CN102413144A - Secure access system for C/S architecture service and related access method - Google Patents
Secure access system for C/S architecture service and related access method Download PDFInfo
- Publication number
- CN102413144A CN102413144A CN2011103988300A CN201110398830A CN102413144A CN 102413144 A CN102413144 A CN 102413144A CN 2011103988300 A CN2011103988300 A CN 2011103988300A CN 201110398830 A CN201110398830 A CN 201110398830A CN 102413144 A CN102413144 A CN 102413144A
- Authority
- CN
- China
- Prior art keywords
- data
- service
- authentication
- terminal
- access unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a secure access system for C/S architecture service and a related access method. The service system and secure access system comprise a remote service terminal. The secure access system comprises a secure access gateway server, a terminal secure access unit and a service server which are sequentially connected with each other. The method comprises steps as follows: identity authentication, negotiation of keys for one-way authentication and data transmission protection, symmetric authentication, challenge-response protocol based on PKI (public-key infrastructure) system, and secure data transmission between the remote service terminal and the service server. The secure access system for C/S architecture service and the related access method provided by the invention solve the problem that the service server and remote service terminal can not verify identification each other, and the problem that the transmitted data can be thieved or tampered.
Description
Technical field
The invention belongs to field of Internet communication, specifically relate to a kind of C/S of being used for framework service security connecting system and relevant cut-in method.
Background technology
Along with the continuous development of network and informationization technology, use the mutual application scope of application of RTU and application server more and more wider in the every profession and trade, like the remote data transmission of industry observing and controlling class industrial equipments such as electric power, water conservancy, oil etc.
But at present, there is not a product to RTU secure access application server.In existing C/S pattern; Service server can't be by effective discriminating to the identity of RTU; Be prone to defrauded of confidence by illegal terminal; The data transmission security of application server and teleaction service terminal room ensures that not be prone to be stolen and distort, these all will cause a large amount of losses to the enterprises and individuals.
Summary of the invention
For overcoming above-mentioned defective, the invention provides a kind of C/S of being used for framework service security connecting system and relevant cut-in method, the data transmission security that can solve service server and teleaction service terminal room does not ensure, is prone to the problem that is stolen and distorts.
For realizing above-mentioned purpose, the present invention provides a kind of C/S of being used for framework service security connecting system, and it comprises: safe access gateway server and terminal security access unit; Its improvements are, serial connection access security connecting system between original service server and teleaction service terminal equipment.
Safe access gateway server among the present invention comprises authentication module 1, data encrypting and deciphering module 1, access control module, access monitor module and data forwarding module; In the key agreement stage; Said safe access gateway server receives the data that come from said terminal security access unit; Carry out the identity discriminated union through 1 pair of terminal security access unit of said authentication module and consult the key to the transfer of data protection, consulting successfully, the back gets into the service communication stage; In the service communication stage; Mail to the data of service server for service terminal; Said safe access gateway receives the data that said terminal security access unit sends; Decipher through 1 pair of data of said data encrypting and deciphering module, said data forwarding module will be deciphered the back data according to said access control module to the result of determination of teleaction service terminal access authority and give said service server; In the service communication stage; Mail to the data at teleaction service terminal for service server; Said safe access gateway receives the data that said service server sends; Encrypt through 1 pair of communication data of said data encrypting and deciphering module, said data forwarding module is given said terminal security access unit with data encrypted; Said access monitor module is kept watch on the access state of the terminal security access unit of in the safe access gateway server, registering.
Terminal security access unit among the present invention comprises: authentication module 2, data encrypting and deciphering module 2 and data transmission module; In the key agreement stage, said terminal security access unit carries out authentication and arranging key through said authentication module 1 with said safe access gateway server, and consulting successfully, the back gets into the service communication stage; In the service communication stage; Mail to the data of service server for the teleaction service terminal; Said safe access unit receives the data that send at the teleaction service terminal; Encrypt through 2 pairs of data of said data encrypting and deciphering module, said data transmission module is transferred to said safe access gateway server with data encrypted; In the service communication stage; Mail to the data at teleaction service terminal for service server; The terminal security access unit receives the data that safe access gateway sends; Decipher through 2 pairs of data of said data encrypting and deciphering module, the transfer of data after said data transmission module will be deciphered is given said teleaction service terminal.
Said safe access gateway among the present invention and the support of terminal security access unit are based on the authentication mode of certificate with based on the authentication mode that presets public private key pair.
The present invention also provides a kind of safety access method of the C/S of being used for framework service security connecting system; The mode of operation of this method is divided into authentication stage, service communication stage and symmetrical authentication phase; Its improvements are that safety access method comprises the steps:
1). the terminal security access unit at first gets into the authentication stage, and in the authentication stage, the terminal security access unit is initiated authentication to the safe access gateway server;
2). in the authentication stage, the agreement based on the challenge-response of PKI system is used in authentication;
3). in the authentication stage, consult to be used for the symmetric key of transfer of data protection, complete successfully the back and get into the service communication stage;
4). in the service communication stage; Receive the data at teleaction service terminal when the terminal security access unit after; Data are encrypted, then enciphered data is sent to the safe access gateway server, after the safe access gateway server receives the data that come from the terminal security access unit; Data are deciphered, and be transmitted to service server;
5). in the service communication stage, the safe access gateway server is encrypted data after getting access to the service server data, is transmitted to the terminal security access unit then; The terminal security access unit will be deciphered data after will receiving and coming from the safe access gateway server data, and be transmitted to the teleaction service terminal;
6). when the terminal security access unit is communicated by letter provisional interruption or data generation encryption and decryption mistake with safe access gateway, get into symmetrical authentication phase, in symmetrical authentication phase, the terminal security access unit is initiated authentication to the safe access gateway server;
7). in symmetrical authentication phase, the agreement based on the challenge-response of PKI system is used in authentication, gets into the service communication stage after accomplishing;
8). accomplish threshold values and get into the authentication stage again after the time reaching symmetrical authentification failure threshold values or arrive asymmetric authentication; Wherein, symmetrical authentification failure threshold values and the asymmetric authentication completion threshold values time can be provided with in safe access gateway.
With the prior art ratio, a kind of C/S framework service security connecting system and relevant cut-in method of being used for provided by the invention can be applied to use Ethernet interface communication, connect all kinds of terminal equipments of GPRS module communication etc. through serial ports; The bidirectional identification that has solved service server and teleaction service terminal room is differentiated problem; Confirm the other side's identity mutually through authentication assurance communicating pair; Gain the trust of service server by cheating to prevent illegal RTU; Thereby information or the illegal service server of stealing and distort application server are controlled the teleaction service terminal, carry out the problem of malicious sabotage; Solved safety of data problem between teleaction service terminal and service server; After authentication, to system data encrypt, integrity protection, thereby guarantee that data are not stolen and distort; And change under the prerequisite that disposes with few in the system architecture that does not change original system, the protection of " transparent " is provided; Safety access system is supported multiple cryptographic algorithm adapted; Simultaneously, can keep watch on the access situation of the terminal security access unit in gateway, registered through safe access gateway.
Description of drawings
Fig. 1 is the application structure sketch map that is used for C/S framework service security connecting system.
Fig. 2 is the flow chart of safety access method.
Embodiment
As shown in Figure 1, deployment secure connecting system between teleaction service terminal and service server, the identity between teleaction service terminal and the service server and all business datums are carried out identity discriminating and transmission protection through this system.
In first aspect of the present invention, provide a kind of C/S of being used for framework the professional system that is applicable to the various RTU fail safes of enhancing.The safe access gateway server is used for the authentication terminal equipment identities, cooperates terminal equipment, make it and service server between the transmission data of safety; The terminal security access unit is used to expand RTU authentication ability and safe transmission ability.
Wherein, The terminal security access unit can be respectively the equipment through Ethernet interface, RS232 serial ports or optical fiber interface receiving remote service terminal data; Built in hardware AES chip, the terminal security access unit carries out authentication and arranging key through authentication module and safe access gateway server; Carry out the encryption and decryption and the forwarding of data through data encrypting and deciphering module and transport module after consulting successfully, realize the safety function of teleaction service end side safety access system.
The safe access gateway server can be the server of Dual-Ethernet interface; Can realize cryptographic algorithm through the built in hardware encrypted card, the safe access gateway server carries out the identity discriminated union through authentication module to the terminal security access unit and consults the key to the transfer of data protection; Carry out the encryption and decryption and the forwarding of data through data encrypting and deciphering module and data transmission module after consulting successfully; Simultaneously, the safe access gateway server can be kept watch on the access state of registered terminal security access unit, realizes the safety function of service server side safety access system.
The terminal security access unit can be supported to realize that through Ethernet interface, RS232 serial ports, optical fiber interface all kinds of terminal equipments of tcp/ip communication connect; The support of safe access gateway server is connected with service server through routing mode.The safety access system that is made up of safe access gateway server and terminal security access unit can be serially connected with between service server and the teleaction service terminal; The system architecture that does not change original system with and few prerequisite that changes configuration under, the protection of " transparent " is provided.
As shown in Figure 2, a kind of safety access method of the C/S of being used for framework service security connecting system has been proposed, comprise that step is following:
1). the terminal security access unit at first gets into the authentication stage, and in the authentication stage, the terminal security access unit is initiated authentication to the safe access gateway server;
2). in the authentication stage, the agreement based on the challenge-response of PKI system is used in authentication;
3). in the authentication stage, consult to be used for the symmetric key of transfer of data protection, complete successfully the back and get into the service communication stage;
4). in the service communication stage; Receive the data at teleaction service terminal when the terminal security access unit after; Data are encrypted, then enciphered data is sent to the safe access gateway server, after the safe access gateway server receives the data that come from the terminal security access unit; Data are deciphered, and be transmitted to service server;
5). in the service communication stage, the safe access gateway server is encrypted data after getting access to the service server data, is transmitted to the terminal security access unit then; The terminal security access unit will be deciphered data after will receiving and coming from the safe access gateway server data, and be transmitted to the teleaction service terminal.
6). when the terminal security access unit is communicated by letter provisional interruption or data generation encryption and decryption mistake with safe access gateway, get into symmetrical authentication phase, in symmetrical authentication phase, the terminal security access unit is initiated authentication to the safe access gateway server.
7). in symmetrical authentication phase, the agreement based on the challenge-response of PKI system is used in authentication, gets into the service communication stage after accomplishing;
8). reaching symmetrical authentification failure threshold values or arrive asymmetric authentication completion threshold values after the time (symmetrical authentification failure threshold values and asymmetric authentication completion threshold values time can be provided with) in safe access gateway, get into the authentication stage again.
9) in whole process, safe access gateway can be kept watch on the access state of registered terminals safety access unit, and writes down detailed audit information and be used for inquiring about afterwards.
The concrete steps of said safety access method are following:
1. authentication, identification authentication mode has dual mode:
PKI authentication mode based on certificate;
Based on the PKI authentication mode that presets public private key pair;
PKI authentication mode step based on certificate:
1) terminal security access unit A sends authentication request clientHello message to the safe access gateway server B, has comprised the authentication mode of A, the algorithm of A support and the random number challenge that A produces in the clientHello message;
2) B confirms algorithm after receiving the clientHello message of A; The random number challenge that A is produced is signed and is replied; And produce a random number challenge and reply together with signature and form serverHello message and send to A, B sends to A with the certificate of oneself simultaneously;
3) after A receives the certificate and serverHello message of B, comprise following sub-process:
A) certificate of B is verified;
B) from the certificate that checking is passed through, extracting PKI verifies the signature value of random number;
C) random number of using private key that B is produced is signed and is replied;
D) produce a symmetric key, and key is carried out encipherment protection with the PKI of B;
E) signature is replied and receive the key of B PKI protection to form ClientKeyExchange message to send to B, A sends to B with the certificate of oneself simultaneously;
4) after B receives the certificate and ClientKeyExchange message of A, comprise following sub-process:
A) certificate of A is verified;
B) from the certificate that checking is passed through, extracting PKI verifies the signature value of random number;
C) after the success of certifying signature value, use private key that the key that A produces is deciphered;
D) at last the Finish message of authentication success is sent to A;
Based on the PKI authentication mode step that presets public private key pair:
1) terminal security access unit A sends authentication request clientHello message to the safe access gateway server B, has comprised the authentication mode of A, the algorithm of A support and the random number challenge that A produces in the clientHello message;
2) B confirms algorithm after receiving the clientHello message of A, and the random number challenge that A is produced is signed and replied, and produces a random number challenge and reply together with signature and form serverHello message and send to A;
3) after A receives the certificate and serverHello message of B, comprise following sub-process:
A) from the certificate that presets B, extracting PKI verifies the signature value of random number;
B) random number of using private key that B is produced is signed and is replied;
C) produce a symmetric key, and key is carried out encipherment protection with the PKI of B;
D) signature is replied and receive the key of B PKI protection to form ClientKeyExchange message to send to B, A will own preset the pairing ID value of PKI mode and give A in B simultaneously;
4) after B receives the certificate and ClientKeyExchange message of A, comprise following sub-process:
The ID value of a) sending according to A is taken out A and is preset at the PKI among the B;
B) after the success of taking-up PKI, the signature value of random number is verified with this PKI;
C) after the success of certifying signature value, use private key that the key that A produces is deciphered;
D) at last the Finish message of authentication success is sent to A;
5) after the asymmetric authentication of completion, terminal security access unit and safe access gateway send change_cipher_spec message each other, notify the other side to carry out encrypting and decrypting with the key of consulting.Then, initiate the agent way negotiation message by terminal security access unit A to the safe access gateway server B, B confirms agent way and replys A after receiving message.
2. unidirectional authentication
1), the terminal security access unit gets into symmetrical authentication phase when communicating by letter provisional interruption or data generation encryption and decryption mistake with safe access gateway; In symmetrical authentication phase; The terminal security access unit is initiated authentication to the safe access gateway server, and authentication adopts the mode of using the symmetric key of being consulted in the above-mentioned steps to do the MAC computing to carry out.
2) after the symmetrical authentication of completion, terminal security access unit and safe access gateway send change_cipher_spec message each other, notify the other side to carry out encrypting and decrypting with the key of consulting.Then, initiate the agent way negotiation message by terminal security access unit A to the safe access gateway server B, B confirms agent way and replys A after receiving message.
3. service communication
After the mode of agency is consulted success; Terminal security access unit A receives the application data of teleaction service terminal C; With being transmitted to the safe access gateway server B after the data encryption, after B receives the data that come from A, with data decryption and be transmitted to service server S.B gets access to the data of S, with being transmitted to A after the data encryption, after A receives the data that come from B, with data decryption and be transmitted to C.
The invention solves the secure access problem between client and server under the business model of using the C/S framework, mainly contain following advantage:
1) solved the bidirectional identity authentication problem of client and server.Confirm the other side's identity mutually through authentication teleaction service terminal and application server, to have prevented that side's identity from being falsely used.
2) solved Information Security problem between teleaction service terminal equipment and service server.Business datum through safety access system is all protected through confidentiality and integrity, thereby the assurance data are not monitored and distorted.
3) kept the system architecture of original operation system.The safety access system that safe access gateway server and terminal security access unit constitute can be serially connected with between service server and the client, changes under the prerequisite that disposes with few in the system architecture that does not change original system, and the protection of " transparent " is provided.
What need statement is that content of the present invention and embodiment are intended to prove the practical application of technical scheme provided by the present invention, should not be construed as the qualification to protection range of the present invention.Those skilled in the art can do various modifications, be equal to replacement or improvement under spirit of the present invention and principle inspiration.But these changes or modification are all in the protection range that application is awaited the reply.
Claims (5)
1. one kind is used for C/S framework service security connecting system, and it comprises: safe access gateway server and terminal security access unit; It is characterized in that, service server, said safety access system, said teleaction service terminal equipment connects successively.
2. safety access system according to claim 1 is characterized in that, said safe access gateway server comprises authentication module 1, data encrypting and deciphering module 1, access control module, access monitor module and data forwarding module; In the key agreement stage; Said safe access gateway server receives the data that come from said terminal security access unit; Carry out the identity discriminated union through 1 pair of terminal security access unit of said authentication module and consult the key to the transfer of data protection, consulting successfully, the back gets into the service communication stage; In the service communication stage; Mail to the data of service server for service terminal; Said safe access gateway receives the data that said terminal security access unit sends; Decipher through 1 pair of data of said data encrypting and deciphering module, said data forwarding module will be deciphered the back data according to said access control module to the result of determination of teleaction service terminal access authority and give said service server; In the service communication stage; Mail to the data at teleaction service terminal for service server; Said safe access gateway receives the data that said service server sends; Encrypt through 1 pair of communication data of said data encrypting and deciphering module, said data forwarding module is given said terminal security access unit with data encrypted; Said access monitor module is kept watch on the access state of the terminal security access unit of in the safe access gateway server, registering.
3. safety access system according to claim 1 is characterized in that, said terminal security access unit comprises: authentication module 2, data encrypting and deciphering module 2 and data transmission module; In the key agreement stage, said terminal security access unit carries out authentication and arranging key through said authentication module 1 with said safe access gateway server, and consulting successfully, the back gets into the service communication stage; In the service communication stage; Mail to the data of service server for the teleaction service terminal; Said safe access unit receives the data that send at the teleaction service terminal; Encrypt through 2 pairs of data of said data encrypting and deciphering module, said data transmission module is transferred to said safe access gateway server with data encrypted; In the service communication stage; Mail to the data at teleaction service terminal for service server; The terminal security access unit receives the data that safe access gateway sends; Decipher through 2 pairs of data of said data encrypting and deciphering module, the transfer of data after said data transmission module will be deciphered is given said teleaction service terminal.
4. according to the described safety access system of claim 1-3, it is characterized in that said safe access gateway and the support of terminal security access unit are based on the authentication mode of certificate with based on the authentication mode that presets public private key pair.
5. according to each described safety access method that is used for C/S framework service security connecting system of 1-4 item claim, it is characterized in that said safety access method comprises the steps:
1). the terminal security access unit at first gets into the authentication stage, and in the authentication stage, the terminal security access unit is initiated authentication to the safe access gateway server;
2). in the authentication stage, the agreement based on the challenge-response of PKI system is used in authentication;
3). in the authentication stage, consult to be used for the symmetric key of transfer of data protection, complete successfully the back and get into the service communication stage;
4). in the service communication stage; Receive the data at teleaction service terminal when the terminal security access unit after; Data are encrypted, then enciphered data is sent to the safe access gateway server, after the safe access gateway server receives the data that come from the terminal security access unit; Data are deciphered, and be transmitted to service server;
5). in the service communication stage, the safe access gateway server is encrypted data after getting access to the service server data, is transmitted to the terminal security access unit then; The terminal security access unit will be deciphered data after will receiving and coming from the safe access gateway server data, and be transmitted to the teleaction service terminal;
6). when the terminal security access unit is communicated by letter provisional interruption or data generation encryption and decryption mistake with safe access gateway, get into symmetrical authentication phase, in symmetrical authentication phase, the terminal security access unit is initiated authentication to the safe access gateway server;
7). in symmetrical authentication phase, the agreement based on the challenge-response of PKI system is used in authentication, gets into the service communication stage after accomplishing;
8). accomplish threshold values and get into the authentication stage again after the time reaching symmetrical authentification failure threshold values or arrive asymmetric authentication; Wherein, symmetrical authentification failure threshold values and the asymmetric authentication completion threshold values time can be provided with in safe access gateway.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110398830.0A CN102413144B (en) | 2011-12-05 | 2011-12-05 | A kind of safety access system for C/S framework business and relevant cut-in method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110398830.0A CN102413144B (en) | 2011-12-05 | 2011-12-05 | A kind of safety access system for C/S framework business and relevant cut-in method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102413144A true CN102413144A (en) | 2012-04-11 |
| CN102413144B CN102413144B (en) | 2015-08-05 |
Family
ID=45914994
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110398830.0A Active CN102413144B (en) | 2011-12-05 | 2011-12-05 | A kind of safety access system for C/S framework business and relevant cut-in method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102413144B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796397A (en) * | 2015-01-08 | 2015-07-22 | 北京思普崚技术有限公司 | Data encrypting sending method |
| CN105516210A (en) * | 2016-02-05 | 2016-04-20 | 山东信通电子股份有限公司 | System and method for terminal security access authentication |
| CN106411962A (en) * | 2016-12-15 | 2017-02-15 | 中国科学技术大学 | Data storage method combining user side access control and cloud access control |
| CN109688115A (en) * | 2018-12-11 | 2019-04-26 | 北京数盾信息科技有限公司 | A kind of data safe transmission system |
| CN112229438A (en) * | 2020-08-31 | 2021-01-15 | 深圳技术大学 | Natural ecological credible monitoring system and method |
| CN114928491A (en) * | 2022-05-20 | 2022-08-19 | 国网江苏省电力有限公司信息通信分公司 | Internet of things security authentication method, device and system based on identification cryptographic algorithm |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1924047A1 (en) * | 2006-11-15 | 2008-05-21 | Research In Motion Limited | Client credential based secure session authentication method and apparatus |
| CN101369995A (en) * | 2008-05-30 | 2009-02-18 | 国网南京自动化研究院 | Dial-up gateway based on security credible connection technology |
| CN101765057A (en) * | 2008-12-25 | 2010-06-30 | 上海贝尔阿尔卡特股份有限公司 | Method, equipment and system for providing multicast service to WiFi access terminal |
| CN101778099A (en) * | 2009-12-31 | 2010-07-14 | 郑州信大捷安信息技术有限公司 | Architecture accessing trusted network for tolerating untrusted components and access method thereof |
| CN102075522A (en) * | 2010-12-22 | 2011-05-25 | 北京航空航天大学 | Secure certification and transaction method with combination of digital certificate and one-time password |
| CN102223364A (en) * | 2011-05-09 | 2011-10-19 | 飞天诚信科技股份有限公司 | Method and system for accessing e-book data |
-
2011
- 2011-12-05 CN CN201110398830.0A patent/CN102413144B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1924047A1 (en) * | 2006-11-15 | 2008-05-21 | Research In Motion Limited | Client credential based secure session authentication method and apparatus |
| CN101183942A (en) * | 2006-11-15 | 2008-05-21 | 捷讯研究有限公司 | Client credential based secure session authentication method and apparatus |
| CN101369995A (en) * | 2008-05-30 | 2009-02-18 | 国网南京自动化研究院 | Dial-up gateway based on security credible connection technology |
| CN101765057A (en) * | 2008-12-25 | 2010-06-30 | 上海贝尔阿尔卡特股份有限公司 | Method, equipment and system for providing multicast service to WiFi access terminal |
| CN101778099A (en) * | 2009-12-31 | 2010-07-14 | 郑州信大捷安信息技术有限公司 | Architecture accessing trusted network for tolerating untrusted components and access method thereof |
| CN102075522A (en) * | 2010-12-22 | 2011-05-25 | 北京航空航天大学 | Secure certification and transaction method with combination of digital certificate and one-time password |
| CN102223364A (en) * | 2011-05-09 | 2011-10-19 | 飞天诚信科技股份有限公司 | Method and system for accessing e-book data |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796397A (en) * | 2015-01-08 | 2015-07-22 | 北京思普崚技术有限公司 | Data encrypting sending method |
| CN104796397B (en) * | 2015-01-08 | 2017-09-19 | 北京思普崚技术有限公司 | A kind of method that data encryption is sent |
| CN105516210A (en) * | 2016-02-05 | 2016-04-20 | 山东信通电子股份有限公司 | System and method for terminal security access authentication |
| CN105516210B (en) * | 2016-02-05 | 2018-08-21 | 山东信通电子股份有限公司 | The system and method for terminal security access authentication |
| CN106411962A (en) * | 2016-12-15 | 2017-02-15 | 中国科学技术大学 | Data storage method combining user side access control and cloud access control |
| CN106411962B (en) * | 2016-12-15 | 2019-08-27 | 中国科学技术大学 | A kind of date storage method of combination user side access control and cloud access control |
| CN109688115A (en) * | 2018-12-11 | 2019-04-26 | 北京数盾信息科技有限公司 | A kind of data safe transmission system |
| CN109688115B (en) * | 2018-12-11 | 2022-09-13 | 北京数盾信息科技有限公司 | Data security transmission system |
| CN112229438A (en) * | 2020-08-31 | 2021-01-15 | 深圳技术大学 | Natural ecological credible monitoring system and method |
| CN114928491A (en) * | 2022-05-20 | 2022-08-19 | 国网江苏省电力有限公司信息通信分公司 | Internet of things security authentication method, device and system based on identification cryptographic algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102413144B (en) | 2015-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
| CN111049660B (en) | Certificate distribution method, system, device and equipment, and storage medium | |
| CN106506470B (en) | network data security transmission method | |
| Saxena et al. | Authentication and authorization scheme for various user roles and devices in smart grid | |
| CN100558035C (en) | A kind of mutual authentication method and system | |
| CN109088870B (en) | Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform | |
| CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
| CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
| CN107105060A (en) | A kind of method for realizing electric automobile information security | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN111865939A (en) | Point-to-point national secret tunnel establishment method and device | |
| CN103118027A (en) | Transport layer security (TLS) channel constructing method based on cryptographic algorithm | |
| CN104702611A (en) | Equipment and method for protecting session key of secure socket layer | |
| CN101170413B (en) | A digital certificate and private key acquisition, distribution method and device | |
| CN105119894B (en) | Communication system and communication means based on hardware security module | |
| CN105577365B (en) | A kind of user accesses the cryptographic key negotiation method and device of WLAN | |
| CN102413144B (en) | A kind of safety access system for C/S framework business and relevant cut-in method | |
| CN104468126A (en) | Safety communication system and method | |
| CN109075973A (en) | A kind of method that use is carried out network and serviced unified certification based on the cryptography of ID | |
| CN102111273A (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN111935213A (en) | Distributed trusted authentication virtual networking system and method | |
| CN112165386B (en) | Data encryption method and system based on ECDSA | |
| CN111147257A (en) | Identity authentication and information confidentiality method, monitoring center and remote terminal unit | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN114422205A (en) | Method for establishing data tunnel of network layer of CPU chip special for electric power |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171016 Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Co-patentee after: State Grid Smart Grid Institute Patentee after: China Electric Power Research Institute Co-patentee after: Weishi-ting Information Industry Co., Ltd., Chengdu City Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Co-patentee before: Weishi-ting Information Industry Co., Ltd., Chengdu City Patentee before: China Electric Power Research Institute |
|
| TR01 | Transfer of patent right | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Co-patentee after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Patentee after: China Electric Power Research Institute Co-patentee after: Weishi-ting Information Industry Co., Ltd., Chengdu City Address before: 100192 Beijing city Haidian District Qinghe small Camp Road No. 15 Co-patentee before: State Grid Smart Grid Institute Patentee before: China Electric Power Research Institute Co-patentee before: Weishi-ting Information Industry Co., Ltd., Chengdu City |
|
| CP01 | Change in the name or title of a patent holder |