CN110691064A - Safety access protection and detection system for field operation terminal - Google Patents

Safety access protection and detection system for field operation terminal Download PDF

Info

Publication number
CN110691064A
CN110691064A CN201811132213.4A CN201811132213A CN110691064A CN 110691064 A CN110691064 A CN 110691064A CN 201811132213 A CN201811132213 A CN 201811132213A CN 110691064 A CN110691064 A CN 110691064A
Authority
CN
China
Prior art keywords
data
access
field operation
operation terminal
protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811132213.4A
Other languages
Chinese (zh)
Other versions
CN110691064B (en
Inventor
何行
夏水斌
何欢
张芹
谢玮
冉艳春
余鹤
董重重
孙秉宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hezhong Weiqi Technology Co Ltd
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd
Zhengzhou Institute of Technology
Original Assignee
Beijing Hezhong Weiqi Technology Co Ltd
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd
Zhengzhou Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hezhong Weiqi Technology Co Ltd, State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd, Zhengzhou Institute of Technology filed Critical Beijing Hezhong Weiqi Technology Co Ltd
Priority to CN201811132213.4A priority Critical patent/CN110691064B/en
Publication of CN110691064A publication Critical patent/CN110691064A/en
Application granted granted Critical
Publication of CN110691064B publication Critical patent/CN110691064B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A field operation terminal safety access protection and detection system comprises an equipment layer, a data layer, a service layer and an application layer, wherein the equipment layer is used for receiving a data request; an access layer: the system is used for accessing the field operation terminal into the protection system; and (3) a data layer: the data storage module is used for storing basic data, building a data model and analyzing real-time data; and (4) a service layer: the system consists of three parts, namely safety access, safety protection and safety monitoring; an application layer: the system consists of a unified management platform of a WEB end with the functions of trusted file management, protection strategy setting, monitoring and early warning, vulnerability scanning and intrusion detection service; safety protection is carried out from the aspects of field operation terminals, terminal application, data and the like, and the comprehensive protection target of information safety of the acquisition system is realized; through the comprehensive safety management of equipment access, access protection, access monitoring and early warning, analysis and processing of multiple dimensions are carried out on a protection main body, a protection strategy, a monitoring mechanism and the like, and the grade of information safety of the acquisition system is improved.

Description

Safety access protection and detection system for field operation terminal
Technical Field
The invention relates to a safety access protection and detection system, in particular to a safety access protection and detection system for a field operation terminal.
Background
In 2017, according to the requirement of ' strengthening network and information security management and improving the whole protection capability ' of the national grid company marketing complex [ 2017 ] No. 4 ' national grid marketing part ' work suggestion on strengthening marketing professional network and information security management ', the power utilization information acquisition system is constructed according to the thought of ' security access, security protection and security monitoring ', the access equipment, application and system are required to be safe and have a security protection strategy when being accessed, and the security events can be predicted and found in time in the operation process and can be responded quickly.
The safety access protection and monitoring management module of the field operation terminal of the collection closed-loop management module of the electricity utilization information collection system is developed based on the idea of safety requirements, and the field operation terminal of the collection operation and maintenance closed-loop module accessed to an external network is subjected to safety management and access control. The metering field operation terminals of the operation and maintenance closed-loop module collected by the electricity utilization information collecting system are all accessed to the intranet through a special APN collecting channel, and are safely controlled in the network channel,
the following disadvantages exist in the operation process:
(1) the transmission encryption of data information is not enough;
(2) the real-time safety monitoring of the metering field operation terminal and the effective control of the use of an illegal SIM card and illegal terminal equipment have great defects:
(3) in the transmission and local storage processes of data, security risks such as tampering, forgery attack and information leakage exist, and the leakage of relevant sensitive data is caused by potential security holes, defects, faults and the like of a field operation terminal and an application.
Disclosure of Invention
The invention aims to provide a field operation terminal safety access protection and detection system, which aims to solve the defects of realizing the transmission encryption of data information in the operation process proposed in the background technology; the metering field operation terminal real-time safety monitoring and the effective control of the use of the illegal SIM card and the illegal terminal equipment have the following defects: the data has security risks such as tampering, forgery attack, information leakage and the like in the transmission and local storage processes, and the leakage problem of relevant sensitive data is caused by potential security holes, defects, faults and the like of a field operation terminal and an application.
The technical scheme adopted by the invention is as follows: the utility model provides a field operation terminal safety access protection and detecting system which characterized in that: the system comprises an equipment layer, a data layer, a service layer and an application layer, wherein:
an access layer: the system is used for accessing the field operation terminal into the protection system;
and (3) a data layer: the data storage module is used for storing basic data, building a data model and analyzing real-time data;
and (4) a service layer: the system consists of three parts of safety access, safety protection and safety monitoring:
an application layer: the system consists of a unified management platform of a WEB end with the functions of trusted file management, protection strategy setting, monitoring and early warning, vulnerability scanning and intrusion detection service.
Further, the step of accessing the field operation terminal into the protection system includes: identity authentication-access control-rights management;
identity authentication: when the field operation terminal accesses the related service systems such as the electricity consumption information acquisition system and the like, identity authentication is carried out through access management, identity verification is carried out according to data such as binding relations among an ESAM card serial number of an operator, a service ESAM card serial number, a field terminal serial number and an SIM (subscriber identity module) serial number, access control verification is allowed to be carried out by the terminal passing the identity authentication verification, when the field operation terminal logs in for the first time, a User Identifier (UID) is obtained, identity authentication is carried out or the UID is obtained, identity authentication is carried out, asymmetric key negotiation is carried out, and meanwhile log recording and management are carried out on interfaces and verification such as identity authentication required by the field operation terminal; transmitting data information including an operator ESAM card serial number, a service ESAM card serial number, a field terminal serial number, an SIM card serial number and user login account information to a safety access system; when the field operation terminal logs in for the first time, obtaining the UID and performing identity authentication or obtaining the UID and performing identity authentication and performing asymmetric key agreement; and (3) access control: the access control function can set access control strategies according to three levels of access time period, network type (WLAN, GPRS/CDMA) and longitude and latitude, wherein:
the access and the use of the field operation terminal are allowed in the access strategy control range, the access of the field operation terminal is not allowed outside the access strategy control range, and the alarm display is carried out on the access outside the access strategy;
and (3) authority management: the authority management function establishes an access control list with the service system through the access authority of the authorized field operation terminal to the related service system of the electricity consumption information acquisition system, the field operation terminal can only access the authorized service system, and the unauthorized service system prohibits access.
Furthermore, the safety access is to perform safety control from the aspect of identity authentication and the like of the field operation terminal at the access stage, read the file information of the field operation terminal and the credible binding file relationship in the protection system through the protection system for verification, and monitor and record the log of the access process by the protection system, so as to realize the safety verification management of the access stage before the equipment is accessed into the service system;
the safety protection is realized by adopting anti-tampering strategies such as encryption, compression, desensitization and the like for transmission data, measures such as field operation terminal port scanning and vulnerability detection during operation and adding a verification mechanism of data integrity in the safety protection strategy; the method comprises the following steps of protecting from the aspects of data tampering prevention, vulnerability detection, security defense and intrusion detection, and ensuring the safety of an operation terminal, a link and an intranet system in the communication process of a field operation terminal and the system;
the safety monitoring means that abnormal sudden changes and other behaviors can be timely judged and an alarm is given out by monitoring the running state, the operation behavior and the flow of the SIM card of the field operation terminal and adopting data modeling analysis and big data analysis; and auditing and identifying the data information flow through the operation log and the storage record of the request history record, and acquiring the operation and maintenance closed-loop module.
Further, the period access policy specifically includes: when the system is started, one time period can be set to allow the field operation terminal to access, and the other time periods do not allow the field operation terminal to access; when disabled, access is allowed for all periods;
the network type access policy specifically comprises: when the terminal is started, the network type can be set to be the network type of the SIM card to allow the field operation terminal to access, and the WLAN network does not allow the access; when disabled, all network types are allowed access;
the latitude and longitude access strategy specifically comprises the following steps: when the system is started, the field operation terminal in the latitude and longitude range allows access, and the field operation terminal outside the latitude and longitude range does not allow access; when forbidden, no limitation is made to longitude and latitude.
Furthermore, the data tamper-proofing prevents the data from being attacked and tampered by adopting data encryption, data compression and data desensitization processing on the data and the link;
the data encryption is carried out at the data transmission stage of the field operation terminal and the electricity consumption information acquisition system, the safety and the integrity of the data are guaranteed through data encryption and link encryption, and the data in a communication channel are subjected to uniform bidirectional encryption and decryption and data integrity verification by utilizing a key system of an electric energy metering cipher machine and a field operation terminal safety unit, so that the safety and the integrity of the data in the transmission process are guaranteed; the field operation terminal is safely accessed to the protection and monitoring management system and is accessed to the electric energy metering cipher machine, when the field operation terminal requests data of a service system, the protection and monitoring management system calls a cipher machine function to generate a random number, a cipher text, a signature and a Message Authentication Code (MAC) according to the version of a field operation terminal safety unit to encrypt the data, the data are decrypted by the safety unit and are verified through a corresponding key and a key matched with the key, and active attack on a communication channel is effectively prevented:
the data compression adopts a JDK deflate-based compression algorithm, and compression levels are selected for the transmitted data according to the comprehensive compression degree and the compression efficiency of the service requirements; the MD5 is combined in data transmission to realize the verification of data consistency;
the data desensitization adopts desensitization rules to deform the data, reliable protection of the sensitive data is realized, and four sensitive rules including mask, truncation, null value and encryption are defined for sensitive fields of the field operation terminal request interface data;
the vulnerability detection adopts the security vulnerability detection of application software to be installed on a field operation terminal, and mainly comprises authority vulnerability detection, static vulnerability detection and operation vulnerability detection;
safety monitoring: by monitoring the running state, the operation behavior and the SIM card flow of the field operation terminal, and adopting data modeling analysis and big data analysis, abnormal sudden change behaviors can be judged in time and an alarm is sent out; auditing and identifying the data information flow through the operation log and the storage record of the request history record, and acquiring an operation and maintenance closed-loop module; the safety detection identifies, records, stores and analyzes data and log information of the equipment in the access and protection processes, monitors who is responsible for the activity, and provides data support for safety audit; meanwhile, an alarm mechanism is set according to a protection strategy and a preset safety standard; terminal access monitoring: the method realizes real-time online monitoring of the field operation terminal, including legal and illegal equipment access requests, and sets alarms aiming at abnormal conditions of request interfaces, illegal equipment access and frequent login which do not meet the specification through identity authentication, access control, authority management of safe access management and real-time monitoring, recording, storing and analyzing of log logging in and logging out; according to the protection strategy defined in the safety protection part, automatically or manually disconnecting the system and limiting the access; providing log recording, storage, analysis and alarm identification, and being capable of searching according to the date, the log type and the alarm level condition; the device can actively alarm in the form of pop-up frame prompt and sound when the device is abnormal; providing device management for system automatic or manual disconnection and access restriction according to a defined protection policy; monitoring the running state of the terminal: the real-time online monitoring of the performance data of the field operation terminal is realized, including the occupation condition of the terminal host resources; terminal application installation and running condition information; process running state, network access state, hardware interface state information; alarm management can be performed according to a defined protection strategy; providing log recording, storage, analysis and alarm identification of the running state, and searching according to the date, the log type and the alarm level condition; the device can actively alarm in the form of pop-up frame prompt and sound when the device is abnormal; equipment management for automatically or manually disconnecting the system and limiting access is provided according to the defined protection strategy, and the completion condition of upgrading the reinforcement strategy can be recorded; the method comprises the steps of occupying the resources of a terminal host; terminal application installation and running condition information; acquiring and uploading information in a process running state, a network access state and a hardware interface state running state; monitoring and auditing terminal operation logs: continuously inputting multiple error passwords and application and system interface request responses such as electric energy meter authority data acquisition requests by logging in an operation log of the field operation terminal; the operation of the field operation terminal application requests to record logs through an application and system interface and analyzes the logs; carrying out color marking, box popping prompt and sound prompt on the operation logs which do not meet the specification; logging in a log which continuously inputs error passwords for many times and uploading the log to a system; flow monitoring and auditing: the method comprises the steps that flow data uploaded and downloaded by each application of a field operation terminal through an SIM card are obtained, flow modeling analysis is carried out according to date and time intervals, the current total flow of the SIM card and the current flow of a certain application are compared with a flow model automatically modeled by a system, abnormal conditions of flow mutation are found in time, and an alarm is given; recording, storing and analyzing the traffic use condition, constructing a traffic use model according to date and time elements, comparing the current traffic use condition with the traffic model, and giving a traffic use alarm by abnormal mutation; the method realizes active warning through a popup box prompt and a sound mode when the flow is abnormal; periodically acquiring the total flow use condition of the SIM cards of the field operation terminal, and the flow use condition of uploading and downloading of each application; the flow data can be uploaded to the system periodically;
the intrusion detection is divided into two modes of abnormal detection and misuse detection;
the anomaly detection is carried out according to the defined data under the normal condition or the modeling data under the normal condition in the daily operation and use process, the anomaly detection is compared with the current data, the anomaly of the current behavior is judged, and the possible intrusion behavior is found;
carrying out pattern matching or matching a feature library of a known intrusion behavior according to the collected information and known information in a network intrusion and system misuse pattern database, judging that the current behavior is the intrusion behavior, and early warning on the abnormality of intrusion detection; the work required by intrusion detection is realized; the method comprises the steps of supporting the definition of a normal operation range of data, modeling an operation environment, SIM card flow and application installation and use conditions according to uploaded data according to time intervals, comparing the uploaded current data with historical modeled data, and giving an abnormal alarm; establishing a feature library of known intrusion, matching the features of illegal login, illegal attack and data tampering intrusion with the feature library, and sending an intrusion alarm in matching; the operating environment of the field operation terminal and the installation condition of the system on the terminal are uploaded to a safety access protection and monitoring system in real time or periodically, and the uploaded data comprise: memory use condition, CPU use condition, network type, SIM card flow use condition, system application installation and operation condition; and (3) intrusion detection: downloading data amount every day; the same palm machine accesses the same interface frequently, repeatedly and compactly in the front; and analyzing the log records accessed by using the abnormal communication protocol, and analyzing the time and the number of abnormal malicious accesses.
The SIM card binding management realizes the binding of the field operation terminal file and the SIM card file in a manual creation, batch import and interface synchronization mode; when the field operation terminal carries out identity authentication, verification is carried out according to the binding relationship, when the field operation terminal and the power utilization information acquisition system are matched, the service system can be logged in and accessed through the APN of the power utilization information acquisition system, and when the field operation terminal is replaced by an external network or an illegal SIM card and the SIM card are installed in an illegal external network device, the APN of the power utilization information acquisition system is not allowed to be accessed; manual creation means providing a manual file relationship entry function and manually creating a bound file relationship; importing a providing template in batch and importing a binding file relationship according to the template in batch; the interface synchronization is to execute interface synchronization with the acquisition, operation and maintenance closed-loop management module which maintains the binding relationship, and regularly synchronize the latest binding relationship file; and verifying that the access to the information intranet service system is allowed by the terminal according to the file relationship, creation, modification, deletion and screening inquiry of a plurality of conditions, or else, sending a request for refusing to access the information intranet service system.
The permission vulnerability detection specifically comprises: detecting whether the components of Activity security, Broadcast Receiver security, Service security and Content Provider security have security component exposure or not;
the static vulnerability detection specifically comprises the steps of detecting whether security vulnerabilities exist in Intent security and WebView through decompiling of an application program, and finding component vulnerabilities caused by non-standard use of the program; detecting vulnerability analysis is carried out on code confusion, Dex protection, SO protection, resource file protection and security processing of codes of a third-party loading library;
the operation vulnerability detection specifically comprises detecting and analyzing a memory processing and protection mechanism of the mobile application in the operation process, and finding whether vulnerability risks are modified and damaged.
The invention has the advantages and characteristics that: (1) safety protection is carried out from the aspects of field operation terminals, terminal application, data and the like, the blank of safety protection measures of the information safety protection of the acquisition system at the field operation terminals is filled, and the comprehensive protection target of the information safety of the acquisition system is realized; (2) through the all-round safety management of equipment access, access protection, access monitoring and early warning, three aspects such as in the time of taking place to consolidate prevention before, report an emergency and ask for help or increased vigilance when the invasion takes place, in time make fast after the invasion and handle are undertaken, carry out the analysis and the processing of a plurality of dimensions to protection main part, protection strategy, monitoring mechanism etc. promote the grade of collection system information security.
Drawings
FIG. 1 is a diagram of the architecture of the preferred embodiment of the present invention;
FIG. 2 is a diagram illustrating an overall architecture of a field work terminal security access protection according to a preferred embodiment of the present invention;
FIG. 3 is a diagram of the physical architecture of the preferred embodiment of the present invention;
Detailed Description
The invention is further illustrated with reference to the accompanying drawings:
referring to fig. 1 and fig. 2, a field operation terminal security access protection and detection system includes a protection system, a protection front-end, a monitoring service and a WEB system, and is composed of an access layer, a data layer, a service layer and an application layer, where:
an access layer: the field operation terminal accesses the protection system through the safety access protection and monitoring APP; the data communication between the field operation terminal and the electricity consumption information acquisition system is encrypted and decrypted in a two-way mode through a safety unit, a special isolation gateway and a cipher machine, the application installed on the field operation terminal is accessed through a field operation terminal safety protection system, and is verified and protected through a field operation terminal safety protection and monitoring background, wherein the compatibility of a new safety unit and an old safety unit is considered, the field operation terminal safety protection system adopts different access control strategies according to the version of the safety unit, the palm machines (such as MST-II and MST-II (B) model palms of national power grids) with the safety unit versions of 2.0 and 1.0+ RESAM/TF cards are encrypted and packaged through the safety isolation gateway, and the palm machine of the safety unit version 1.0 does not have the supporting capability of the safety isolation gateway and does not pass through the safety isolation gateway;
and (3) a data layer: storing basic data, constructing a data model and analyzing real-time data;
and (4) a service layer: the system consists of three parts of safety access, safety protection and safety monitoring:
and (4) safe access: the method comprises the steps that an on-site operation terminal is accessed into the identity authentication of a service system, a user inputs dynamic numbers on the terminal by holding the terminal for generating dynamic passwords during the identity authentication, matches with face recognition, performs actions matched with the face recognition according to prompts, performs fingerprint verification, access management such as access control and authority management and SIM card binding management access control, the whole on-site control room is monitored and monitored by the terminal during the access control, the mobile phone APP is connected with the terminal monitoring, when the control room has problems, the mobile phone APP automatically alarms, the authority management is to set a manager and a user mode on the terminal, the user can only access and authorize contents, and the manager controls the terminal; the safety access is to perform safety control on the aspects of identity authentication and the like of an access stage from a field operation terminal, read the file information of the field operation terminal and the credible binding file relationship in the protection system through the protection system for verification, monitor and record the log of the access process by the protection system, and realize the safety verification management of the access stage before the equipment is accessed into the service system;
safety protection: the method comprises the steps of adopting anti-tampering strategies such as encryption, compression, desensitization and the like for transmission data, and measures such as field operation terminal port scanning and vulnerability detection during operation, and adding a data integrity verification mechanism in a security protection strategy; the safety protection is to protect from several aspects of data tamper resistance, leak detection, safety defense and intrusion detection in the communication and data use processes of the field operation terminal and the system, and ensure the safety of the operation terminal, the link and the intranet system in the communication process of the field operation terminal and the system;
data tamper-proofing prevents data from being attacked and tampered by adopting a data encryption technology, a data compression technology and data desensitization processing on data and a link; data encryption: the field operation terminal and the electricity consumption information acquisition system carry out a data transmission stage, the safety and the integrity of data are guaranteed through data encryption and link encryption, and the data in a communication channel are uniformly encrypted and decrypted in a two-way mode and verified in the data integrity by using a key system of an electric energy metering cipher machine and a field operation terminal safety unit, so that the safety and the integrity of the data in the transmission process are guaranteed; the field operation terminal is safely accessed to the protection and monitoring management system and is accessed to the electric energy metering cipher machine, when the field operation terminal requests data of a service system, the protection and monitoring management system calls a cipher machine function to generate random numbers, ciphertexts, signatures, Message Authentication Codes (MAC) and the like according to the version of a field operation terminal safety unit to encrypt the data, the data are decrypted by the safety unit, and verification is carried out through a corresponding secret key and a secret key matched with the corresponding secret key, so that active attack on a communication channel is effectively prevented: data compression: adopting a JDK deflate-based compression algorithm to select a compression level for the transmitted data according to the comprehensive compression degree and the compression efficiency of the service requirement; the MD5 is combined in data transmission to realize the verification of data consistency; data desensitization: the method comprises the steps of performing data deformation through desensitization rules to realize reliable protection of sensitive data, defining four sensitive rules including mask, truncation, null value, encryption and the like on sensitive fields of interface data requested by field operation terminals, wherein mask rules such as 13812345678 are processed into 138 × 5678, truncation rules such as 034.66666666 are processed into 034, null value rules refer to setting the data fields into null values, and encryption refers to encrypting the sensitive data fields; setting different sensitive rules according to different important users, and allowing the sensitive rules to be enabled and disabled;
detecting a vulnerability: the method comprises the steps of carrying out security vulnerability detection on application software to be installed in a field operation terminal, wherein the security vulnerability detection mainly comprises authority vulnerability detection, static vulnerability detection, operation vulnerability detection, application management detection and the like; 1. and (3) permission vulnerability detection: detecting whether the components of Activity security, Broadcast Receiver security, Service security and Content Provider security have security component exposure or not; 2. static vulnerability detection: through decompiling an application program, detecting whether security vulnerabilities exist in Intent security and WebView, and finding out component vulnerabilities caused by non-standard use of the program; detecting vulnerability analysis is carried out on code confusion, Dex protection, SO protection, resource file protection and security processing of codes of a third-party loading library; 3. and (3) operation vulnerability detection: detecting and analyzing a memory processing and protecting mechanism of the mobile application in the running process to find whether vulnerability risks of modification and damage exist; 4. application management detection: detecting whether data is left or not and whether the data is completely removed or not after the application is unloaded successfully; whether the version is hijacked, deceived and other bugs by a third party in the version upgrading process; permission vulnerability detection, static vulnerability detection, operation vulnerability detection, application management detection and the like of an application APK which needs to be installed on a field operation terminal are realized; according to whether the application needs to be operated or not, the system function realizes authority vulnerability detection and static vulnerability detection, and the palm machine function realizes operation vulnerability detection and application management detection; establishing a vulnerability detection module, and realizing uploading of APK, decompiling of a package and generation and export of a detection report, wherein detection items comprise authority vulnerability detection and static vulnerability detection; the detection of the palm machine during operation can be received, detection items comprise operation vulnerability detection and application management detection, and a detection report can be generated and exported;
safety monitoring: by monitoring the running state, the operation behavior and the SIM card flow of the field operation terminal, and adopting data modeling analysis and big data analysis, abnormal sudden change and other behaviors can be judged in time and an alarm is given; auditing and identifying the data information flow through the operation log and the storage record of the request history record, and acquiring an operation and maintenance closed-loop module; the safety detection identifies, records, stores and analyzes data and log information of the equipment in the access and protection processes, monitors who is responsible for the activity, and provides data support for safety audit; meanwhile, an alarm mechanism is set according to a protection strategy and a preset safety standard; terminal access monitoring: the method realizes real-time online monitoring of the field operation terminal, including legal and illegal equipment access requests, and sets alarms aiming at abnormal conditions such as a request interface which does not meet the specification, illegal equipment access, frequent login and the like through real-time monitoring, recording, storing and analyzing logs such as identity authentication, access control, authority management, login and logout and the like of safe access management; according to the protection strategy defined in the safety protection part, automatically or manually disconnecting the system and limiting the access; providing log recording, storage, analysis and alarm identification, and being capable of searching according to conditions such as date, log type, alarm level and the like; when the equipment is abnormal, active warning is performed in the forms of frame popping prompt, sound and the like; providing device management for system automatic or manual disconnection and access restriction according to a defined protection policy; monitoring the running state of the terminal: the real-time online monitoring of the performance data of the field operation terminal is realized, and the real-time online monitoring comprises the occupation conditions of terminal host resources (information such as CPU, memory, disk, network, link and the like); information such as installation and running conditions of terminal application; information such as process running state, network access state, hardware interface state and the like; alarm management can be performed according to a defined protection strategy; providing log recording, storage, analysis and alarm identification of the running state, and searching according to conditions such as date, log type, alarm level and the like; and the device can actively alarm in the forms of frame popping prompt, sound and the like when abnormal equipment exists. Equipment management for automatically or manually disconnecting the system and limiting access is provided according to the defined protection strategy, and the completion condition of upgrading the reinforcement strategy can be recorded; terminal host resource occupation (information such as CPU, memory, network, link, etc.); information such as installation and running conditions of terminal application; acquiring and uploading information in running states such as a process running state, a network access state, a hardware interface state and the like; monitoring and auditing terminal operation logs: the method comprises the following steps that operation logs of a field operation terminal such as login continuously input multiple times of error passwords and application and system interface request responses, such as electric energy meter authority data acquisition requests and the like; the operation of the field operation terminal application requests to record logs through an application and system interface and analyzes the logs; carrying out color marking, box popping prompt and sound prompt on the operation logs which do not meet the specification; logging in a log which continuously inputs error passwords for many times and uploading the log to a system; flow monitoring and auditing: the method comprises the steps that flow data uploaded and downloaded by each application of a field operation terminal through an SIM card are obtained, flow modeling analysis is carried out according to date and time intervals, the current total flow of the SIM card and the current flow of a certain application are compared with a flow model automatically modeled by a system, abnormal conditions of flow mutation are found in time, and an alarm is given; recording, storing and analyzing the traffic use condition, constructing a traffic use model according to factors such as date, time and the like, comparing the current traffic use condition with the traffic model, and giving a traffic use alarm by abnormal mutation; the method realizes active warning through the forms of frame popping prompt, sound and the like when the flow is abnormally used; periodically acquiring the total flow use condition of the SIM cards of the field operation terminal, and the flow use condition of uploading and downloading of each application; the flow data can be uploaded to the system periodically;
an application layer: the system consists of a unified management platform of a WEB end with service related functions.
In this embodiment, preferably, the SIM card binding management implements binding between a field operation terminal file and an SIM card file by means of manual creation, batch import, and interface synchronization; when the field operation terminal carries out identity authentication, verification is carried out according to the binding relationship, when the field operation terminal and the power utilization information acquisition system are matched, the service system can be logged in and accessed through the APN of the power utilization information acquisition system, and when the field operation terminal is replaced by an external network or an illegal SIM card and the SIM card are installed in an illegal external network device, the APN of the power utilization information acquisition system is not allowed to be accessed; manual creation means providing a manual file relationship entry function and manually creating a bound file relationship; importing a providing template in batch and importing a binding file relationship according to the template in batch; the interface synchronization is to execute interface synchronization with the acquisition, operation and maintenance closed-loop management module which maintains the binding relationship, and regularly synchronize the latest binding relationship file; the archive relation is inquired through creation, modification and deletion and screening of a plurality of conditions, and archive fields comprise archives such as a terminal serial number, a terminal manufacturer, a terminal model, a software and hardware version, a terminal state, a unit to which the archive field belongs, an SIM card serial number, an IMSI number of an SIM card, an SIM card type, an SIM card state and the like; when the field operation terminal logs in, the terminal acquires fields such as a serial number of the terminal, a serial number of an SIM (subscriber identity module), and the like, uploads the fields to a system for verification of binding relationship matching, and the verification allows the access to the information intranet service system through the terminal, otherwise, a request sent refuses the access to the information intranet service system.
Referring to fig. 3, in this embodiment, preferably, the access management verification process of the field operation terminal includes: start-identity authentication-access control-rights management-end; when the power consumption information acquisition system field operation terminal accesses the intranet through a wireless public network, access management such as identity authentication, access control and authority management needs to be carried out on the accessed field operation terminal and application software on the field operation terminal, identification management and control are carried out from the terminal and the login stage of an application program, the field operation terminal and the application program are guaranteed to access a related service system according to authority setting, and access risk is reduced; identity authentication: when the field operation terminal accesses the related service systems such as the electricity consumption information acquisition system and the like, identity authentication is carried out through access management, identity verification is carried out according to data such as binding relations among an ESAM card serial number of an operator, a service ESAM card serial number, a field terminal serial number and an SIM card serial number, access control verification is allowed to be carried out on the terminal passing the identity authentication verification, and for the safety unit 1.0, when the field operation terminal logs in for the first time, UID is obtained and identity authentication is carried out; for the safety unit 2.0, when the field operation terminal logs in for the first time, the UID is obtained to perform identity authentication and asymmetric key agreement is performed, and meanwhile, log recording and management are performed on interfaces and verification such as identity authentication requested by the field operation terminal; verifying the data information sent by the palm machine, and recording the request and a verification log; the data information includes but is not limited to an operator ESAM card serial number, a service ESAM card serial number, a field terminal serial number, an SIM card serial number and the like, the security verification of interfaces such as UID, identity authentication, asymmetric key negotiation and the like is obtained, and the information such as the operator ESAM card serial number, the service ESAM card serial number, the field terminal serial number, the SIM card serial number, a user login account number and the like is transmitted to a security access system; for the safety unit 1.0, when the field operation terminal logs in for the first time, the UID is obtained and identity authentication is carried out; for the security unit 2.0, when the field operation terminal logs in for the first time, the UID is obtained and identity authentication is carried out, and meanwhile asymmetric key agreement is supported; and (3) access control: the access control function can set access control strategies according to three levels of access time period, network type (WLAN, GPRS/CDMA) and longitude and latitude, and the access control strategies are modified, enabled and disabled; wherein:
the period access policy is as follows: when the terminal is started, one time period (for example: 08:00-20:00) can be set to allow the field operation terminal to access, and the other time periods do not allow the field operation terminal to access; when disabled, access is allowed for all periods;
network type access policy: when the terminal is enabled, the network type can be set to be the network type (such as 2G, 3G, 4G and the like) of the SIM card, the field operation terminal is allowed to access, and the WLAN network is not allowed to access; when disabled, all network types are allowed access;
latitude and longitude access policy: when the system is started, the field operation terminal in the latitude and longitude range allows access, and the field operation terminal outside the latitude and longitude range does not allow access; when forbidden, the latitude and longitude are not limited;
setting and enabling a time-period access strategy, a network type access strategy and a longitude and latitude access strategy; the access and the use of the field operation terminal are allowed in the access strategy control range, the access of the field operation terminal is not allowed outside the access strategy control range, and the alarm display is carried out on the access outside the access strategy;
the identification of the current access network type (WLAN, 2G, 3G or 4G, etc.) of the field operation terminal is supported, and the identification is sent to the system side for verification; the latitude and longitude information of the field operation terminal is read and sent to the system side for verification; and (3) authority management: the authority management function establishes an access control list with the service system through the access authority of the authorized field operation terminal to the related service system of the electricity consumption information acquisition system, the field operation terminal can only access the authorized service system, and the unauthorized service system prohibits access; meanwhile, log management is supported for a service system accessed by the field operation terminal; the authority configuration function of the field operation terminal and the service system is supported, and the service system with the authority allows access; the log management of a service system accessed by a field operation terminal is supported; and (4) safety defense: the safety defense is that before and after the information safety problem occurs, the information data can be effectively analyzed and certain defense measures can be taken; the security defense is not only sound depending on the management level, but also needs defense support from the aspects of credibility, a security defense knowledge base, access limitation and the like of the field operation terminal equipment, and controls the accessed field operation terminal by combining access management and intrusion detection; the credibility of the field operation terminal is comprehensively graded according to the guarantee conditions of daily reliability, repair rate and problems, and equipment manufacturers are replaced when the grade is low; the safety defense knowledge base is a knowledge base which establishes a troubleshooting and processing method for safety problems such as intrusion and data leakage which are possibly transmitted, and can provide processing guidance when an alarm occurs; when the invasion occurs, the access restriction is to disconnect the field operation terminal from the system and restrict the illegal equipment from accessing the system; the maintenance and management of credible files of the field operation terminal are supported, including the repair rate, the guarantee support condition of problems and the like; the management of a security defense knowledge base is supported, and an alarm processing guide is provided; the method supports the disconnection of the field operation terminal and the system, and limits the access of illegal equipment to the system; and (4) safety defense: the defense can be realized at the palm APP end according to a defense strategy formulated by the WEB end, and the palm APP is alarmed to prompt manual application closing through overhigh battery temperature (to be determined) and overhigh CPU temperature; in addition, the security defense realizes the rapid recording of the fault and realizes the analysis and the reminding of the same type of palm computer;
in this embodiment, preferably, the intrusion detection of the field operation terminal secure access protection provides two modes of anomaly detection and misuse detection; the intrusion detection of the field operation terminal safety access protection can timely find abnormal intrusion behavior and send out an alarm or early warning by establishing a feature library, a data model and other methods and adopting a mainstream intrusion detection method;
the anomaly detection is carried out according to the defined data under the normal condition or the modeling data under the normal condition in the daily operation and use process, the anomaly detection is compared with the current data, the anomaly of the current behavior is judged, and the possible intrusion behavior is found; carrying out pattern matching or matching a feature library of a known intrusion behavior according to the collected information and known information in a network intrusion and system misuse pattern database, judging that the current behavior is the intrusion behavior, and early warning on the abnormality of intrusion detection; the work required by intrusion detection is realized; modeling the operation environment, the SIM card flow and the application installation and use condition according to the uploaded data by time intervals, comparing the uploaded current data with historical modeling data, and alarming for abnormity; establishing a feature library of known intrusion, matching the intrusion features such as illegal login, illegal attack, data tampering and the like with the feature library, and sending an intrusion alarm in matching; the operating environment at the site operation terminal and the condition of APP installation on the terminal are uploaded to a safety access protection and monitoring system in real time or regularly, and the uploaded data comprise: memory use condition, CPU use condition, network type, SIM card flow use condition, APP installation and operation condition, etc.; and (3) intrusion detection: downloading data amount every day; the same palm machine accesses the same interface frequently, repeatedly and compactly in the front; log records are accessed by using an abnormal communication protocol, and the logs are analyzed to analyze the time and the number of times of abnormal malicious accesses;
in this embodiment, preferably, the acquisition closed-loop system interface includes a field operation terminal and an SIM card binding relationship interface; the system unifies identity authentication login interfaces, wherein the field operation terminal and the SIM card binding relationship interface: the on-site operation terminal and SIM card binding relationship file information comprises: the information acquired from the acquisition operation and maintenance closed-loop management module comprises SIM card file information, field operation terminal file information, an SIM card and field operation terminal relation file information; the system unifies identity authentication login interfaces: the protection WEB system logs in by using an account and a password of the collection operation and maintenance closed-loop system, the protection system is used as a module for collecting the operation and maintenance closed-loop, and login skip can be realized without inputting the account and the password when the collection operation and maintenance closed-loop is accessed;
the hardware mainly comprises a database server, an application server, a collection communication front-end processor server, an interface server, an encryption machine, a special security isolation gateway and the like and related network equipment, and the configuration conditions are as shown in the following table.
Figure BDA0001813864330000191
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only for the purpose of illustrating the structural relationship and principles of the present invention, but that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (7)

1. The utility model provides a field operation terminal safety access protection and detecting system which characterized in that: the system comprises an equipment layer, a data layer, a service layer and an application layer, wherein:
an access layer: the system is used for accessing the field operation terminal into the protection system;
and (3) a data layer: the data storage module is used for storing basic data, building a data model and analyzing real-time data;
and (4) a service layer: the system consists of three parts of safety access, safety protection and safety monitoring:
an application layer: the system consists of a unified management platform of a WEB end with the functions of trusted file management, protection strategy setting, monitoring and early warning, vulnerability scanning and intrusion detection service.
2. The field operation terminal security access protection and detection system according to claim 1, wherein: the step of accessing the field operation terminal into the protection system comprises the following steps: identity authentication-access control-rights management;
identity authentication: when the field operation terminal accesses the related service systems such as the electricity consumption information acquisition system and the like, identity authentication is carried out through access management, identity verification is carried out according to data such as binding relations among an ESAM card serial number of an operator, a service ESAM card serial number, a field terminal serial number and an SIM card serial number, access control verification is allowed to be carried out through a terminal passing the identity authentication verification, when the field operation terminal logs in for the first time, UID is obtained and identity authentication is carried out or UID is obtained to carry out identity authentication and asymmetric key negotiation, and log recording and management are carried out on interfaces and verification such as identity authentication required by the field operation terminal; transmitting data information including an operator ESAM card serial number, a service ESAM card serial number, a field terminal serial number, an SIM card serial number and user login account information to a safety access system; when the field operation terminal logs in for the first time, obtaining the UID and performing identity authentication or obtaining the UID and performing identity authentication and performing asymmetric key agreement; and (3) access control: the access control function can set access control strategies according to three levels of access time periods, network types and longitude and latitude, wherein:
the access and the use of the field operation terminal are allowed in the access strategy control range, the access of the field operation terminal is not allowed outside the access strategy control range, and the alarm display is carried out on the access outside the access strategy;
and (3) authority management: the authority management function establishes an access control list with the service system through the access authority of the authorized field operation terminal to the related service system of the electricity consumption information acquisition system, the field operation terminal can only access the authorized service system, and the unauthorized service system prohibits access.
3. The field operations terminal secure access protection and detection system of claim 1, wherein:
the safety access is to perform safety control on the aspects of identity authentication and the like of an access stage from a field operation terminal, read the relation between the file information of the field operation terminal and a credible binding file in a protection system through the protection system for verification, monitor and record a log of an access process by the protection system, and realize safety verification management of the access stage before equipment is accessed into a service system;
the safety protection is realized by adopting anti-tampering strategies such as encryption, compression, desensitization and the like for transmission data, measures such as field operation terminal port scanning and vulnerability detection during operation and adding a verification mechanism of data integrity in the safety protection strategy; the method comprises the following steps of protecting from the aspects of data tampering prevention, vulnerability detection, security defense and intrusion detection, and ensuring the safety of an operation terminal, a link and an intranet system in the communication process of a field operation terminal and the system;
the safety monitoring means that abnormal sudden changes and other behaviors can be timely judged and an alarm is given out by monitoring the running state, the operation behavior and the flow of the SIM card of the field operation terminal and adopting data modeling analysis and big data analysis; and auditing and identifying the data information flow through the operation log and the storage record of the request history record, and acquiring the operation and maintenance closed-loop module.
4. The field operation terminal security access protection and detection system according to claim 2, wherein: the period access policy specifically includes: when the system is started, one time period can be set to allow the field operation terminal to access, and the other time periods do not allow the field operation terminal to access; when disabled, access is allowed for all periods;
the network type access policy specifically comprises: when the terminal is started, the network type can be set to be the network type of the SIM card to allow the field operation terminal to access, and the WLAN network does not allow the access; when disabled, all network types are allowed access;
the latitude and longitude access strategy specifically comprises the following steps: when the system is started, the field operation terminal in the latitude and longitude range allows access, and the field operation terminal outside the latitude and longitude range does not allow access; when forbidden, no limitation is made to longitude and latitude.
5. The field operations terminal secure access protection and detection system of claim 3, wherein:
the data tamper-proofing method prevents data from being attacked and tampered by adopting data encryption, data compression and data desensitization processing on data and a link;
the data encryption is carried out at the data transmission stage of the field operation terminal and the electricity consumption information acquisition system, the safety and the integrity of the data are guaranteed through data encryption and link encryption, and the data in a communication channel are subjected to uniform bidirectional encryption and decryption and data integrity verification by utilizing a key system of an electric energy metering cipher machine and a field operation terminal safety unit, so that the safety and the integrity of the data in the transmission process are guaranteed; the field operation terminal is safely accessed to the protection and monitoring management system and is accessed to the electric energy metering cipher machine, when the field operation terminal requests data of a service system, the protection and monitoring management system calls a cipher machine function to generate a random number, a cipher text, a signature and a message authentication code according to the version of a field operation terminal safety unit to encrypt the data, the data are decrypted by the safety unit and are verified through a corresponding secret key and a secret key matched with the secret key, and active attack on a communication channel is effectively prevented:
the data compression adopts a JDK deflate-based compression algorithm, and compression levels are selected for the transmitted data according to the comprehensive compression degree and the compression efficiency of the service requirements; the MD5 is combined in data transmission to realize the verification of data consistency;
the data desensitization adopts desensitization rules to deform the data, reliable protection of the sensitive data is realized, and four sensitive rules including mask, truncation, null value and encryption are defined for sensitive fields of the field operation terminal request interface data;
the vulnerability detection adopts the security vulnerability detection of application software to be installed on a field operation terminal, and mainly comprises authority vulnerability detection, static vulnerability detection and operation vulnerability detection;
safety monitoring: by monitoring the running state, the operation behavior and the SIM card flow of the field operation terminal, and adopting data modeling analysis and big data analysis, abnormal sudden change behaviors can be judged in time and an alarm is sent out; auditing and identifying the data information flow through the operation log and the storage record of the request history record, and acquiring an operation and maintenance closed-loop module; the safety detection identifies, records, stores and analyzes data and log information of the equipment in the access and protection processes, monitors who is responsible for the activity, and provides data support for safety audit; meanwhile, an alarm mechanism is set according to a protection strategy and a preset safety standard; terminal access monitoring: the method realizes real-time online monitoring of the field operation terminal, including legal and illegal equipment access requests, and sets alarms aiming at abnormal conditions of request interfaces, illegal equipment access and frequent login which do not meet the specification through identity authentication, access control, authority management of safe access management and real-time monitoring, recording, storing and analyzing of log logging in and logging out; according to the protection strategy defined in the safety protection part, automatically or manually disconnecting the system and limiting the access; providing log recording, storage, analysis and alarm identification, and being capable of searching according to the date, the log type and the alarm level condition; the device can actively alarm in the form of pop-up frame prompt and sound when the device is abnormal; providing device management for system automatic or manual disconnection and access restriction according to a defined protection policy; monitoring the running state of the terminal: the real-time online monitoring of the performance data of the field operation terminal is realized, including the occupation condition of the terminal host resources; terminal application installation and running condition information; process running state, network access state, hardware interface state information; alarm management can be performed according to a defined protection strategy; providing log recording, storage, analysis and alarm identification of the running state, and searching according to the date, the log type and the alarm level condition; the device can actively alarm in the form of pop-up frame prompt and sound when the device is abnormal; equipment management for automatically or manually disconnecting the system and limiting access is provided according to the defined protection strategy, and the completion condition of upgrading the reinforcement strategy can be recorded; the method comprises the steps of occupying the resources of a terminal host; terminal application installation and running condition information; acquiring and uploading information in a process running state, a network access state and a hardware interface state running state; monitoring and auditing terminal operation logs: continuously inputting multiple error passwords and application and system interface request responses such as electric energy meter authority data acquisition requests by logging in an operation log of the field operation terminal; the operation of the field operation terminal application requests to record logs through an application and system interface and analyzes the logs; carrying out color marking, box popping prompt and sound prompt on the operation logs which do not meet the specification; logging in a log which continuously inputs error passwords for many times and uploading the log to a system; flow monitoring and auditing: the method comprises the steps that flow data uploaded and downloaded by each application of a field operation terminal through an SIM card are obtained, flow modeling analysis is carried out according to date and time intervals, the current total flow of the SIM card and the current flow of a certain application are compared with a flow model automatically modeled by a system, abnormal conditions of flow mutation are found in time, and an alarm is given; recording, storing and analyzing the traffic use condition, constructing a traffic use model according to date and time elements, comparing the current traffic use condition with the traffic model, and giving a traffic use alarm by abnormal mutation; the method realizes active warning through a popup box prompt and a sound mode when the flow is abnormal; periodically acquiring the total flow use condition of the SIM cards of the field operation terminal, and the flow use condition of uploading and downloading of each application; the flow data can be uploaded to the system periodically;
the intrusion detection is divided into two modes of abnormal detection and misuse detection;
the anomaly detection is carried out according to the defined data under the normal condition or the modeling data under the normal condition in the daily operation and use process, the anomaly detection is compared with the current data, the anomaly of the current behavior is judged, and the possible intrusion behavior is found;
carrying out pattern matching or matching a feature library of a known intrusion behavior according to the collected information and known information in a network intrusion and system misuse pattern database, judging that the current behavior is the intrusion behavior, and early warning on the abnormality of intrusion detection; the work required by intrusion detection is realized; the method comprises the steps of supporting the definition of a normal operation range of data, modeling an operation environment, SIM card flow and application installation and use conditions according to uploaded data according to time intervals, comparing the uploaded current data with historical modeled data, and giving an abnormal alarm; establishing a feature library of known intrusion, matching the features of illegal login, illegal attack and data tampering intrusion with the feature library, and sending an intrusion alarm in matching; the operating environment of the field operation terminal and the installation condition of the system on the terminal are uploaded to a safety access protection and monitoring system in real time or periodically, and the uploaded data comprise: memory use condition, CPU use condition, network type, SIM card flow use condition, system application installation and operation condition; and (3) intrusion detection: downloading data amount every day; the same palm machine accesses the same interface frequently, repeatedly and compactly in the front; and analyzing the log records accessed by using the abnormal communication protocol, and analyzing the time and the number of abnormal malicious accesses.
6. The field operation terminal security access protection and detection system according to claim 3, wherein: the SIM card binding management realizes the binding of the field operation terminal file and the SIM card file in a manual creation, batch import and interface synchronization mode; when the field operation terminal carries out identity authentication, verification is carried out according to the binding relationship, when the field operation terminal and the power utilization information acquisition system are matched, the service system can be logged in and accessed through the APN of the power utilization information acquisition system, and when the field operation terminal is replaced by an external network or an illegal SIM card and the SIM card are installed in an illegal external network device, the APN of the power utilization information acquisition system is not allowed to be accessed; manual creation means providing a manual file relationship entry function and manually creating a bound file relationship; importing a providing template in batch and importing a binding file relationship according to the template in batch; the interface synchronization is to execute interface synchronization with the acquisition, operation and maintenance closed-loop management module which maintains the binding relationship, and regularly synchronize the latest binding relationship file; and verifying that the access to the information intranet service system is allowed by the terminal according to the file relationship, creation, modification, deletion and screening inquiry of a plurality of conditions, or else, sending a request for refusing to access the information intranet service system.
7. The field operation terminal security access protection and detection system according to claim 5, wherein:
the permission vulnerability detection specifically comprises: detecting whether the components of Activity security, Broadcast Receiver security, Service security and Content Provider security have security component exposure or not;
the static vulnerability detection specifically comprises the steps of detecting whether security vulnerabilities exist in Intent security and WebView through decompiling of an application program, and finding component vulnerabilities caused by non-standard use of the program; detecting vulnerability analysis is carried out on code confusion, Dex protection, SO protection, resource file protection and security processing of codes of a third-party loading library;
the operation vulnerability detection specifically comprises detecting and analyzing a memory processing and protection mechanism of the mobile application in the operation process, and finding whether vulnerability risks are modified and damaged.
CN201811132213.4A 2018-09-27 2018-09-27 Safety access protection and detection system for field operation terminal Active CN110691064B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811132213.4A CN110691064B (en) 2018-09-27 2018-09-27 Safety access protection and detection system for field operation terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811132213.4A CN110691064B (en) 2018-09-27 2018-09-27 Safety access protection and detection system for field operation terminal

Publications (2)

Publication Number Publication Date
CN110691064A true CN110691064A (en) 2020-01-14
CN110691064B CN110691064B (en) 2022-01-04

Family

ID=69107482

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811132213.4A Active CN110691064B (en) 2018-09-27 2018-09-27 Safety access protection and detection system for field operation terminal

Country Status (1)

Country Link
CN (1) CN110691064B (en)

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541653A (en) * 2020-04-02 2020-08-14 山东商业职业技术学院 Data communication monitoring system and method
CN111765801A (en) * 2020-06-16 2020-10-13 深圳拼客信息科技有限公司 Shooting range training and intrusion discovery method
CN112016884A (en) * 2020-07-30 2020-12-01 河北新金轧材有限公司 Safety management method and system for field production
CN112118249A (en) * 2020-09-11 2020-12-22 江苏云柜网络技术有限公司 Security protection method and device based on log and firewall
CN112230924A (en) * 2020-11-09 2021-01-15 平安普惠企业管理有限公司 Popup frame prompting method and device, computer equipment and storage medium
CN112260985A (en) * 2020-09-03 2021-01-22 郑州富联智能工坊有限公司 Terminal safety control equipment and terminal safety control method
CN112272176A (en) * 2020-10-23 2021-01-26 常州市同济科技有限公司 Network security protection method and system based on big data platform
CN112291222A (en) * 2020-10-22 2021-01-29 南方电网科学研究院有限责任公司 Electric power edge calculation safety protection system and method
CN112351029A (en) * 2020-11-04 2021-02-09 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Integrated system based on detection equipment
CN112351005A (en) * 2020-10-23 2021-02-09 杭州安恒信息技术股份有限公司 Internet of things communication method and device, readable storage medium and computer equipment
CN112364377A (en) * 2020-11-11 2021-02-12 国网山东省电力公司电力科学研究院 Data classification and classification safety protection system suitable for power industry
CN112511494A (en) * 2020-11-05 2021-03-16 中国电力科学研究院有限公司 Safety protection system and method suitable for electric intelligent terminal equipment
CN112532612A (en) * 2020-11-25 2021-03-19 中国大唐集团科学技术研究院有限公司 Industrial control network safety protection system
CN112688808A (en) * 2020-12-18 2021-04-20 怀来斯达铭数据有限公司 Operation and maintenance management method and system of internet data center and electronic equipment
CN113190200A (en) * 2021-05-10 2021-07-30 郑州魔王大数据研究院有限公司 Exhibition data security protection method and device
CN113239349A (en) * 2021-06-05 2021-08-10 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Network security testing method for power monitoring system
CN113268743A (en) * 2021-06-25 2021-08-17 深圳谷探科技有限公司 Method for improving safety of dynamic loop monitoring system
CN113360475A (en) * 2021-06-18 2021-09-07 广州中爆数字信息科技股份有限公司 Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN113821774A (en) * 2021-09-07 2021-12-21 安徽继远软件有限公司 Terminal security risk module matching and verifying system
CN113973005A (en) * 2021-09-22 2022-01-25 湖南鹏城信息技术有限公司 Data processing system for computer software development
CN114070654A (en) * 2022-01-17 2022-02-18 睿至科技集团有限公司 Safety management and control method and system based on big data
CN114079624A (en) * 2022-01-18 2022-02-22 广东道一信息技术股份有限公司 Architecture data flow monitoring method and system based on multi-user access
CN114301739A (en) * 2021-12-29 2022-04-08 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN114969798A (en) * 2022-07-25 2022-08-30 成都中科合迅科技有限公司 Industrial data safety management method based on digital middlebox
CN115085956A (en) * 2021-03-12 2022-09-20 中国移动通信集团广东有限公司 Intrusion detection method and device, electronic equipment and storage medium
CN115225415A (en) * 2022-09-21 2022-10-21 南京华盾电力信息安全测评有限公司 Password application platform for new energy centralized control system and monitoring and early warning method
TWI781448B (en) * 2020-09-23 2022-10-21 中華電信股份有限公司 System and method for information security protection and computer readable medium
CN115225412A (en) * 2022-09-20 2022-10-21 国网江西省电力有限公司信息通信分公司 Cloud-edge access control system
CN115276963A (en) * 2022-06-13 2022-11-01 云南电网有限责任公司 Power grid security management method, system and medium based on intelligent key
CN115310090A (en) * 2022-10-08 2022-11-08 江苏安几科技有限公司 Terminal reliability dynamic detection system
CN115941326A (en) * 2022-12-07 2023-04-07 贵州电网有限责任公司 Background monitor reinforcement method
CN116094842A (en) * 2023-04-07 2023-05-09 北京豪密科技有限公司 State recognition system and method of network cipher machine
CN116155634A (en) * 2023-04-23 2023-05-23 驿羚江苏大数据有限公司 Charging process safety protection method and system based on SaaS mode
CN116915500A (en) * 2023-09-05 2023-10-20 武汉万数科技有限公司 Security detection method and system for access equipment
CN117424756A (en) * 2023-12-18 2024-01-19 华夏天信智能物联股份有限公司 Mining variable-frequency speed-regulating asynchronous integrated machine control encryption method and device and electronic equipment
CN117424759A (en) * 2023-12-18 2024-01-19 南京思宇电气技术有限公司 Holographic monitoring gateway applied to power distribution room and monitoring system thereof
CN117478432A (en) * 2023-12-27 2024-01-30 国网天津市电力公司信息通信公司 Safety operation and maintenance system for power communication equipment
CN117579665A (en) * 2024-01-15 2024-02-20 深圳汉德霍尔科技有限公司 Cloud display system and device for handheld terminal of Internet of things
CN117792797A (en) * 2024-02-26 2024-03-29 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071650A1 (en) * 2003-09-29 2005-03-31 Jo Su Hyung Method and apparatus for security engine management in network nodes
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN106027476A (en) * 2016-01-21 2016-10-12 李明 Identity card cloud authentication system and card reading system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071650A1 (en) * 2003-09-29 2005-03-31 Jo Su Hyung Method and apparatus for security engine management in network nodes
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN106027476A (en) * 2016-01-21 2016-10-12 李明 Identity card cloud authentication system and card reading system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
翟峰等: "电力采集系统安全防护和密码管理体系", 《网络空间安全》 *
魏彤珈等: "现场作业终端安全接入防护的设计与应用", 《信息记录材料》 *

Cited By (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541653A (en) * 2020-04-02 2020-08-14 山东商业职业技术学院 Data communication monitoring system and method
CN111765801A (en) * 2020-06-16 2020-10-13 深圳拼客信息科技有限公司 Shooting range training and intrusion discovery method
CN112016884A (en) * 2020-07-30 2020-12-01 河北新金轧材有限公司 Safety management method and system for field production
CN112260985A (en) * 2020-09-03 2021-01-22 郑州富联智能工坊有限公司 Terminal safety control equipment and terminal safety control method
CN112118249A (en) * 2020-09-11 2020-12-22 江苏云柜网络技术有限公司 Security protection method and device based on log and firewall
TWI781448B (en) * 2020-09-23 2022-10-21 中華電信股份有限公司 System and method for information security protection and computer readable medium
CN112291222A (en) * 2020-10-22 2021-01-29 南方电网科学研究院有限责任公司 Electric power edge calculation safety protection system and method
CN112351005B (en) * 2020-10-23 2022-11-15 杭州安恒信息技术股份有限公司 Internet of things communication method and device, readable storage medium and computer equipment
CN112351005A (en) * 2020-10-23 2021-02-09 杭州安恒信息技术股份有限公司 Internet of things communication method and device, readable storage medium and computer equipment
CN112272176A (en) * 2020-10-23 2021-01-26 常州市同济科技有限公司 Network security protection method and system based on big data platform
CN112351029A (en) * 2020-11-04 2021-02-09 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Integrated system based on detection equipment
CN112511494A (en) * 2020-11-05 2021-03-16 中国电力科学研究院有限公司 Safety protection system and method suitable for electric intelligent terminal equipment
CN112511494B (en) * 2020-11-05 2023-10-31 中国电力科学研究院有限公司 Safety protection system and method suitable for electric power intelligent terminal equipment
CN112230924A (en) * 2020-11-09 2021-01-15 平安普惠企业管理有限公司 Popup frame prompting method and device, computer equipment and storage medium
CN112364377B (en) * 2020-11-11 2023-06-06 国网山东省电力公司电力科学研究院 Data classification grading safety protection system suitable for power industry
CN112364377A (en) * 2020-11-11 2021-02-12 国网山东省电力公司电力科学研究院 Data classification and classification safety protection system suitable for power industry
CN112532612A (en) * 2020-11-25 2021-03-19 中国大唐集团科学技术研究院有限公司 Industrial control network safety protection system
CN112688808A (en) * 2020-12-18 2021-04-20 怀来斯达铭数据有限公司 Operation and maintenance management method and system of internet data center and electronic equipment
CN115085956B (en) * 2021-03-12 2023-11-24 中国移动通信集团广东有限公司 Intrusion detection method, intrusion detection device, electronic equipment and storage medium
CN115085956A (en) * 2021-03-12 2022-09-20 中国移动通信集团广东有限公司 Intrusion detection method and device, electronic equipment and storage medium
CN113190200A (en) * 2021-05-10 2021-07-30 郑州魔王大数据研究院有限公司 Exhibition data security protection method and device
CN113239349B (en) * 2021-06-05 2024-01-09 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Network security testing method for power monitoring system
CN113239349A (en) * 2021-06-05 2021-08-10 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 Network security testing method for power monitoring system
CN113360475A (en) * 2021-06-18 2021-09-07 广州中爆数字信息科技股份有限公司 Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN113360475B (en) * 2021-06-18 2022-12-09 广州中爆数字信息科技股份有限公司 Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN113268743B (en) * 2021-06-25 2023-12-12 深圳谷探科技有限公司 Method for improving safety of movable ring monitoring system
CN113268743A (en) * 2021-06-25 2021-08-17 深圳谷探科技有限公司 Method for improving safety of dynamic loop monitoring system
CN113821774A (en) * 2021-09-07 2021-12-21 安徽继远软件有限公司 Terminal security risk module matching and verifying system
CN113973005A (en) * 2021-09-22 2022-01-25 湖南鹏城信息技术有限公司 Data processing system for computer software development
CN114301739A (en) * 2021-12-29 2022-04-08 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN114301739B (en) * 2021-12-29 2023-08-22 北京国家新能源汽车技术创新中心有限公司 Central gateway security architecture, system and storage medium
CN114070654B (en) * 2022-01-17 2022-04-08 睿至科技集团有限公司 Safety management and control method and system based on big data
CN114070654A (en) * 2022-01-17 2022-02-18 睿至科技集团有限公司 Safety management and control method and system based on big data
CN114079624A (en) * 2022-01-18 2022-02-22 广东道一信息技术股份有限公司 Architecture data flow monitoring method and system based on multi-user access
CN115276963A (en) * 2022-06-13 2022-11-01 云南电网有限责任公司 Power grid security management method, system and medium based on intelligent key
CN114969798A (en) * 2022-07-25 2022-08-30 成都中科合迅科技有限公司 Industrial data safety management method based on digital middlebox
CN115225412B (en) * 2022-09-20 2023-01-03 国网江西省电力有限公司信息通信分公司 Cloud-edge access control system
CN115225412A (en) * 2022-09-20 2022-10-21 国网江西省电力有限公司信息通信分公司 Cloud-edge access control system
CN115225415A (en) * 2022-09-21 2022-10-21 南京华盾电力信息安全测评有限公司 Password application platform for new energy centralized control system and monitoring and early warning method
CN115225415B (en) * 2022-09-21 2023-01-24 南京华盾电力信息安全测评有限公司 Password application platform for new energy centralized control system and monitoring and early warning method
CN115310090A (en) * 2022-10-08 2022-11-08 江苏安几科技有限公司 Terminal reliability dynamic detection system
CN115941326A (en) * 2022-12-07 2023-04-07 贵州电网有限责任公司 Background monitor reinforcement method
CN116094842B (en) * 2023-04-07 2023-06-06 北京豪密科技有限公司 State recognition system and method of network cipher machine
CN116094842A (en) * 2023-04-07 2023-05-09 北京豪密科技有限公司 State recognition system and method of network cipher machine
CN116155634A (en) * 2023-04-23 2023-05-23 驿羚江苏大数据有限公司 Charging process safety protection method and system based on SaaS mode
CN116915500A (en) * 2023-09-05 2023-10-20 武汉万数科技有限公司 Security detection method and system for access equipment
CN116915500B (en) * 2023-09-05 2023-11-17 武汉万数科技有限公司 Security detection method and system for access equipment
CN117424756A (en) * 2023-12-18 2024-01-19 华夏天信智能物联股份有限公司 Mining variable-frequency speed-regulating asynchronous integrated machine control encryption method and device and electronic equipment
CN117424759A (en) * 2023-12-18 2024-01-19 南京思宇电气技术有限公司 Holographic monitoring gateway applied to power distribution room and monitoring system thereof
CN117424756B (en) * 2023-12-18 2024-03-01 华夏天信智能物联股份有限公司 Mining variable-frequency speed-regulating asynchronous integrated machine control encryption method and device and electronic equipment
CN117424759B (en) * 2023-12-18 2024-03-22 南京思宇电气技术有限公司 Holographic monitoring gateway applied to power distribution room and monitoring system thereof
CN117478432A (en) * 2023-12-27 2024-01-30 国网天津市电力公司信息通信公司 Safety operation and maintenance system for power communication equipment
CN117478432B (en) * 2023-12-27 2024-03-19 国网天津市电力公司信息通信公司 Safety operation and maintenance system for power communication equipment
CN117579665A (en) * 2024-01-15 2024-02-20 深圳汉德霍尔科技有限公司 Cloud display system and device for handheld terminal of Internet of things
CN117792797A (en) * 2024-02-26 2024-03-29 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis
CN117792797B (en) * 2024-02-26 2024-05-14 中国信息通信研究院 Data authority management method and device based on industrial Internet identification analysis

Also Published As

Publication number Publication date
CN110691064B (en) 2022-01-04

Similar Documents

Publication Publication Date Title
CN110691064B (en) Safety access protection and detection system for field operation terminal
CN114978584A (en) Network security protection safety method and system based on unit cell
CN112383524B (en) Operation and maintenance auditing method, device and medium for transformer substation power monitoring system
CN110011848B (en) Mobile operation and maintenance auditing system
CN112653689B (en) Terminal zero trust security control method and system
CN102355467B (en) Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission
CN109361646A (en) Network security monitoring and cognitive method in a kind of application of mobile interchange
CN115314286A (en) Safety guarantee system
CN110688653A (en) Client security protection method and device and terminal equipment
CN116962076A (en) Zero trust system of internet of things based on block chain
CN117708880A (en) Intelligent security processing method and system for banking data
CN110401621A (en) A kind of means of defence of sensitive instructions, equipment and storage medium
CN113365277A (en) Wireless network safety protection system
CN115550063B (en) Network information security supervision method and system
CN115982681A (en) Computer network identity verification system
RU2443017C1 (en) System of data protection from unauthorized access to the data that constitutes national security information
CN113973193A (en) Security quality control method, electronic device and readable medium
CN112769784A (en) Text processing method and device, computer readable storage medium and processor
CN113839922B (en) Information safety protection system and method for video monitoring system
Guo et al. Research on risk analysis and security testing technology of mobile application in power system
EP4047872A1 (en) Remote biometric system for monitoring and authorizing the assistance on a computer
CN117375996A (en) Internet of things equipment safety detection system and method
CN117763525A (en) Mobile terminal information safety protection system and method
Zhan et al. Analysis of Power Grid Security Access Protection Based on Internet Technology
CN118018277A (en) Intelligent monitoring method and system for computer information security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant