A kind of remote maintenance authorization management method for automatic control intelligent equipment of oil gas pipeline
Technical field
The present invention relates to a kind of oil and gas pipes automatic control smart machine remote maintenance empowerment management technology.
Background technology
The maintenance issues of oil and gas pipes automatic control smart machine, in long distance pipeline Integrity Management, more and more comes into one's own.How built oil and gas pipes system equipment is safeguarded to be the most important thing.Existing long distance pipeline maintenance method mainly contains three kinds:
1) traditional artificial routine inspection mode
Shortcoming: A., because oil and gas pipes distribution is extensive, need to drop into a large amount of manpowers and patrol and examine, and patrol officer must be all experienced technical staff, and maintenance cost is high, and personnel are limited; B. most pipeline distributing position remote, be located in uncultivatedly, people is very difficult for patrolling and examining.
2) directly access existing regulated and control network and carry out remote maintenance
The existing regulated and control network of shortcoming: A. is the special monitor network of regulation and control Petroleum Production and operation, and the data of its collection and statistics are mainly Petroleum Production and operation service, have very high professional and specific aim.The data deficiencies of coming from regulation and control SCADA system forwards merely for service engineer with in-service monitoring, differentiate the running status of relevant devices or subsystem, also lack the unified platform and support increasing smart machine is carried out to remote maintenance operation; B. do not meet the international trend that management and control separates, the mode of management and control unification has reduced the safe class of original regulated and control network, has increased the unsafe factor of original regulated and control network.
3) set up the two cover network systems, be respectively used to regulation and control and safeguard
Shortcoming: A. two cover system investments are huge, need to use large number quipments, the up to ten million U.S. dollars of cost; B. repeat networking, waste resource.
For the problems referred to above, the remote monitoring of petroleum industry long distance pipeline and the remote maintenance system based on the industrial Internet of Things that in long distance pipeline management control technique field, have occurred a new generation, have the features such as networking cost is low, the networking cycle is short, independent maintenance, maintenance cost is low, maintenance effects is good.By far tieing up, terminal system is far tieed up in main station system, substation to system, the internet networking system that connects main website and substation forms.This system is by industrial internet of things networking technological means, by the exclusive network system of all kinds of automatic intelligent equipment composition safety spreading all over the world.System user can pass through in system Yuan Wei main website, system internet node outside any node, system, adopts escape way browing system equipment running status, faulty equipment is safeguarded.By this project implementation, greatly reduce service engineer to on-the-spot number of times, traffic mileage and the artificial recondition expense of patrolling and examining, for oil-gas pipeline safety and economic operation, improve energy-saving and cost-reducing level, improve environment and raise labour productivity, make best decision etc. total solution and technological means are provided.
For oil and gas pipes system, the safety of its automatic control smart machine is equally very important, in remote maintenance, need to prevent lawless person and hacker's attack, carry out the empowerment management of remote maintenance, identity to attendant authenticates, and different attendants is carried out to corresponding authorization.Password formula identity identifying method application popularization in existing remote maintenance system, the direct Telnet smart machine of attendant, carries user name and password and carries out authentication.Under which, the safety guarantee of the remote maintenance operation maintained target device that places one's entire reliance upon, that is: the verification process of attended operation self is completed by accessed target device, multiple maintained target devices and user by network form one disperse certification without management and unmanageable system.Adopt the system safety coefficient of which lower, be not suitable for the oil and gas pipes automatic control smart machine remote maintenance system higher to safety requirements.
Summary of the invention
The technical problem that the present invention mainly solves is to provide a kind of remote maintenance authorization management method for automatic control intelligent equipment of oil gas pipeline, guarantee under nothing checking authorization conditions, attendant cannot be connected to the smart machine of station voluntarily, and the fail safe of smart machine in remote maintenance process is protected.
In order to solve the problems of the technologies described above, the invention provides a kind of remote maintenance authorization management method for automatic control intelligent equipment of oil gas pipeline, oil and gas pipes remote maintenance system comprises a main website, each substation under main website administration, described main website comprises an empowerment management server, each described substation comprises an Authorization execution equipment, and remote unit is connected with each automatic control smart machine of affiliated substation, and the method includes the steps of:
A client is carried username and password and is initiated to log in request to main website empowerment management server;
Described in B, main website empowerment management server is verified described username and password, and returns to the result to described client;
If the verification passes, described client sends to set up to described empowerment management server safeguards interface channel request to C, in this request, carry that target device to be safeguarded indicates and this target device under substation indicate;
Described in D, described in the server authentication of main website empowerment management, whether client has the authority of the target device of safeguarding intended target substation, and returns to the result to described client; Described intended target substation is that described foundation safeguards that the substation of carrying in interface channel request indicates specified target substation;
If verifying described client, E has described authority, described main website empowerment management server connects and authorizes to the Authorization execution device request of described target substation, described target substation Authorization execution equipment is set up the tunnel between target device, and to described main website empowerment management server return authorization information;
Described in F, described authorization message is sent to described client by main website empowerment management server;
Described in G, client is according to the Authorization execution equipment of this authorization message linking objective substation, and the tunnel of setting up by this Authorization execution equipment carries out remote maintenance to described target device.
As the improvement of technique scheme, the authorization message that described substation Authorization execution equipment returns at least comprises: licencing key, operating right and the tunnel T that holds time.
As the improvement of technique scheme, described client carries out described target device by described tunnel, in the process of remote maintenance, comprising following steps:
Described main website empowerment management server is monitored described tunnel, holds time in T at described passage, refuses other clients described target device is initiated to set up the interface channel request of safeguarding.
As the improvement of technique scheme, described client carries out described target device by described tunnel, in the process of remote maintenance, comprising following steps:
Described main website empowerment management server is monitored described tunnel, holds time after T reaching described passage, indicates tunnel described in the Authorization execution device shutdown of described target substation.
As the improvement of technique scheme, described client carries out described target device by described tunnel, in the process of remote maintenance, comprising following steps:
Described main website empowerment management server is monitored the attended operation of described client, forbids the attended operation outside this client operation authority.
As the improvement of technique scheme, if reaching passage at described tunnel holds time before T, described client does not complete the maintenance of target device, when described client is continuous to main website remote server application, after described continuous time application is passed through, described main website remote server indicates described target substation Authorization execution equipment to keep described tunnel.
As the improvement of technique scheme, on described main website empowerment management server, dispose in Preset Time number of times when client application is continuous and application by the time value Δ T of rear prolongation, when described main website empowerment management server is processed described client continuous according to described configuration information, apply for.
Embodiment of the present invention compared with prior art, the main distinction and effect thereof are: being connected between the Authorization execution equipment of target substation and smart machine is hidden, attendant cannot be directly connected to Intelligent target equipment by client, need carry out after the checking of identity and authority it by main website empowerment management server, under the control of empowerment management server, target Authorization execution equipment and target device are set up virtual link, and by empowerment management server, associated authorization information is fed back to client, client relies on this authorization message to be connected to target Authorization execution equipment, use its tunnel to carry out remote maintenance to target device, thereby guarantee under nothing checking authorization conditions, client cannot be connected to the smart machine of station voluntarily, the fail safe of smart machine in remote maintenance process is protected.
Brief description of the drawings
Fig. 1 is the present invention's one preferred embodiments remote maintenance authorization management method for automatic control intelligent equipment of oil gas pipeline flow chart.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiments of the present invention are described in further detail.
The present invention's one preferred embodiments relates to a kind of remote maintenance authorization management method for automatic control intelligent equipment of oil gas pipeline.Oil and gas pipes remote maintenance system comprises a main website, each substation (station) under main website administration, main website comprises an empowerment management server, and each station comprises an Authorization execution equipment, and station Authorization execution equipment is connected with each automatic control smart machine (IED) of this station.
In oil and gas pipes automatic control smart machine remote maintenance system, the situation that attendant carries out remote maintenance generally comprises following several:
● attendant is at corporate HQ's attended operation equipment of each station completely.
● attendant enters attended operation each station equipment completely after company's Intranet by VPN mode.
● attendant administers station equipment at gas transmission place (regional management unit) attended operation.
● the outer personnel of committee carry out attended operation in telnet station in addition in company after authorizing.
In embodiment of the present invention, attendant need log in the empowerment management server of master station, under the control of empowerment management server, sets up and safeguards interface channel, realizes the remote maintenance of automatic control smart machine, and idiographic flow as shown in Figure 1.
In step 101, attendant, in the time need to safeguarding the automatic control smart machine of oil and gas pipes, initiates to log in request to master station's empowerment management server by client, carries the username and password of self in this request.Wherein username and password is the authority combination of client login empowerment management server, is stored in the authority storehouse of empowerment management server.
In step 102, empowerment management server is verified the username and password of client, if the verification passes, enters step 103, returns to client the information of logining successfully; If checking is not passed through, return to login failure information to client.
Client enters step 104 after logging in successfully, and client sends and sets up the request of safeguarding interface channel to empowerment management server, carries and need the target station at the target device of maintenance sign and this target device place to indicate in request.
In the authority storehouse of empowerment management server, preserve equipment and operating right that each user name or client ip allow access.
In step 105, empowerment management server is verified this user name and client ip address, if verify this user name and client ip have this target station target device safeguard authority, enter step 106, empowerment management server connects and authorizes to the Authorization execution device request of this target station, then enters step 107.If checking does not have authority, return and represent that it is without the information of safeguarding authority to this client.
In step 107, station Authorization execution equipment is set up the tunnel between this Authorization execution equipment and target device, comprise distribution temporary IP, set up dynamic routing, distribute interim I/O port etc., and to empowerment management server return authorization information (step 108).This authorization message can comprise the T etc. that holds time of licencing key, authority and this passage.It should be noted that, in the present embodiment, between each smart machine (IED) in Authorization execution equipment and this station of station, can be fixedly connected with, there is fixing IP and route, but in the time setting up remote maintenance channels, by setting up tunnel, distribute temporary IP and set up the operations such as dynamic routing, avoid client to obtain the information such as the fixing IP of Authorization execution equipment and smart machine, to improve the fail safe of station Authorization execution equipment and smart machine.
In step 109, authorized application object information (comprising authorization message) is sent to client by main website empowerment management server.
In step 110, client, according to the authorization message of receiving, logs on the Authorization execution equipment of target station, connects the tunnel of Authorization execution equipment.So far, between client and target device, successfully set up and safeguarded interface channel, client can be safeguarded the target device of this target station, and after maintenance finishes, disconnect this and safeguard interface channel.
In the present embodiment visible, being connected between the Authorization execution equipment of target substation and smart machine is hidden, attendant cannot be directly connected to Intelligent target equipment by client, need carry out after the checking of identity and authority it by main website empowerment management server, under the control of empowerment management server, target Authorization execution equipment and target device are set up virtual link, and by empowerment management server, associated authorization information is fed back to client, client relies on this authorization message to be connected to target Authorization execution equipment, use its tunnel to carry out remote maintenance to target device, thereby guarantee under nothing checking authorization conditions, client cannot be connected to the smart machine of station voluntarily, the fail safe of smart machine in remote maintenance process is protected.
Certainly, carry out attendant for the direct-connected Authorization execution equipment of the netting twine in station, and the dialing of outer committee enters the personnel of maintenance, they also can be without being connected to empowerment management server, but must be in advance apply for licencing key, authority and the passage T that holds time to system manager.Accepting licencing key, authority and passage at empowerment management server notification Authorization execution equipment holds time after T, the tunnel that this two class attendant can start to login Authorization execution equipment, connect Authorization execution equipment, after success, can carry out attended operation, to guarantee the fail safe of smart machine in remote maintenance process.
After safeguarding that interface channel is set up, in the process that client is safeguarded target device, main website empowerment management server is monitored this maintenance process.Comprise: guarantee the exclusivity of this passage, within the effective time of passage, forbid that other attendants connect this target device; Monitor the attended operation of this client of safeguarding, only allow the attended operation in its extent of competence; Monitor the settling time of this tunnel, reach holding time when T of this passage in the time, close this tunnel.By the monitoring of master station, further ensure the fail safe of smart machine in remote maintenance process.
After client completes the maintenance of target device or the passage of full maintenance authority hold time after T finishes, Authorization execution equipment will be closed when with tunnel, and wait for that application next time sets up.Meanwhile, logout is entered database by empowerment management server, deposits used licencing key and authority in " abandoning " list.This mode can effectively prevent from illegally using after interim mandate is stolen.If before maintenance channel reaches time T, attendant does not complete the maintenance of target device, and when attendant can continue by client software, application, can not interrupt tunnel when continuous.But Preset Time is as in 24 hours, same user name can be applied for number of times when continuous, the Δ T size that can extend at every turn, is conditional, can on empowerment management server, be configured.
In sum, the empowerment management of embodiment of the present invention comprises the mandate of the target device of the mandate of interface channel, maintenance, the mandate of attended operation content, and the Trinity, at utmost promotes the fail safe of smart machine in remote maintenance process.
Although pass through with reference to some of the preferred embodiment of the invention, the present invention is illustrated and described, but those of ordinary skill in the art should be understood that and can do various changes to it in the form and details, and without departing from the spirit and scope of the present invention.