CN115021936A - Terminal equipment safety access authentication authorization method and system of remote station - Google Patents
Terminal equipment safety access authentication authorization method and system of remote station Download PDFInfo
- Publication number
- CN115021936A CN115021936A CN202210655680.5A CN202210655680A CN115021936A CN 115021936 A CN115021936 A CN 115021936A CN 202210655680 A CN202210655680 A CN 202210655680A CN 115021936 A CN115021936 A CN 115021936A
- Authority
- CN
- China
- Prior art keywords
- authentication
- authorization
- information
- platform
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 209
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000004044 response Effects 0.000 claims abstract description 50
- 238000007599 discharging Methods 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 21
- 230000002452 interceptive effect Effects 0.000 description 14
- 230000003993 interaction Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- VEMKTZHHVJILDY-UHFFFAOYSA-N resmethrin Chemical compound CC1(C)C(C=C(C)C)C1C(=O)OCC1=COC(CC=2C=CC=CC=2)=C1 VEMKTZHHVJILDY-UHFFFAOYSA-N 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a terminal equipment safety access authentication authorization method and a system of a far-end station, relating to the technical field of terminal equipment access authentication.A local side number discharge platform authenticates authentication information reported by terminal equipment as a first step of the terminal equipment safety access authentication authorization, so that the interference phenomenon of normal scheduling number discharge between the far-end station and the local side number discharge platform caused by random access of the terminal equipment is avoided, and the access of the terminal equipment is authorized on the premise of passing the authentication; when the authentication fails, a safety access platform is introduced, in order to further control the running state of the remote station, the pre-authorization condition is determined according to the running state information of the local number-discharging platform, and when the authentication information of the authentication failure event meets the pre-authorization condition, a pre-authorization configuration response is sent to enable the terminal equipment to become pre-authorization equipment, and authorization is automatically obtained, so that the terminal equipment information of the access station is flexibly processed.
Description
Technical Field
The present invention relates to the technical field of terminal device access authentication, and more particularly, to a method and a system for terminal device secure access authentication authorization of a remote station.
Background
In a power grid management system, power dispatching is a very important project, and mainly manages the organization, command, guidance, coordinated operation and the like of power. With the development and application of computer technology, network communication technology and the like in the power field, power dispatching gradually tends to be automatic, in power dispatching, a dispatching telephone is the most direct means for commanding power dispatching, and the dispatching telephone is an independent telephone channel which is automatically built by a power grid enterprise according to the importance of dispatching and the busyness of enterprise management, and can carry out centralized acquisition and data analysis on multi-level networking relay signaling messages. The dispatching trumpet is an important layout mode of dispatching telephones, relies on a local-side number-discharging platform, faces to a remote station, and ensures stable and reliable communication between the local-side number-discharging platform and the remote station, such as a transformer station, a converter station and a power plant which are remotely and dispersedly located.
The interactive communication between each remote station and the local side number discharge platform is basically the interactive communication between the terminal equipment of the remote station and the local side, and the safety access problem of the terminal equipment causes the attention of technical personnel. If the terminal equipment is randomly accessed, normal dispatching number allocation between a remote station and a local side number allocation platform is disturbed, in order to ensure the safety and reliability of the dispatching number allocation, the work of safe access identification and authentication authorization is necessary for the terminal equipment of the remote station.
In the process of safe access identification and authentication authorization of terminal equipment of a remote station, the terminal equipment of the remote station is an initiator, an authentication authorization server of a power grid program control dispatching exchanger is a controller, and a local side number discharge platform is an enforcer. In addition, the positions of the remote stations are scattered and remote, the operation condition is not easy to control, real-time interaction between the remote stations and the local number discharge platform is guaranteed, and workers can conveniently control the operation condition of the remote stations in time, so that a set of flexible processing mode is needed when facing terminal equipment to be accessed to the remote stations, and the authentication authorization of the terminal equipment does not influence the normal interactive communication between the remote stations and the local number discharge platform.
Disclosure of Invention
In order to solve the problem of how to flexibly process the access of terminal equipment to a remote station, the invention provides an authentication and authorization method and system for the terminal equipment of the remote station in power dispatching.
In order to achieve the technical effects, the technical scheme of the invention is as follows:
a terminal device security access authentication authorization method of a remote site comprises the following steps:
s1, powering on a terminal device to be authenticated and authorized, reporting authentication information A by the terminal device, transmitting the authentication information A to a local side number discharge platform by a remote station where the terminal device is located, and authenticating after receiving the authentication information A by the local side number discharge platform;
s2, if the authentication is passed, the local side number discharge platform packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of the power grid program control dispatching switch, and step S3 is executed; if the authentication fails, the office number platform reports an authentication failure event containing the authentication information A and self running state information to the security access platform, and executes the step S4;
s3, the authentication authorization server analyzes an authentication passing message in the authorization request and sends an authorization response to the local side number discharge platform, the local side number discharge platform determines whether the terminal equipment is accessed, and the local side number discharge platform sends information allowing the terminal equipment to be accessed to a remote station after receiving the authorization response, and the terminal equipment is accessed;
s4, the security access platform determines a pre-authorization condition according to the self-running state information of the local side number discharge platform, analyzes authentication information A of an event that the authentication does not pass, if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local side number discharge platform, the local side number discharge platform forwards the pre-authorization configuration response to a remote station, the terminal equipment becomes pre-authorization equipment, and access authorization is automatically obtained; and if the authentication information A does not meet the pre-authorization condition, rejecting the terminal equipment to access the remote site.
In the technical scheme, the authentication information reported by the terminal equipment is authenticated by the local side number discharge platform as the first step of the terminal equipment safety access authentication authorization, the interference phenomenon that the terminal equipment is randomly accessed to normal scheduling number discharge between a remote station and the local side number discharge platform is avoided, the local side number discharge platform packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of a power grid program control scheduling switch on the premise that the authentication passes, the authentication authorization server is requested to determine the authorization of whether the terminal equipment is accessed or not, the local side number discharge platform receives the authorization response and then sends information allowing the terminal equipment to be accessed to the remote station, the terminal equipment is accessed, and the scheduling communication interaction between the local side number discharge platform and the remote station is not influenced; when the authentication is not passed, the interactive communication between each far-end station and the local-side number discharge platform is considered, namely the essence of the interactive communication between the terminal equipment of the far-end station and the local-side, a safety access platform is introduced, the running condition of the far-end station is further mastered, the pre-authorization condition is determined according to the running state information of the local-side number discharge platform, when the authentication information of the authentication-failing event meets the pre-authorization condition, the pre-authorization configuration response is sent to enable the terminal equipment to become pre-authorization equipment, authorization is automatically obtained, the terminal equipment information of the access station is flexibly processed, the management and overall planning are carried out on the safety access of the terminal equipment, and the real-time interaction between the far-end station and the local-side number discharge platform is ensured.
Preferably, an authentication information base is provided on the authentication authorization server of the power grid program-controlled dispatching exchange, and step S1 further includes: the authentication authorization server of the power grid program control dispatching switch configures information required for authentication for the local side number discharge platform, wherein the information required for authentication comprises the following information: the equipment type information and hardware ID information of the terminal equipment in the authentication information base, and the authentication information A reported by the terminal equipment comprises: device type information and hardware ID information of the terminal device.
Here, the authentication information base stores information required for the current terminal device access authentication, that is, device type information and hardware ID information of the terminal device, and the authentication information base is updated continuously as the scheduled communication interaction progresses.
Preferably, in step S2, when the authentication information a reported by the terminal device is completely consistent with the information required for authentication configured by the authentication authorization server of the grid program control dispatching switch for the office number platform, that is, both the device type information and the hardware ID information are consistent, the authentication is passed, otherwise, the authentication is not passed.
The authentication information reported by the terminal equipment is authenticated by the local side number discharge platform as the first step of the terminal equipment safety access authentication authorization, and the equipment type information and the hardware ID information are both consistent as the absolute authentication passing conditions, so that the interference phenomenon of the random access of the terminal equipment on the normal scheduling number discharge between the remote station and the local side number discharge platform is initially avoided.
Preferably, in step S4, the local side number platform running state information includes a channel interface idle state and a traffic load type idle state.
Here, the transmission between the local side number allocation platform and the remote site is based on optical transmission network bearer, the local side number allocation platform itself needs to support a plurality of downlink E1 channel interfaces, each channel interface includes a circuit channel, an IP channel, and a management channel, and the local side number allocation platform supports matching service use conditions and allocating service load time slots.
Preferably, in step S4, if the device type of the terminal device in the authentication information a of the authentication non-passing event is consistent with the idle service load type of the office number platform and the office number platform has an idle channel interface, the authentication information a meets the pre-authorization condition and the terminal device becomes a pre-authorization device.
Preferably, after the terminal equipment to be authenticated and authorized is powered on, the IP address of the safe access platform is manually or automatically configured, the IP address of the safe access platform is transmitted to the local side number discharge platform, and the IP address is transmitted to the authentication and authorization server of the power grid program control dispatching switch by the local side number discharge platform;
if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local-side number discharge platform, the local-side number discharge platform forwards the pre-authorization configuration response to the remote station and forwards the pre-authorization configuration response to an authentication authorization server of the power grid program control dispatching switch, the authentication authorization server of the power grid program control dispatching switch updates an authentication information base, and hardware ID information in the authentication information A is brought into the authentication information base.
Here, with the development of dispatch communication interaction, the authentication information base is also updated continuously, the updating of the authentication information base is performed on the authentication server, and the pre-authorization configuration response sent by the security access platform is a direct command for the authentication server to update the authentication information base, and the IP address of the security access platform can be used for the definition of the authentication server on the security access platform.
Preferably, when the authentication information a does not meet the pre-authorization condition, the terminal device is denied access to the remote site, and the security access platform stores the authentication failure event and gives an alarm.
The invention also provides a system for terminal equipment safety access authentication and authorization of the remote site, which comprises:
each remote station can provide an access point for pre-accessing own terminal equipment to be authenticated and authorized, and transmits authentication information A reported by the terminal equipment to the local terminal number discharge platform after the terminal equipment to be authenticated and authorized is powered on;
the local side number discharge platform is communicated with a plurality of remote stations, receives authentication information A transmitted by the remote stations and then performs authentication, packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of the power grid program control dispatching switch when the authentication passes, and transmits information allowing terminal equipment to access to the remote stations after receiving an authorization response of the authentication authorization server, and the terminal equipment is accessed; when the authentication fails, reporting an authentication failing event containing authentication information A and self running state information to the security access platform;
the power grid program control dispatching switch is provided with an authentication authorization server and is used for processing an authorization request, sending an authorization response to the local side number discharge platform when the authentication is passed, and determining whether the terminal equipment is accessed or not by the authorization local side number discharge platform;
and the safety access platform determines a pre-authorization condition according to the self running state information of the local side number discharge platform and analyzes whether the authentication information A of the event that the authentication does not pass meets the pre-authorization condition.
Preferably, when the authentication information a meets the pre-authorization condition, the secure access platform sends a pre-authorization configuration response to the office-side number discharge platform, the office-side number discharge platform forwards the pre-authorization configuration response to the remote site, and the terminal device becomes a pre-authorization device and automatically obtains access authorization.
Preferably, the secure access platform is provided with an alarm unit for alarming when the authentication information a does not meet the pre-authorization condition.
Preferably, the authentication authorization server is provided with an authentication information base, if the authentication information a meets the pre-authorization condition, the secure access platform sends a pre-authorization configuration response to the office-side number discharge platform, the office-side number discharge platform forwards the pre-authorization configuration response to the remote site and forwards the pre-authorization configuration response to the authentication authorization server of the power grid program control dispatching switch, the authentication authorization server of the power grid program control dispatching switch updates the authentication information base, and the hardware ID information in the authentication information a is brought into the authentication information base.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
the invention provides a method and a system for terminal equipment safety access authentication and authorization of a remote station.A terminal equipment, a local side number discharge platform and an authentication and authorization server of the remote station are coordinated to participate in an authentication and authorization flow of safety access identification, the authentication information reported by the terminal equipment is authenticated by the local side number discharge platform as a first step of the terminal equipment safety access authentication and authorization, the interference phenomenon of normal scheduling number discharge between the remote station and the local side number discharge platform caused by random access of the terminal equipment is avoided, and the access of the terminal equipment is authorized on the premise of passing authentication; when the authentication fails, the interactive communication between each far-end station and the local side number platform is considered, namely the essence of the interactive communication between the terminal equipment of the far-end station and the local side, a safety access platform is introduced to further master the operation state of the far-end station, a pre-authorization condition is determined according to the self operation state information of the local side number platform, and when the authentication information of the authentication failure event meets the pre-authorization condition, a pre-authorization configuration response is sent to enable the terminal equipment to become pre-authorization equipment to automatically obtain authorization, so that the terminal equipment information of the access station is flexibly processed, the safety access of the terminal equipment is managed and orchestrated, and the real-time interaction between the far-end station and the local side number platform is ensured.
Drawings
Fig. 1 shows a flowchart of a method for authenticating and authorizing terminal device secure access of a remote station according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram illustrating a process of pre-authorization determination and updating an authentication information base when the terminal device proposed in embodiment 2 of the present invention fails to pass authentication;
fig. 3 is a structural diagram of a system for securely accessing, authenticating and authorizing a terminal device of a remote station according to embodiment 4 of the present invention.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
for better illustration of the present embodiment, certain parts of the drawings may be omitted, enlarged or reduced, and do not represent actual dimensions;
it will be understood by those skilled in the art that certain well-known descriptions of the figures may be omitted.
The positional relationships depicted in the drawings are for illustrative purposes and are not to be construed as limiting the present patent;
the technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
Example 1
In this embodiment, starting from an authentication and authorization process of coordinating a terminal device, a local side number platform, and an authentication and authorization server of a remote site to participate in secure access identification, considering interactive communication between each remote site and the local side number platform, that is, the nature of interactive communication between the terminal device of the remote site and the local side, flexibly processing terminal device information of an access site, and providing a method for secure access authentication and authorization of a terminal device of the remote site, where a flow chart of the method is shown in fig. 1, see fig. 1, the method includes the following steps:
s1, powering on a terminal device to be authenticated and authorized, reporting authentication information A by the terminal device, transmitting the authentication information A to a local side number discharge platform by a remote station where the terminal device is located, and authenticating after receiving the authentication information A by the local side number discharge platform;
s2, if the authentication is passed, the local side number discharge platform packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of the power grid program control dispatching switch, and step S3 is executed; if the authentication fails, the office number platform reports an authentication failure event containing the authentication information A and self running state information to the security access platform, and executes the step S4;
s3, the authentication authorization server analyzes an authentication passing message in the authorization request and sends an authorization response to the local side number discharge platform, the local side number discharge platform determines whether the terminal equipment is accessed, and the local side number discharge platform sends information allowing the terminal equipment to be accessed to a remote station after receiving the authorization response, and the terminal equipment is accessed;
s4, the security access platform determines a pre-authorization condition according to the self running state information of the local side number discharge platform, analyzes authentication information A of an event that the authentication does not pass, if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local side number discharge platform, the local side number discharge platform forwards the pre-authorization configuration response to a remote station, the terminal equipment becomes pre-authorization equipment, and access authorization is automatically obtained; and if the authentication information A does not meet the pre-authorization condition, rejecting the terminal equipment to access the remote site.
On the whole, the authentication information reported by the terminal equipment is authenticated by the local side number discharge platform as the first step of the terminal equipment safety access authentication authorization, the interference phenomenon that the terminal equipment is randomly accessed to normal scheduling number discharge between a remote station and the local side number discharge platform is avoided, the local side number discharge platform packages the authentication passing information into an authorization request to be transmitted to an authentication authorization server of the power grid program control dispatching exchanger on the premise that the authentication passes, the authentication authorization server is requested to determine the authorization of whether the terminal equipment is accessed or not, the local side number discharge platform receives the authorization response, then the information allowing the terminal equipment to be accessed is sent to the remote station, the terminal equipment is accessed, and the scheduling communication interaction between the local side number discharge platform and the remote station is not influenced; when the authentication fails, considering interactive communication between each far-end station and the local-end number discharge platform, which is basically the essence of the interactive communication between the terminal equipment of the far-end station and the local-end, a safe access platform is introduced to further control the operating condition of the far-end station, a pre-authorization condition is determined according to the self operating state information of the local-end number discharge platform, and when the authentication information of an event that the authentication fails conforms to the pre-authorization condition, a pre-authorization configuration response is sent to enable the terminal equipment to become pre-authorization equipment, authorization is automatically obtained, and therefore the terminal equipment information of the access station is flexibly processed.
In this embodiment, an authentication information base is provided on an authentication authorization server of the power grid program control dispatching switch, and in an actual situation, information required for current terminal device access authentication, that is, device type information and hardware ID information of the terminal device, is stored in the authentication information base, and the authentication information base is also updated continuously with the development of dispatching communication interaction.
Step S1 further includes the following steps: the authentication authorization server of the power grid program control dispatching switch configures information required for authentication for the local side number discharge platform, wherein the information required for authentication comprises the following information: the equipment type information and hardware ID information of the terminal equipment in the authentication information base, and the authentication information A reported by the terminal equipment comprises: device type information and hardware ID information of the terminal device.
The authentication information reported by the terminal equipment is authenticated by the local terminal number platform as the first step of the terminal equipment safety access authentication authorization, the equipment type information and the hardware ID information are both consistent as the absolute authentication passing condition, in step S2, when the authentication information A reported by the terminal equipment is completely consistent with the information required by the authentication and authorization server of the power grid program control dispatching switch for the authentication configured for the local terminal number platform, namely the equipment type information and the hardware ID information are both consistent, the authentication is passed, otherwise, the authentication is not passed, thus the interference phenomenon of the random access of the terminal equipment to the normal dispatching number between a remote station and the local terminal number platform is preliminarily avoided.
Example 2
In this embodiment, based on the implementation process of the method for authenticating and authorizing the terminal device of the remote station provided in embodiment 1, and still based on the content of the authentication information base provided on the authentication and authorization server of the power grid program control dispatching switch, the authentication information a reported by the terminal device is: when the device type information and hardware ID information of the terminal device are not authenticated, the interactive communication between each remote station and the local side number discharge platform is considered, namely the nature of the interactive communication between the terminal device of the remote station and the local side, a safe access platform is introduced, the operation state of the remote station is further mastered, and the pre-authorization condition is determined according to the self operation state information of the local side number discharge platform.
In the present embodiment, the transmission between the office end number allocation platform and the remote site is based on optical transmission network bearer, the office end number allocation platform itself needs to support a plurality of downlink E1 channel interfaces, each channel interface includes a circuit channel, an IP channel, and a management channel, and the office end number allocation platform supports matching service usage and allocating service load time slots.
If the equipment type of the terminal equipment in the authentication information A of the event which does not pass the authentication is consistent with the idle service load type of the local side number discharge platform and the local side number discharge platform has an idle channel interface, the authentication information A accords with the pre-authorization condition and the terminal equipment becomes pre-authorization equipment.
In addition, after the terminal equipment to be authenticated and authorized is powered on, the IP address of the safe access platform is manually or automatically configured, and the IP address of the safe access platform is transmitted to the local side number discharge platform and is transmitted to the authentication and authorization server of the power grid program control dispatching switch by the local side number discharge platform;
if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local-side number discharge platform, the local-side number discharge platform forwards the pre-authorization configuration response to the remote station and forwards the pre-authorization configuration response to an authentication authorization server of the power grid program control dispatching switch, the authentication authorization server of the power grid program control dispatching switch updates an authentication information base, and hardware ID information in the authentication information A is brought into the authentication information base. Here, the update of the authentication information base is performed on the authentication server, and the pre-authorization configuration response sent by the security access platform is a direct command of the authentication server to update the authentication information base, and the IP address of the security access platform can be used for the definition of the security access platform by the authentication server.
Example 3
Based on the embodiments 1 and 2, the present embodiment proposes that, for a terminal device that does not pass authentication and does not meet a pre-authorization condition, the terminal device is denied to access a remote site, and the security access platform stores an event that does not pass authentication and gives an alarm.
Example 4
As shown in fig. 3, this embodiment provides a system for securely accessing a terminal device of a remote station to an authentication and authorization, referring to fig. 3, the system includes:
each remote station 101 can provide an access point for a terminal device to be authenticated and authorized, which is pre-accessed to the remote station, and transmits authentication information a reported by the terminal device to the office number discharge platform 102 after the terminal device to be authenticated and authorized is powered on;
the local side number allocation platform 102 is in interactive communication with the plurality of remote sites 101, receives authentication information A transmitted by the remote sites 101 and then performs authentication, packages the authentication passing information into an authorization request when the authentication passes, transmits the authorization request to the authentication authorization server 103 of the power grid program control dispatching switch 10, and transmits information allowing terminal equipment to access to the remote sites 101 after receiving an authorization response of the authentication authorization server 103; when the authentication fails, reporting an authentication failing event containing the authentication information A and self running state information to the security access platform 104;
the power grid program control dispatching exchanger 10 is provided with an authentication authorization server 103, the authentication authorization server analyzes an authentication passing message in an authorization request and sends an authorization response to the local side number discharge platform, and the local side number discharge platform is authorized to determine whether terminal equipment is accessed or not;
the security access platform 104 determines a pre-authorization condition according to the running state information of the local side number-placing platform itself, and analyzes whether the authentication information a of the authentication non-passing event meets the pre-authorization condition.
When the authentication information a meets the pre-authorization condition, the secure access platform 104 sends a pre-authorization configuration response to the office number platform 102, the office number platform 102 forwards the pre-authorization configuration response to the remote site 101, and the terminal device becomes a pre-authorization device and automatically obtains access authorization.
In this embodiment, the authentication authorization server 103 is provided with an authentication information base, if the authentication information a meets the pre-authorization condition, the secure access platform 104 sends a pre-authorization configuration response to the office-side queuing platform 102, the office-side queuing platform 102 forwards the pre-authorization configuration response to the authentication authorization server 103 of the grid program-controlled dispatching switch 10 while forwarding the pre-authorization configuration response to the remote site, and the authentication authorization server 103 of the grid program-controlled dispatching switch 10 updates the authentication information base, and incorporates the hardware ID information in the authentication information a into the authentication information base.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. It need not be, and cannot be exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (10)
1. A method for authenticating and authorizing terminal equipment secure access of a remote site is characterized by comprising the following steps:
s1, powering on a terminal device to be authenticated and authorized, reporting authentication information A by the terminal device, transmitting the authentication information A to a local side number discharge platform by a remote station where the terminal device is located, and authenticating after receiving the authentication information A by the local side number discharge platform;
s2, if the authentication is passed, the local side number discharge platform packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of the power grid program control dispatching switch, and step S3 is executed; if the authentication fails, the local side number-placing platform reports the authentication failing event containing the authentication information A and the self running state information to the security access platform, and step S4 is executed;
s3, the authentication authorization server analyzes an authentication passing message in the authorization request and sends an authorization response to the local side number discharge platform, the local side number discharge platform determines whether the terminal equipment is accessed, and after receiving the authorization response, the local side number discharge platform sends information allowing the terminal equipment to be accessed to a remote station, and the terminal equipment is accessed;
s4, the security access platform determines a pre-authorization condition according to the self running state information of the local side number discharge platform, analyzes authentication information A of an event that the authentication does not pass, if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local side number discharge platform, the local side number discharge platform forwards the pre-authorization configuration response to a remote station, the terminal equipment becomes pre-authorization equipment, and access authorization is automatically obtained; and if the authentication information A does not meet the pre-authorization condition, rejecting the terminal equipment to access the remote site.
2. The method according to claim 1, wherein an authentication information base is provided on an authentication authorization server of the power grid program controlled dispatching switch, and step S1 further includes: the authentication authorization server of the power grid program control dispatching switch configures information required for authentication for the local side number discharge platform, wherein the information required for authentication comprises the following information: the equipment type information and hardware ID information of the terminal equipment in the authentication information base, and the authentication information A reported by the terminal equipment comprises: device type information and hardware ID information of the terminal device.
3. The method according to claim 2, wherein in step S2, when the authentication information a reported by the terminal device is completely consistent with the information required for authentication configured by the authentication authorization server of the grid program-controlled dispatching switch for the office number platform, that is, the device type information and the hardware ID information are both consistent, the authentication is passed, and otherwise, the authentication is not passed.
4. The method for authenticating and authorizing secure access to terminal equipment of a remote station as claimed in claim 2, wherein in step S4, the operation state information of the office number platform itself includes a channel interface idle state and a traffic load type idle state.
5. The method according to claim 4, wherein in step S4, if the device type of the terminal device in the authentication information a of the authentication failure event is consistent with the idle traffic load type of the office number platform and the office number platform has an idle channel interface, the authentication information a meets the pre-authorization condition and the terminal device becomes a pre-authorization device.
6. The method according to claim 5, wherein after the terminal device to be authenticated and authorized is powered on, the IP address of the secure access platform is manually or automatically configured, and the IP address of the secure access platform is transmitted to the office number discharge platform and transmitted from the office number discharge platform to the authentication and authorization server of the power grid program control dispatching switch;
if the authentication information A meets the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the local side number discharge platform, the local side number discharge platform forwards the pre-authorization configuration response to the remote station and forwards the pre-authorization configuration response to an authentication authorization server of the power grid program control dispatching switch, the authentication authorization server of the power grid program control dispatching switch updates an authentication information base, and hardware ID information in the authentication information A is brought into the authentication information base.
7. The method according to claim 1, wherein when the authentication information a does not satisfy the pre-authorization condition, the terminal device is denied access to the remote station, and the security access platform stores the authentication failure event and gives an alarm.
8. A terminal device security access authentication and authorization system of a remote station is characterized by comprising:
each remote station can provide an access point for pre-accessing a terminal device to be authenticated and authorized, and transmits authentication information A reported by the terminal device to a local terminal number discharge platform after the terminal device to be authenticated and authorized is powered on;
the local side number discharge platform is communicated with a plurality of remote stations, receives authentication information A transmitted by the remote stations and then performs authentication, packages the authentication passing information into an authorization request and transmits the authorization request to an authentication authorization server of the power grid program control dispatching switch when the authentication passes, and transmits information allowing terminal equipment to access to the remote stations after receiving an authorization response of the authentication authorization server, and the terminal equipment is accessed; when the authentication fails, reporting an authentication failing event containing authentication information A and self running state information to the security access platform;
the power grid program control dispatching switch is provided with an authentication authorization server, the authentication authorization server analyzes an authentication passing message in an authorization request and sends an authorization response to the local side number discharge platform, and the local side number discharge platform is authorized to determine whether the terminal equipment is accessed or not;
and the safety access platform determines a pre-authorization condition according to the self running state information of the local side number discharge platform and analyzes whether the authentication information A of the authentication non-passing event meets the pre-authorization condition.
9. The system according to claim 8, wherein when the authentication information a satisfies the pre-authorization condition, the security access platform sends a pre-authorization configuration response to the office number platform, and the office number platform forwards the pre-authorization configuration response to the remote station, so that the terminal device becomes a pre-authorization device and automatically obtains access authorization.
10. The system according to claim 9, wherein the certificate authority server is provided with a certificate information base, and if the certificate information a satisfies a pre-authorization condition, the secure access platform sends a pre-authorization configuration response to the office number platform, and the office number platform forwards the pre-authorization configuration response to the certificate authority server of the grid program control dispatching switch while forwarding the pre-authorization configuration response to the remote site, and the certificate authority server of the grid program control dispatching switch updates the certificate information base and incorporates hardware ID information in the certificate information a into the certificate information base.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210655680.5A CN115021936B (en) | 2022-06-10 | 2022-06-10 | Terminal equipment safety access authentication and authorization method and system of remote site |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210655680.5A CN115021936B (en) | 2022-06-10 | 2022-06-10 | Terminal equipment safety access authentication and authorization method and system of remote site |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115021936A true CN115021936A (en) | 2022-09-06 |
| CN115021936B CN115021936B (en) | 2023-10-27 |
Family
ID=83075853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210655680.5A Active CN115021936B (en) | 2022-06-10 | 2022-06-10 | Terminal equipment safety access authentication and authorization method and system of remote site |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115021936B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009055417A (en) * | 2007-08-28 | 2009-03-12 | Nec Infrontia Corp | Authentication system for authenticating radio terminal, authentication method thereof, and radio base station |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
| CN104486322A (en) * | 2014-12-10 | 2015-04-01 | 武汉光谷信息技术股份有限公司 | Terminal access authentication authorization method and terminal access authentication authorization system |
| WO2015090089A1 (en) * | 2013-12-18 | 2015-06-25 | 烽火通信科技股份有限公司 | Authentication and authorization system and method for management of communication network |
| CN105577757A (en) * | 2015-12-15 | 2016-05-11 | 国网智能电网研究院 | Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof |
| CN107623701A (en) * | 2017-10-31 | 2018-01-23 | 江苏神州信源系统工程有限公司 | A kind of fast and safely authentication method and device based on 802.1X |
| WO2018196329A1 (en) * | 2017-04-27 | 2018-11-01 | 中兴通讯股份有限公司 | Access device, authentication server, and method and system for controlling access of terminal device |
| CN111835689A (en) * | 2019-04-22 | 2020-10-27 | 华为技术有限公司 | Identity authentication method of digital key, terminal device and medium |
| WO2022011195A1 (en) * | 2020-07-10 | 2022-01-13 | Visa International Service Association | Engine for configuring authentication of access requests |
-
2022
- 2022-06-10 CN CN202210655680.5A patent/CN115021936B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009055417A (en) * | 2007-08-28 | 2009-03-12 | Nec Infrontia Corp | Authentication system for authenticating radio terminal, authentication method thereof, and radio base station |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
| CN103297968A (en) * | 2012-03-02 | 2013-09-11 | 华为技术有限公司 | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system |
| WO2015090089A1 (en) * | 2013-12-18 | 2015-06-25 | 烽火通信科技股份有限公司 | Authentication and authorization system and method for management of communication network |
| CN104486322A (en) * | 2014-12-10 | 2015-04-01 | 武汉光谷信息技术股份有限公司 | Terminal access authentication authorization method and terminal access authentication authorization system |
| CN105577757A (en) * | 2015-12-15 | 2016-05-11 | 国网智能电网研究院 | Multilevel management system of intelligent power terminals based on load balancing and authentication method thereof |
| WO2018196329A1 (en) * | 2017-04-27 | 2018-11-01 | 中兴通讯股份有限公司 | Access device, authentication server, and method and system for controlling access of terminal device |
| CN107623701A (en) * | 2017-10-31 | 2018-01-23 | 江苏神州信源系统工程有限公司 | A kind of fast and safely authentication method and device based on 802.1X |
| CN111835689A (en) * | 2019-04-22 | 2020-10-27 | 华为技术有限公司 | Identity authentication method of digital key, terminal device and medium |
| WO2022011195A1 (en) * | 2020-07-10 | 2022-01-13 | Visa International Service Association | Engine for configuring authentication of access requests |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115021936B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102097859B (en) | Power grid dispatching intelligentized and instruction informationized working platform | |
| CN110851278A (en) | Distribution network automation master station mobile application service management method and system based on micro-service architecture | |
| KR101815960B1 (en) | Intelligent system for managing facilities on based Internet of Things | |
| CN101026490A (en) | Device, system and method for realizing business distribution and synchronization | |
| CN103401905B (en) | Mobile application platform system for power grid scheduling based on mobile intelligent terminal | |
| CN104898435B (en) | Home services system and its fault handling method, household appliance, server | |
| CN110097196A (en) | A kind of intelligence operation management method and system | |
| CN112308246A (en) | Power failure notification method and system | |
| CN115549769A (en) | Satellite communication system bright and dense state switching method based on automatic control | |
| CN102736589A (en) | Intelligent building control system | |
| CN115021936A (en) | Terminal equipment safety access authentication authorization method and system of remote station | |
| CN103248485B (en) | A kind of electric power secondary system access control method based on safety label and system | |
| WO2002037880A1 (en) | Remote controlling system and method | |
| CN114222321B (en) | Access control system and method for wireless network | |
| CN115361273A (en) | Block chain-based electric power operation and maintenance safety supervision and emergency management and control system and method | |
| CN111343214A (en) | DCS cloud monitoring system and method | |
| KR20190109928A (en) | System for remotely managing elevator group | |
| CN210454843U (en) | Rail transit dispatching cooperation system and rail transit dispatching system | |
| CN113993111A (en) | Control management method of intelligent circuit breaker | |
| CN109067836B (en) | Power distribution information remote interactive communication system | |
| CN110749032B (en) | Operation control method and device, air conditioner and storage medium | |
| CN109768960B (en) | Method for safety authentication of data interaction between stable control devices and stable control device | |
| KR20110033385A (en) | Method for test protocol of wibro access system, and system therefor | |
| CN115242510B (en) | Comprehensive detection management system and equipment for future communities | |
| CN215072476U (en) | Server data interaction network safety system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |