CN114329384A - Safety protection method for power grid operating system - Google Patents
Safety protection method for power grid operating system Download PDFInfo
- Publication number
- CN114329384A CN114329384A CN202111609753.9A CN202111609753A CN114329384A CN 114329384 A CN114329384 A CN 114329384A CN 202111609753 A CN202111609753 A CN 202111609753A CN 114329384 A CN114329384 A CN 114329384A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- operating system
- target resource
- grid operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a safety protection method for a power grid operating system, which comprises the following steps: configuring an associated role for each user in the power grid operating system; acquiring login information of a user; determining whether a user is allowed to log in the power grid operating system or not according to the login information; receiving an access request generated by a user based on the associated role of the user after logging in a power grid operating system, wherein the access request comprises a target resource to be accessed and an operation action to be executed; acquiring state information of the target resource according to the access request; and determining whether to allow the user to execute the operation action on the target resource according to the state information of the target resource. According to the method and the device, whether the user can execute the corresponding operation action is determined according to the state information of the target resource, so that the target resource can be prevented from being randomly tampered and deleted, and the safety of the target resource is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a security protection method for a power grid operating system.
Background
Nowadays, the internet and the technology thereof are deeply embedded into every corner of social production life, network attack activities are more frequent, and enterprise and personal information security is threatened unprecedentedly. At present, a general user can randomly operate file resources after logging in an operating system, and information leakage or tampering, loss and the like are easily caused. In addition, at present, access to the operating system is usually verified in the form of an account number and a password (or a fingerprint, etc.), and the security is poor.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a safety protection method for a power grid operating system.
The purpose of the invention is realized by the following technical scheme: the safety protection method for the power grid operating system comprises the following steps:
configuring an associated role for each user in the power grid operating system;
acquiring login information of a user;
determining whether a user is allowed to log in the power grid operating system or not according to the login information;
receiving an access request generated by a user based on the associated role of the user after logging in a power grid operating system, wherein the access request comprises a target resource and an operation action;
acquiring state information of the target resource according to the access request;
and determining whether to allow the user to execute the operation action on the target resource according to the state information of the target resource.
Preferably, determining whether to allow the user to log in to the grid operating system according to the login information includes:
performing primary verification on account information and verification information in the login information;
determining whether to perform secondary verification according to the result of the primary verification, the address information and the time information in the login information;
if the secondary verification is carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the secondary verification;
and if the secondary verification is not carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the primary verification.
Preferably, the verifying the account information and the verification information in the login information once includes:
verifying whether the account information in the login information is legal or not;
and verifying whether the account information in the login information is matched with the verification information.
Preferably, the secondary verification includes:
sending the login information to a preset terminal so that a verification person can verify the login information through the preset terminal;
and receiving a verification result from a preset terminal.
Preferably, the method for generating the access request includes:
determining an active role in the associated roles of the user according to the address information and the time information in the login information;
giving the operation authority which the activity role has to the user;
and the user generates an access request based on the operation authority.
Preferably, the operation action includes one or more of viewing, modifying and deleting.
Preferably, determining whether to allow the user to perform the operation action on the target resource according to the state information of the target resource includes:
when the target resource is in a hidden state, refusing the user to execute checking, modifying and deleting operations on the target resource;
when the target resource is in a locked state, refusing the user to modify and delete the target resource;
and when the target resource is in a shared state, allowing the user to perform viewing, modifying and deleting operations on the target resource.
Preferably, the grid operating system safety protection method further includes:
and recording the operation action and the operation time of the user on the target resource.
The invention has the beneficial effects that:
(1) according to the method and the device, whether the user can execute the corresponding operation action is determined according to the state information of the target resource, so that the target resource can be prevented from being randomly tampered and deleted, and the safety of the target resource is improved;
(2) according to the invention, whether the login information is subjected to secondary verification is determined according to the actual condition, so that the safety is improved;
(3) according to the invention, the secondary verification is carried out in a manual verification mode, so that the safety and the flexibility of the verification are improved.
Drawings
FIG. 1 is a flow diagram of a method for security protection of a grid operating system in one embodiment;
FIG. 2 is a flow diagram of determining whether to allow a user to log into a grid operating system in one embodiment;
FIG. 3 is a flow diagram of a method for generating an access request in one embodiment.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1 to fig. 3, the embodiment provides a method for protecting a grid operating system:
as shown in fig. 1, the method for protecting the safety of the grid operating system includes:
s1, configuring an associated role for each user in a power grid operating system.
Generally, one or more associated roles are configured for each user as required, each role has a corresponding operation authority, and the user has all the operation authorities of its associated role.
And S2, obtaining login information of the user.
Generally, the login information of a user includes account information, verification information, address information and time information, the account information is an account input by the user, the verification information is password information, fingerprint information and the like input by the user, the account information and the verification information form a login request of the user, the address information can be an IP address when the user submits the login request, and the time information can be time when the user submits the login request.
And S3, determining whether the user is allowed to log in the power grid operating system or not according to the login information.
In some embodiments, as shown in fig. 2, determining whether to allow a user to log into the grid operating system based on the login information includes:
and S31, carrying out primary verification on the account information and the verification information in the login information.
Generally, the first authentication of the account information and the authentication information in the login information includes: verifying whether the account information in the login information is legal or not; and verifying whether the account information in the login information is matched with the verification information. When the account information is legal and the account information is matched with the verification information, the verification is regarded as successful (passed) once; and if the account information is illegal or the account information is not matched with the verification information, considering that one-time verification fails (fails). For example, if the registration information of the account information is not found in the system, the account information is considered to be illegal.
S32, determining whether to perform secondary verification according to the result of the primary verification, the address information and the time information in the login information; if the secondary verification is carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the secondary verification; and if the secondary verification is not carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the primary verification.
Generally, if the result of the primary verification is verification failure, the secondary verification is not performed; if the result of the first verification is successful, whether secondary verification is required or not is judged according to the address information and the time information, if the address information or the time information is not in a preset IP address white list and a preset time white list, the secondary verification is carried out, and otherwise, the secondary verification is not carried out. In the embodiment, whether the login information is subjected to secondary verification is determined according to the actual situation, so that the safety is improved. For example, when logging in at a time other than working time, performing secondary verification; when logging in with an IP address outside the company, secondary authentication is performed.
In some embodiments, the step of secondary verification comprises: sending the login information to a preset terminal so that a verification person can verify the login information through the preset terminal; and receiving a verification result from a preset terminal. In other words, in the embodiment, manual verification is introduced during secondary verification, and only after the manual verification is passed, the user can log in the power grid operating system, so that the security of logging in the power grid operating system is improved, the flexibility of verification is improved, and the user can be allowed or refused to log in the power grid operating system according to actual conditions.
And S4, receiving an access request generated by a user based on the associated role after the user logs in the power grid operating system, wherein the access request comprises a target resource and an operation action.
In some embodiments, as shown in fig. 3, the access request is generated by: determining an active role in the associated roles of the user according to the address information and the time information in the login information; giving the operation authority which the activity role has to the user; and generating an access request by the user based on the operation authority, wherein the access request comprises a target resource and an operation action.
In this embodiment, the associated roles of the user include an active role and a dormant role, the associated role is an active role when the associated role is within a preset active time period, the associated role is a dormant role when the associated role is outside the active time period, the user can use the operation permission corresponding to the active role, and the user cannot use the operation permission corresponding to the dormant role.
In this embodiment, the operation action includes one or more of viewing, modifying, and deleting.
And S5, acquiring the state information of the target resource according to the access request.
In this embodiment, before this step, a step of presetting states of each target resource is further included, where the states of the target resources include a hidden state, a locked state, and a shared state. Generally, at least one manager is set for a target resource when the target resource is created, and the manager can set and modify the state of the target resource and set and modify the state switching rule of the target resource (the manager can modify the state of the target resource and the state switching rule when the corresponding target resource is in any state); for example, the target resource is set to be in different states in different time periods, the working time period is set to be in a shared state, the non-working time period is set to be in a locked state, and the like.
And S6, determining whether to allow the user to execute the operation action on the target resource according to the state information of the target resource.
In this embodiment, determining whether to allow the user to perform the operation action on the target resource according to the state information of the target resource includes: when the target resource is in a hidden state, refusing the user to execute checking, modifying and deleting operations on the target resource; when the target resource is in a locked state, refusing the user to modify and delete the target resource; and when the target resource is in a shared state, allowing the user to perform viewing, modifying and deleting operations on the target resource. In the embodiment, whether the user can operate the target resource is determined according to the state information of the target resource, so that the safety of the target resource is improved.
In some embodiments, the grid operating system security protection method further comprises: and recording the operation action and the operation time of the user on the target resource. In this embodiment, through carrying out the record to user's operation action and operating time, the later stage of being convenient for is traceed back.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. The safety protection method for the power grid operating system is characterized by comprising the following steps:
configuring an associated role for each user in the power grid operating system;
acquiring login information of a user;
determining whether a user is allowed to log in the power grid operating system or not according to the login information;
receiving an access request generated by a user based on the associated role of the user after logging in a power grid operating system, wherein the access request comprises a target resource to be accessed and an operation action to be executed;
acquiring state information of the target resource according to the access request;
and determining whether to allow the user to execute the operation action on the target resource according to the state information of the target resource.
2. The grid operating system security protection method according to claim 1, wherein determining whether to allow a user to log into the grid operating system according to the login information comprises:
performing primary verification on account information and verification information in the login information;
determining whether to perform secondary verification according to the result of the primary verification, the address information and the time information in the login information;
if the secondary verification is carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the secondary verification;
and if the secondary verification is not carried out, determining whether the user is allowed to log in the power grid operating system or not according to the result of the primary verification.
3. The grid operating system security protection method according to claim 2, wherein verifying the account information and the verification information in the login information once includes:
verifying whether the account information in the login information is legal or not;
and verifying whether the account information in the login information is matched with the verification information.
4. The grid operating system safety protection method according to claim 2, wherein the secondary verification comprises:
sending the login information to a preset terminal so that a verification person can verify the login information through the preset terminal;
and receiving a verification result from a preset terminal.
5. The grid operating system security protection method according to claim 1, wherein the access request is generated by:
determining an active role in the associated roles of the user according to the address information and the time information in the login information;
giving the operation authority which the activity role has to the user;
and the user generates an access request based on the operation authority.
6. The grid operating system security protection method according to claim 1, wherein the operating action includes one or more of viewing, modifying, and deleting.
7. The grid operating system safety protection method according to claim 6, wherein determining whether to allow the user to perform the operation action on the target resource according to the state information of the target resource comprises:
when the target resource is in a hidden state, refusing the user to execute checking, modifying and deleting operations on the target resource;
when the target resource is in a locked state, refusing the user to modify and delete the target resource;
and when the target resource is in a shared state, allowing the user to perform viewing, modifying and deleting operations on the target resource.
8. The grid operating system safeguard method according to claim 1, characterized in that the grid operating system safeguard method further comprises:
and recording the operation action and the operation time of the user on the target resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111609753.9A CN114329384A (en) | 2021-12-27 | 2021-12-27 | Safety protection method for power grid operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111609753.9A CN114329384A (en) | 2021-12-27 | 2021-12-27 | Safety protection method for power grid operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329384A true CN114329384A (en) | 2022-04-12 |
Family
ID=81012524
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111609753.9A Pending CN114329384A (en) | 2021-12-27 | 2021-12-27 | Safety protection method for power grid operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329384A (en) |
-
2021
- 2021-12-27 CN CN202111609753.9A patent/CN114329384A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173822B (en) | Intelligent door lock control method, intelligent door lock and computer readable storage medium | |
| US7523499B2 (en) | Security attack detection and defense | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| US20090235345A1 (en) | Authentication system, authentication server apparatus, user apparatus and application server apparatus | |
| US20050262564A1 (en) | Using trusted communication channel to combat user name/password theft | |
| CN103455763A (en) | Internet surfing log recording system and method capable of protecting personal privacies of users | |
| CN106161348B (en) | Single sign-on method, system and terminal | |
| US9092599B1 (en) | Managing knowledge-based authentication systems | |
| JP2005234729A (en) | Unauthorized access protection system and its method | |
| CN112653714A (en) | Access control method, device, equipment and readable storage medium | |
| CN103560883A (en) | Safety identification method, between android application programs, based on user right | |
| CN109936555A (en) | A kind of date storage method based on cloud platform, apparatus and system | |
| CN102833247A (en) | Method for anti-sweeping ciphers in user login system and device thereof | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| KR101768942B1 (en) | System and method for secure authentication to user access | |
| CN101854357B (en) | Method and system for monitoring network authentication | |
| US20150067784A1 (en) | Computer network security management system and method | |
| CN114491582A (en) | Authentication method and device and terminal equipment | |
| CN113221095A (en) | Application program protection method and device, electronic equipment and storage medium | |
| CN112398787B (en) | Mailbox login verification method and device, computer equipment and storage medium | |
| JP2004213475A (en) | Login request reception device and access management device | |
| CN110351296B (en) | Application login method and device and related equipment thereof | |
| CN113922975A (en) | Security control method, server, terminal, system and storage medium | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| JP6842951B2 (en) | Unauthorized access detectors, programs and methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |