state, a key injection state and a normal state.
In one embodiment, the level controller includes:
a high level power supply;
The first end of the conduction switch is connected with the level control port and the high-level power supply, the second end of the conduction switch is grounded, the conduction switch is used for grounding the level control port when being pressed down, and the level control port is connected with the high-level power supply when not being pressed down.
In this embodiment, the energy storage system further includes a level controller, and the level controller is connected to the level control port of the inverter, as shown in fig. 7, the inverter 200 further includes a first control port 203 and a second control port 204, so the inverter further includes a level controller for controlling the two ports. It should be noted that, the inverter 200 may have only one port, so that the control is performed by using one level controller, and the advantage of using one port for control is that the number of ports can be saved, but only two kinds of control logic, i.e. high level control and low level control, can be implemented at this time, and four kinds of control logic, i.e. 01, 10, 11 and 00, can be implemented by two port control, wherein 1 indicates a high level, 0 indicates a low level, and in this embodiment, the control circuits of the respective ports can be the circuits for controlling and outputting the high level and the low level. In an embodiment, both control circuits (i.e., the first signal output circuit 510 and the second signal output circuit 520) may be composed of a power source (high level power source) and a selection key switch (on switch) (other circuits or devices outputting high and low levels may be used, which are not limited herein, such as directly and manually connecting high or low). Taking the first signal output circuit 510 as an example, the first signal output circuit 510 may be implemented, when the selection key switch is pressed, the first power supply 511 is directly connected to the first control port 203, where the first control port 203 inputs a high level, and when the selection key switch is not pressed, the first signal output circuit 510 is connected to the first control port 203, where the first control port 203 inputs a low level, that is, different levels of the first control port 203 are input, so as to control the operation of the inverter 200. It should be noted that, the control logic of the second signal output circuit 520 is the same as that of the first signal output circuit 510, and it is not described here, and the first power source 511 and the second power source 521 may be directly shared without affecting the actual output signals of the first signal output circuit 510 and the second signal output circuit 520. The first control port and the second control port can also control the inverter to realize the power-on function, the power-on conduction selector is controlled by the first control port and the second control port to connect the internal power supply interface to the chip needing power supply, at the moment, the internal power supply interface also needs to be connected with the voltage processing circuit, and then the voltage processing circuit outputs voltages with different magnitudes to supply power to the chip, wherein the voltage processing circuit can be composed of respective voltage stabilizing chips, such as 78, 79 series chips outputting +5V, +9V and +12V voltages to the needed chip interface, at the moment, the voltage processing circuit can be a common power supply circuit to process input voltages to output the magnitude voltages needed by each chip, and can also be directly used as each single direct current-to-direct current chip, and the voltage processing circuit is not limited. To achieve inverter security upgrades through port control of inverter 200.
In an embodiment, as shown in fig. 4, a PCS (inverter) device with a secure encryption engine is connected to an upper computer 100 through an SCI (Serial Communication Interface ), and in a production stage, a first control port and a second control port are pulled down through a first signal output circuit 510 and a second signal output circuit 520 to realize power-up of the inverter 200, and then the upper computer 100 is connected to the PCS device through the SCI port, and then pulls up an input signal of the second control port, and performs a key injection operation, after the operation is successful, the first control port and the second control port recover to a normal state (pull up), and no other control is performed on the inverter at this time. After the non-production phase, the first control port and the second control port are electrified again, the PCS equipment with the security encryption engine establishes communication with the gateway through the 485 port, the application program is upgraded to the PCS equipment through the gateway in an OTA mode, so that data transmission of the non-production phase is completed, other control logics can be adopted in the whole flow, for example, keys are injected when the first control port and the second control port are both in high level, the control logics of the inverter are electrified when the first control port and the second control port are both in low level, the control logics of the inverter are not limited, and the keys are stored in the inverter through the inverter, so that the user gateway does not have security. It should be noted that, in order to ensure that the data cannot be modified by external factors, the inverter 200 may be provided with a port on selector inside the inverter 200, where the port on selector may be controlled by input signals of the first control port and the second control port, or may be other controls, for example, the connection between the upper computer 100 and the inverter 200 may be directly prohibited when the internal program logic control of the inverter is not in the production stage, or a switch may be directly provided on a connection line between the upper computer 100 and the inverter 200, so that the upper computer 100 and the inverter 200 may be connected through the switch when the internal program logic control of the inverter is in the production stage, and the direct connection line between the upper computer 100 and the inverter 200 may be disconnected through the switch after the internal program logic control of the inverter is in the production stage (generally referred to as an unused production process of the inverter).
In an embodiment, referring to fig. 5, fig. 5 is a schematic view of a scenario of the inverter according to the present application, at this time, in a production stage, the control upper computer 100 is directly connected to the inverter 200, the decryption key generated by the upper computer 100 can be directly injected into the inverter 200, and further the inverter 200 can perform security upgrade (firmware and key upgrade) based on the decryption key, at this time, the user gateway 300 can also be used to inject the key, but at this time, the cost of connecting the user gateway 300 in the production stage is high, if the user gateway 300 is on the client side, and processing is required on the client side. Further, referring to fig. 6, fig. 6 is a schematic diagram of another scenario of the inverter according to the present application, when the inverter is in a non-production stage, the upper computer 100 is controlled to disconnect from the inverter 200, and at this time, data cannot be directly transmitted to the inverter 200 or read from the data in the inverter 200, so as to further ensure the security of the data in the inverter 200, and at this time, after the key update and the firmware upgrade are transmitted from the upper computer 100 to the user gateway 300, the key update and the firmware upgrade are transmitted from the user gateway 300 to the inverter 200, so as to avoid the data in the inverter 200 from being read or tampered with, so as to ensure the security of the data in the inverter.
The foregoing description is only a partial embodiment of the present application, and is not intended to limit the scope of the present application, and all the equivalent structural changes made by the description and the accompanying drawings under the technical concept of the present application, or the direct/indirect application in other related technical fields are included in the scope of the present application.

Claims (11)

1.一种逆变器,其特征在于,所述逆变器包括:1. An inverter, characterized in that the inverter comprises: 主控制芯片;Main control chip; 密钥注入端口,所述密钥注入端口与所述主控制芯片连接,所述主控制芯片被设置为存储外部的上位机经所述密钥注入端口注入的解密密钥;A key injection port, the key injection port is connected to the main control chip, and the main control chip is configured to store a decryption key injected by an external host computer through the key injection port; 第一通信端口,所述第一通信端口与所述主控制芯片连接,所述第一通信端口被设置为接收所述上位机发送且经外部的用户网关传输的加密升级数据,所述主控制芯片被设置为基于所述解密密钥对所述加密升级数据进行解密得到待升级数据,以基于所述待升级数据进行安全升级。A first communication port, wherein the first communication port is connected to the main control chip, and the first communication port is configured to receive encrypted upgrade data sent by the host computer and transmitted via an external user gateway, and the main control chip is configured to decrypt the encrypted upgrade data based on the decryption key to obtain the data to be upgraded, so as to perform a security upgrade based on the data to be upgraded. 2.如权利要求1所述的逆变器,其特征在于,所述逆变器还包括:2. The inverter according to claim 1, characterized in that the inverter further comprises: 内部控制芯片,所述内部控制芯片的输入端与所述主控制芯片的第一输出端连接,在所述待升级数据为所述内部控制芯片的升级固件时,所述内部控制芯片被设置为基于所述待升级数据进行安全升级;an internal control chip, wherein an input end of the internal control chip is connected to a first output end of the main control chip, and when the data to be upgraded is an upgrade firmware of the internal control chip, the internal control chip is configured to perform a security upgrade based on the data to be upgraded; 外部控制芯片,所述外部控制芯片的输入端与所述主控制芯片的第二输出端连接,在所述待升级数据为所述外部控制芯片的升级固件时,所述外部控制芯片被设置为基于所述待升级数据进行安全升级。An external control chip, wherein the input end of the external control chip is connected to the second output end of the main control chip, and when the data to be upgraded is the upgrade firmware of the external control chip, the external control chip is configured to perform a security upgrade based on the data to be upgraded. 3.如权利要求1所述的逆变器,其特征在于,所述主控制芯片包括:3. The inverter according to claim 1, characterized in that the main control chip comprises: 随机数发生模块,所述随机数发生模块用于产生随机数;A random number generation module, wherein the random number generation module is used to generate random numbers; 加解密运算模块,所述加解密运算模块与所述随机数发生模块和所述密钥注入端口连接,所述加解密运算模块用于基于所述随机数和所述解密密钥进行封装得到加密之后的解密密钥;An encryption and decryption operation module, the encryption and decryption operation module is connected to the random number generation module and the key injection port, and the encryption and decryption operation module is used to encapsulate the random number and the decryption key to obtain the encrypted decryption key; 安全存储模块,所述安全存储模块与所述加解密运算模块连接,所述安全存储模块用于存储所述加密之后的解密密钥,其中,所述加解密运算模块还用于基于所述解密密钥对所述加密升级数据进行解密得到待升级数据。A secure storage module, the secure storage module is connected to the encryption and decryption operation module, the secure storage module is used to store the decryption key after the encryption, wherein the encryption and decryption operation module is also used to decrypt the encrypted upgrade data based on the decryption key to obtain the data to be upgraded. 4.如权利要求3所述的逆变器,其特征在于,所述安全存储模块为主控制芯片的EEPROM、FUSE或FLASH。4. The inverter according to claim 3, characterized in that the safety storage module is an EEPROM, FUSE or FLASH of a main control chip. 5.如权利要求3所述的逆变器,其特征在于,所述加解密运算模块包括HMAC模块。5. The inverter according to claim 3, characterized in that the encryption and decryption operation module includes an HMAC module. 6.如权利要求1至5任一项所述的逆变器,其特征在于,所述逆变器还包括:6. The inverter according to any one of claims 1 to 5, characterized in that the inverter further comprises: 传输模块,所述传输模块通过所述第一通信端口分别与所述用户网关和所述主控制芯片连接,其中,所述传输模块包括线材物理连接,或串口蓝牙、RFID无线传输设备通信连接。A transmission module, wherein the transmission module is connected to the user gateway and the main control chip respectively through the first communication port, wherein the transmission module includes a physical connection of a wire, or a communication connection of a serial Bluetooth or RFID wireless transmission device. 7.如权利要求1至5任一项所述的逆变器,其特征在于,所述密钥注入端口包括串行通信接口,所述第一通信端口包括485端口。7. The inverter according to any one of claims 1 to 5, characterized in that the key injection port comprises a serial communication interface, and the first communication port comprises a 485 port. 8.如权利要求1至5任一项所述的逆变器,其特征在于,所述主控制芯片包括安全加密引擎组件。8. The inverter according to any one of claims 1 to 5, characterized in that the main control chip includes a security encryption engine component. 9.一种储能系统,其特征在于,所述储能系统包括权利要求1至8任一项所述的逆变器;9. An energy storage system, characterized in that the energy storage system comprises the inverter according to any one of claims 1 to 8; 所述逆变器的密钥注入端口与外部的上位机的输出接口连接,所述逆变器的第二通信端口与外部的用户网关连接。The key injection port of the inverter is connected to the output interface of an external host computer, and the second communication port of the inverter is connected to an external user gateway. 10.如权利要求9所述的储能系统,其特征在于,所述储能系统还包括:10. The energy storage system according to claim 9, characterized in that the energy storage system further comprises: 电平控制器,所述电平控制器与所述逆变器的电平控制端口连接,所述电平控制器被设置为基于不同的电平控制所述逆变器处于不同运行状态,其中,所述运行状态包括上电状态、密钥注入状态和常态。A level controller is connected to the level control port of the inverter, and is configured to control the inverter to be in different operating states based on different levels, wherein the operating states include a power-on state, a key injection state, and a normal state. 11.如权利要求10所述的储能系统,其特征在于,所述电平控制器包括:11. The energy storage system according to claim 10, characterized in that the level controller comprises: 高电平电源;High level power supply; 导通开关,所述导通开关的第一端与所述电平控制端口和所述高电平电源连接,所述导通开关的第二端接地,所述导通开关用于在按下时,所述电平控制端口接地,在未按下时,所述电平控制端口与所述高电平电源连接。A conduction switch, wherein a first end of the conduction switch is connected to the level control port and the high level power supply, a second end of the conduction switch is grounded, and the conduction switch is used to connect the level control port to the ground when pressed, and connect the level control port to the high level power supply when not pressed.
CN202422320714.2U 2024-09-23 2024-09-23 Inverter and energy storage system Active CN223110035U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202422320714.2U CN223110035U (en) 2024-09-23 2024-09-23 Inverter and energy storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202422320714.2U CN223110035U (en) 2024-09-23 2024-09-23 Inverter and energy storage system

Publications (1)

Publication Number Publication Date
CN223110035U true CN223110035U (en) 2025-07-15

Family

ID=96317018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202422320714.2U Active CN223110035U (en) 2024-09-23 2024-09-23 Inverter and energy storage system

Country Status (1)

Country Link
CN (1) CN223110035U (en)

Similar Documents

Publication Publication Date Title
US9251380B1 (en) Method and storage device for isolating and preventing access to processor and memory used in decryption of text
US8683215B2 (en) Programmable security platform
US8516268B2 (en) Secure field-programmable gate array (FPGA) architecture
KR101239297B1 (en) System for protecting information and method thereof
CN111917710B (en) PCI-E password card, key protection method thereof, and computer-readable storage medium
EP2485512B1 (en) Encryption device and method for controlling download and access operations performed to a mobile terminal
CN112910100B (en) Credible power supply and receiving device and control method thereof
CN112270020B (en) Terminal equipment safety encryption device based on safety chip
US11847228B2 (en) Platform security mechanism
CN110110534A (en) A kind of FPGA safe operation system and method
CN107994985B (en) A kind of cipher card and the method to data processing
CN113360887B (en) An authentication encryption method and module for relay protection equipment
CN119066679A (en) Substation remote operation and maintenance method, electronic device and computer-readable storage medium
CN113407953A (en) Property right protection method and system
CN104298936A (en) FPGA encryption and parameter configuration system based on CPLD chip
CN223110035U (en) Inverter and energy storage system
US20220182248A1 (en) Secure startup method, controller, and control system
CN106203134A (en) Anti-brush machine system and method based on hardware encryption
CN109960943A (en) A kind of encryption device
CN204066120U (en) A kind of FPGA based on CPLD chip encrypts and parameter configuring system
WO2023211538A1 (en) Method and apparatus for distributing encrypted device unique credentials
CN107070658B (en) Improved method of system encryption authentication mechanism
CN215340907U (en) Multifunctional notebook docking station
CN108882217A (en) A kind of method and its bluetooth equipment of batch write-in Bluetooth MAC address
CN209949120U (en) Ten-million Ethernet encryption and decryption board card

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant