CN108833346A - A kind of industrial control system safety communicating method and device - Google Patents
A kind of industrial control system safety communicating method and device Download PDFInfo
- Publication number
- CN108833346A CN108833346A CN201810421319.XA CN201810421319A CN108833346A CN 108833346 A CN108833346 A CN 108833346A CN 201810421319 A CN201810421319 A CN 201810421319A CN 108833346 A CN108833346 A CN 108833346A
- Authority
- CN
- China
- Prior art keywords
- message
- timestamp
- control system
- receiving end
- signed data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of industrial control system safety communicating method and device, and when industrial control system control centre or controlled terminal send the messages such as control or measurement as transmitting terminal, completeness check code or signature are added after message;After receiving end receives message, label are verified or solved to completeness check code or signature, message is handled again after success.Using technical solution of the present invention, industrial control system control centre (main website) can verify the identity of message transmitting party with controlled terminal (substation), prevent malicious persons from control centre (main website) or controlled terminal (substation) being pretended to be to control and destroy industrial control system;The messages such as measurement, control, parameter setting are protected, prevent malicious persons from distorting to message content.Under the premise of supporting existing industry control communication protocol functions, data source authentication, integrity protection and the preventing playback attack function between control centre (main website) and controlled terminal (substation) can be realized.
Description
Technical field
The present invention relates to fields of communication technology, more particularly, to a kind of industrial control system safety communicating method and dress
It sets.
Background technique
Industrial control system (Industrial control system, ICS) is the general name to various control system, packet
Include supervisory control and data acquisition (SCADA) (Supervisory Control And Data Acquisition, SCADA) system, distributed control
System (Distributed Control System DCS) processed and programmable logic controller (PLC) (Programmable
Logic Controller PLC) etc small-sized control system device.Industrial control system is widely used in electric power, originally
Water, petroleum, natural gas, chemical industry, communications and transportation, pharmacy, paper pulp and papermaking, the energy, food and drink manufacture.
Industrial control system is made of main website, network and substation.The basic functional principle of industrial control system is substation pair
Technical process measurement data are acquired, and are sent data to main website by network, are sent by network to substation after main website analysis
The order such as control or parameter setting, substation carry out movement to industrial process and time implementing result and/or state are returned to main website.
At present communication protocol used in industrial control system include the series of IEC 60870,60970 series of IEC, IEC61850 series,
The characteristics of DNP 3 etc., these agreements is using reliability as primary demand, and there is no consider transmitting-receiving certification, data integrity sum number
According to secure contents such as confidentiality.
But due to the calculating bad environments of industrial control system application, not only network communication mode is numerous, including special line
Dialing, optical fiber private network, mobile GPRS, satellite communication etc., and the state of equipment in a distributed manner, are fully exposed to open meter
It calculates among environment, a possibility that there are opponent's attacks;The communication protocol of open network environment and " zero security mechanism " makes work
Industry control system faces numerous Information Security Risks.
Summary of the invention
The present invention provides a kind of a kind of Industry Control system for overcoming the above problem or at least being partially solved the above problem
System safety communicating method and device, solve the state of the equipment of industrial control system in the prior art in a distributed manner, completely sudden and violent
It is exposed among open calculating environment, the communication protocol of open network environment and " zero security mechanism " makes Industry Control system
The problem of system faces numerous Information Security Risks.
According to an aspect of the present invention, a kind of industrial control system safety communicating method is provided, including:
After transmitting terminal generates important traffic message to be protected, local zone time is filled after the important traffic message
Stamp, and fill after the timestamp by local prefabricated private key, to generate to the important traffic message to the time
The signed data of this segment data is stabbed, and the signed data is synthesized into composite safe message and is sent.
Preferably, transmitting terminal generate important traffic message to be protected before further include:
Transmitting terminal generates elliptic curve cryptography key pair, and the key pair includes private key and public key.
It is specifically included preferably, the signed data is synthesized composite safe message and is sent:
Safe packet end mark byte is filled after the signed data, and is synthesized composite safe message and sent out
It goes.
A kind of industrial control system secure communication device, including transmitting terminal, it is logical that the transmitting terminal generates key to be protected
After believing message, local time stamp is filled after the important traffic message, and is filled after the timestamp by local pre-
The private key of system, to generate to the important traffic message to the signed data of this segment data of timestamp, and by the signature
Data Synthesis is that composite safe message is sent.
A kind of industrial control system safety communicating method, including:
Receiving end receive transmitting terminal send composite safe message, and extract the timestamp in the composite safe message and
Signed data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
Preferably, if the difference of the timestamp and the local zone time not in setting time window, abandons
The composite safe message;
If the difference of the timestamp and the local zone time, in setting time window, whether the timestamp
In the registered timestamp list in receiving end, if it is not, then abandoning the composite safe message.
Preferably, abandoning the composite safe if invalid according to the prefabricated public key verifications signed data in receiving end
Message does not return to any data.
Preferably, and to effective signed data carry out processing specifically include:
Receiving end handles the important traffic message, and whether normal, processing is returned if abnormal if observing processing result
The timestamp is then registered in timestamp list by exception message if normal, and returns to processing normal message.
A kind of industrial control system secure communication device, including receiving end, the receiving end receive answering for transmitting terminal transmission
Safe packet is closed, and extracts the timestamp and signed data in the composite safe message;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
A kind of industrial control system safety communicating method, including:
After transmitting terminal generates important traffic message to be protected, local zone time is filled after the important traffic message
Stamp, and fill after the timestamp by local prefabricated private key, to generate to the important traffic message to the time
The signed data of this segment data is stabbed, and the signed data is synthesized into composite safe message and is sent;
Receiving end receive transmitting terminal send composite safe message, and extract the timestamp in the composite safe message and
Signed data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
The present invention proposes a kind of industrial control system safety communicating method and device, when industrial control system control centre or
When controlled terminal sends the messages such as control or measurement as transmitting terminal, completeness check code or signature are added after message;It receives
After end receives message, label are verified or solved to completeness check code or signature, message is handled again after success.Using this
The technical solution of inventive embodiments, industrial control system control centre (main website) and controlled terminal (substation) can send message
The identity of side is verified, and prevents malicious persons from pretending to be control centre (main website) or controlled terminal (substation) to industrial control system
It is controlled and is destroyed;The messages such as measurement, control, parameter setting are protected simultaneously, prevent malicious persons to message content
Distort, the present invention can be realized control centre (main website) and controlled under the premise of supporting existing industry control communication protocol functions
Data source authentication, integrity protection and preventing playback attack function between terminal (substation).
Detailed description of the invention
Fig. 1 is to generate schematic diagram according to key pair of the embodiment of the present invention;
Fig. 2 is the transmitting terminal transmission flow schematic diagram according to the embodiment of the present invention;
Fig. 3 is to receive flow diagram according to the receiving end of the embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below
Example is not intended to limit the scope of the invention for illustrating the present invention.
As depicted in figs. 1 and 2, a kind of industrial control system safety communicating method is shown in figure, including:
After transmitting terminal generates important traffic message to be protected, local zone time is filled after the important traffic message
Stamp, and fill after the timestamp by local prefabricated private key, to generate to the important traffic message to the time
The signed data of this segment data is stabbed, and the signed data is synthesized into composite safe message and is sent.
As shown in Fig. 2, in the present embodiment, when industrial control system control centre or controlled terminal are sent as transmitting terminal
When the messages such as control or measurement, transmitting terminal generates to be protected, original important traffic message, and the important traffic message is in this reality
Applying becomes original message M in example, completeness check code or signature are added after message.
In the present embodiment, further include before transmitting terminal generates important traffic message to be protected:
Transmitting terminal generates elliptic curve cryptography key pair, and the key pair includes private key and public key.Elliptic curve label
Name function Sign (tosign, Prik)->Signature is ellipse curve signature function, and input tosign is number to be signed
According to PriK is private key, and output signature is signature;
Elliptic curve sign test function verify (sign, Pubk)->0/err is elliptic curve sign test function, input
Sign is signature, and PubK is public key key, and output 0 is expressed as signature correctly, other indicate mistakes;":" indicate string-concatenation
Behind character string.
As shown in fig. 1, transmitting terminal generates elliptic curve cryptography key pair PriK and PubK.Here elliptic curve
Cryptographic algorithm refers in particular to what the present invention used, by the elliptic curve cryptography of depth optimization.Here generating algorithm key pair,
It should be realized using by hard-wired encrypted card, encryption chip, encryption equipment, to guarantee the safety of private key storage.
Local time stamp M is filled after transmitting terminal original message | | timestamp.
Transmitting terminal fills the signature by local prefabricated private key to original message to this segment data of timestamp after timestamp
Data signature=Sign (M | | timestamp, PriK).
Specifically, in the present embodiment, the signed data is synthesized into composite safe message sends and specifically include:
Safe packet end mark byte end is filled after the signed data, and synthesizes composite safe message SM hair
See off, SM=Signature | | end.
A kind of industrial control system secure communication device, including transmitting terminal, the transmitting terminal are additionally provided in the present embodiment
After generating important traffic message to be protected, local time stamp is filled after the important traffic message, and in the time
Filling is by local prefabricated private key after stamp, to generate to the important traffic message to the signature of this segment data of timestamp
Data, and the signed data is synthesized into composite safe message and is sent.
A kind of industrial control system safety communicating method is additionally provided in the present embodiment, including:
Receiving end receive transmitting terminal send composite safe message, and extract the timestamp in the composite safe message and
Signed data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
Industrial control system control centre (main website) and controlled terminal (substation) can carry out the identity of message transmitting party
Verifying, prevents malicious persons from control centre (main website) or controlled terminal (substation) being pretended to be to control and break industrial control system
It is bad;The messages such as measurement, control, parameter setting are protected simultaneously, prevent malicious persons from distorting to message content.
Specifically, as shown in figure 3, according to composite safe message to extract original important traffic message (original for receiving end
Message M) timestamp (timestamp) and signed data signature;Local zone time localtime is extracted in receiving end, when comparing
Between whether stab in reasonable time window, (localtime-timestamp)<W?;
Specifically, if described in the difference of the timestamp and the local zone time not in setting time window, abandons
Composite safe message does not return to any data;
If the difference of the timestamp and the local zone time, in setting time window, whether the timestamp
In the registered timestamp list L in receiving end, if it is not, then abandoning the composite safe message.
In the present embodiment, receiving end is according to the prefabricated whether effective ret=verify of public key verifications signed data
(signature, PubK), ret=0?If prefabricated public key verifications signed data is invalid according to receiving end, abandon described multiple
Safe packet is closed, does not return to any data.
In the present embodiment, and processing is carried out to effective signed data to specifically include:
Receiving end handles the important traffic message, and whether normal, processing is returned if abnormal if observing processing result
The timestamp is then registered in timestamp list L if normal, and returns to processing normal message by exception message.
It can be according to original after receiving composite safe message M for existing old terminal (substation) in operating status
Data format, the normal part original load m read in frame, ignores the processing to completeness check code.For example, in the Chinese people
Include length item in the 1-ISO/IEC8802-3 frame format of republic power industry standard IEC61850-8-1, can recorde
The length of message." 4.2 101 specifications can be changed frame length lattice in " IEC60870-5-101/104 is applied to electrical power distribution automatization system "
The length of message can be listed in formula " by " length L " item.Integrity verification code/signature length can be preset, or
It is determined according to algorithm, security parameter.
In above-described embodiment, transmitting terminal signs to the summary info of message, and receiving end carries out data source according to signature
Certification and integrity verification, ensure that the safety of information exchange;Signature is placed on behind original, can be compatible with as far as possible existing
Industrial control system communication protocol;New model terminal carries out verification processing, and old terminal can be omitted the processing of completeness check code,
So as to compatible with existing system as far as possible, the significant cost that all devices are transformed is avoided.
A kind of industrial control system secure communication device, including receiving end, the receiving end are additionally provided in the present embodiment
The composite safe message that transmitting terminal is sent is received, and extracts the timestamp and signed data in the composite safe message;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
A kind of industrial control system safety communicating method is additionally provided in the present embodiment, including:
After transmitting terminal generates important traffic message to be protected, local zone time is filled after the important traffic message
Stamp, and fill after the timestamp by local prefabricated private key, to generate to the important traffic message to the time
The signed data of this segment data is stabbed, and the signed data is synthesized into composite safe message and is sent;
Receiving end receive transmitting terminal send composite safe message, and extract the timestamp in the composite safe message and
Signed data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
In mouthful, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
The present invention proposes a kind of industrial control system safety communicating method and device, when industrial control system control centre or
When controlled terminal sends the messages such as control or measurement as transmitting terminal, completeness check code or signature are added after message;It receives
After end receives message, label are verified or solved to completeness check code or signature, message is handled again after success.Using this
The technical solution of inventive embodiments, industrial control system control centre (main website) and controlled terminal (substation) can send message
The identity of side is verified, and prevents malicious persons from pretending to be control centre (main website) or controlled terminal (substation) to industrial control system
It is controlled and is destroyed;The messages such as measurement, control, parameter setting are protected simultaneously, prevent malicious persons to message content
Distort, the present invention can be realized control centre (main website) and controlled under the premise of supporting existing industry control communication protocol functions
Data source authentication, integrity protection and preventing playback attack function between terminal (substation).
Finally, method of the invention is only preferable embodiment, it is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in protection of the invention
Within the scope of.
Claims (10)
1. a kind of industrial control system safety communicating method, which is characterized in that including:
After transmitting terminal generates important traffic message to be protected, local time stamp is filled after the important traffic message, and
It is filled after the timestamp by local prefabricated private key, to generate to the important traffic message to this section of the timestamp
The signed data of data, and the signed data is synthesized into composite safe message and is sent.
2. industrial control system safety communicating method according to claim 1, which is characterized in that transmitting terminal generates to be protected
Important traffic message before further include:
Transmitting terminal generates elliptic curve cryptography key pair, and the key pair includes private key and public key.
3. industrial control system safety communicating method according to claim 1, which is characterized in that close the signed data
It sends and specifically includes as composite safe message:
Safe packet end mark byte is filled after the signed data, and is synthesized composite safe message and sent.
4. a kind of industrial control system secure communication device, which is characterized in that including transmitting terminal, the transmitting terminal generates to be protected
Important traffic message after, local time stamp is filled after the important traffic message, and fill after the timestamp
By local prefabricated private key, to generate to the important traffic message to the signed data of this segment data of timestamp, and will
The signed data synthesizes composite safe message and sends.
5. a kind of industrial control system safety communicating method, which is characterized in that including:
Receiving end receives the composite safe message that transmitting terminal is sent, and extracts the timestamp and signature in the composite safe message
Data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
It is interior, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
6. industrial control system safety communicating method according to claim 5, which is characterized in that if the timestamp and institute
The difference of local zone time is stated not in setting time window, then abandons the composite safe message;
If the difference of the timestamp and the local zone time, in setting time window, whether the timestamp is connecing
Receiving end is locally in registered timestamp list, if it is not, then abandoning the composite safe message.
7. industrial control system safety communicating method according to claim 5, which is characterized in that if prefabricated according to receiving end
Public key verifications signed data it is invalid, then abandon the composite safe message, do not return to any data.
8. industrial control system safety communicating method according to claim 5, which is characterized in that and to effective number of signature
It is specifically included according to processing is carried out:
Receiving end handles the important traffic message, and whether normal, it is abnormal that processing is returned if abnormal if observing processing result
The timestamp is then registered in timestamp list by message if normal, and returns to processing normal message.
9. a kind of industrial control system secure communication device, which is characterized in that including receiving end, the receiving end receives transmitting terminal
The composite safe message of transmission, and extract timestamp and signed data in the composite safe message;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
It is interior, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
10. a kind of industrial control system safety communicating method, which is characterized in that including:
After transmitting terminal generates important traffic message to be protected, local time stamp is filled after the important traffic message, and
It is filled after the timestamp by local prefabricated private key, to generate to the important traffic message to this section of the timestamp
The signed data of data, and the signed data is synthesized into composite safe message and is sent;
Receiving end receives the composite safe message that transmitting terminal is sent, and extracts the timestamp and signature in the composite safe message
Data;
Whether the difference of receiving end extraction local zone time, the timestamp and the local zone time is in setting time window
It is interior, if so, whether effective according to the prefabricated public key verifications signed data in receiving end, and to effective signed data at
Reason obtains important traffic message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810421319.XA CN108833346A (en) | 2018-05-04 | 2018-05-04 | A kind of industrial control system safety communicating method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810421319.XA CN108833346A (en) | 2018-05-04 | 2018-05-04 | A kind of industrial control system safety communicating method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108833346A true CN108833346A (en) | 2018-11-16 |
Family
ID=64147472
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810421319.XA Pending CN108833346A (en) | 2018-05-04 | 2018-05-04 | A kind of industrial control system safety communicating method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108833346A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110058565A (en) * | 2019-03-01 | 2019-07-26 | 中国电子科技网络信息安全有限公司 | A kind of Industry Control PLC system fingerprint analogy method based on (SuSE) Linux OS |
CN110717188A (en) * | 2019-09-29 | 2020-01-21 | 武汉海昌信息技术有限公司 | Document reading and amending safety method based on asymmetric encryption technology |
CN112615820A (en) * | 2020-12-05 | 2021-04-06 | 百果园技术(新加坡)有限公司 | Replay attack detection method, device, equipment and storage medium |
CN112818183A (en) * | 2021-02-03 | 2021-05-18 | 恒安嘉新(北京)科技股份公司 | Data synthesis method and device, computer equipment and storage medium |
CN113726524A (en) * | 2021-09-02 | 2021-11-30 | 山东安控信息科技有限公司 | Secure communication method and communication system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693A (en) * | 2008-11-25 | 2009-05-27 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
US20120303973A1 (en) * | 2009-09-29 | 2012-11-29 | James Newsome | Method for protecting sensor data from manipulation and sensor to that end |
CN104079408A (en) * | 2014-05-30 | 2014-10-01 | 国家电网公司 | Method for enhancing communication safety in industrial control system |
CN104811427A (en) * | 2014-01-27 | 2015-07-29 | 沈阳中科奥维科技股份有限公司 | Secure industrial control system communication method |
-
2018
- 2018-05-04 CN CN201810421319.XA patent/CN108833346A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693A (en) * | 2008-11-25 | 2009-05-27 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
US20120303973A1 (en) * | 2009-09-29 | 2012-11-29 | James Newsome | Method for protecting sensor data from manipulation and sensor to that end |
CN104811427A (en) * | 2014-01-27 | 2015-07-29 | 沈阳中科奥维科技股份有限公司 | Secure industrial control system communication method |
CN104079408A (en) * | 2014-05-30 | 2014-10-01 | 国家电网公司 | Method for enhancing communication safety in industrial control system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110058565A (en) * | 2019-03-01 | 2019-07-26 | 中国电子科技网络信息安全有限公司 | A kind of Industry Control PLC system fingerprint analogy method based on (SuSE) Linux OS |
CN110717188A (en) * | 2019-09-29 | 2020-01-21 | 武汉海昌信息技术有限公司 | Document reading and amending safety method based on asymmetric encryption technology |
CN112615820A (en) * | 2020-12-05 | 2021-04-06 | 百果园技术(新加坡)有限公司 | Replay attack detection method, device, equipment and storage medium |
CN112818183A (en) * | 2021-02-03 | 2021-05-18 | 恒安嘉新(北京)科技股份公司 | Data synthesis method and device, computer equipment and storage medium |
CN112818183B (en) * | 2021-02-03 | 2024-05-17 | 恒安嘉新(北京)科技股份公司 | Data synthesis method, device, computer equipment and storage medium |
CN113726524A (en) * | 2021-09-02 | 2021-11-30 | 山东安控信息科技有限公司 | Secure communication method and communication system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108833346A (en) | A kind of industrial control system safety communicating method and device | |
CN106612176B (en) | One kind being based on quantum true random number arranging key negotiating system and machinery of consultation | |
CN106101147B (en) | A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption | |
CN103618610B (en) | A kind of information security algorithm based on energy information gateway in intelligent grid | |
CN100499641C (en) | System and method for implementing an enhanced transport layer security protocol | |
CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
CN202856452U (en) | Power distribution network system | |
CN103888444B (en) | A kind of safe distribution of electric power authentication device and its method | |
CN102137095A (en) | Industrial control system data exchange safety protection method and system and device thereof | |
CN103178956B (en) | Method for realizing encrypted authentication of distribution automation remote control command | |
CN103873461B (en) | Based on the safety interacting method of the GOOSE message of IEC62351 | |
US20060280297A1 (en) | Cipher communication system using device authentication keys | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
CN106357690A (en) | Data transmission method, data sending device and data receiving device | |
CN110224823B (en) | Transformer substation message safety protection method and device, computer equipment and storage medium | |
CN109257328A (en) | A kind of safety interacting method and device of scene operation/maintenance data | |
CN105610837A (en) | Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system | |
CN104079408B (en) | Strengthen the method for communications security in a kind of industrial control system | |
CN110505049A (en) | A kind of text information transmission method, apparatus and system | |
CN104639328B (en) | A kind of GOOSE message authentication method and system | |
CN101141278B (en) | Data transmission system, data transmission method, data processing method and corresponding device | |
CN111541699B (en) | Method for safely transmitting data based on IEC102 communication protocol | |
CN104639330A (en) | GOOSE (Generic Object Oriented Substation Event) message integrity authentication method | |
CN107070653A (en) | A kind of POS transaction encryptions system, method, POSP front servers and POS terminal | |
Ruland et al. | Non-repudiation Services for the MMS Protocol of IEC 61850 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |