CN102487383B - Industrial internet distributed system safety access control device - Google Patents
Industrial internet distributed system safety access control device Download PDFInfo
- Publication number
- CN102487383B CN102487383B CN201010570979.8A CN201010570979A CN102487383B CN 102487383 B CN102487383 B CN 102487383B CN 201010570979 A CN201010570979 A CN 201010570979A CN 102487383 B CN102487383 B CN 102487383B
- Authority
- CN
- China
- Prior art keywords
- resource
- server
- module
- user
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012550 audit Methods 0.000 claims abstract description 30
- 238000013475 authorization Methods 0.000 claims abstract description 6
- 238000000034 method Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 15
- 230000006399 behavior Effects 0.000 claims description 13
- 238000007726 management method Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 6
- 230000027455 binding Effects 0.000 claims description 3
- 238000009739 binding Methods 0.000 claims description 3
- 238000013468 resource allocation Methods 0.000 claims description 3
- 238000003860 storage Methods 0.000 abstract description 3
- 230000006872 improvement Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 4
- 241000625014 Vir Species 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 229910052500 inorganic mineral Inorganic materials 0.000 description 1
- 239000011707 mineral Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an industrial Internet distributed system safety access control device. The device integrates a module which is used to carry out authentication and authorization to identities and access operations of a user and a server, the module which is used to audit the access operations of the user and the server and the module which is used to carry out uniform resource positioning to object resources accessed by the user and the server. Identity security and authority validity of the user or the server which access to the industrial Internet distributed system and acquire information/ service can be effectively ensured. In addition, the user and the server in the industrial Internet do not need to know an actual storage position of the needed object resources. Through a uniform resource positioning platform of the distributed system, the corresponding server can be positioned and the needed object resources can be acquired. A demand in a distributed environment can be rapidly and conveniently satisfied.
Description
Technical field
The present invention relates to a kind of network security Access Control Technique
Background technology
Along with developing rapidly of industrial automatic control, more and more many industrial enterprises use its inside (or special) network to be interconnected at together by its process-specified equipment or industrial intelligent equipment (Intelligent Electric Device-IED), form production control system network.Inner (or special) network of this industrial enterprise is referred to as industry internet.
Large enterprise, as Utilities Electric Co., oil-gas transportation enterprise, with mineral resources be developed as main large-scale Mining Group, its holding company is often distributed in the whole nation and even all parts of the world, only uses internal network cannot meet its requirements analysis.Along with the development of industry internet, industry internet is no longer confined to a station or a city, utilize the hardware and software facility of existing public network (ten thousand dimension the Internets), two or more industry internets are carried out communication connection, a central control system is made to exercise supervision to all sub-production control systems and to control, also energy communication mutually between multiple sub-production control system is made, form a larger industry internet, more optimal control and use are carried out to its resource.
And, in order to improve running efficiency of system, equally loaded, improve system robustness, industry internet uses distributed system usually, distributed data base, Distributed Services etc. are provided, are carried out information gathering, data storage, information processing respectively by servers different in industry internet, transmit, service etc. is provided.Industry internet distributed system is an integrated system, the operating system (i.e. distributed operating system) that one overall will be had in the entire system, it is responsible for the work such as Resource Distribution and Schedule, task division, information transmission, control coordination of total system (comprising every platform computer), and provides the interface of a unified interface, standard for user.This distributed operating system is generally positioned at the central control system of industry internet.There is distributed operating system, user realizes action required by unified interface and uses system resource, as for operation be perform on which computer or use the resource of which computer to be then the thing of system, user need not understand, and that is system of users is transparent.
Because the information transmitted in industry internet is industrial internal information, the service provided is internal services, therefore has high requirement to the fail safe of information and confidentiality.In order to ensure fail safe, in industry internet, in acquisition service or data, before information, user, client and application process all need to carry out corresponding authentication.The essence of certification confirms the whether true and whether effective process of certified object exactly.General employing cryptographic technique, uses the certified object of digital certificate authentication, reaches and confirms whether true, the effective object of certified object.
Only by identification with after differentiating, just utilize the IP address at its request service place to set up tunnel (VPN), be connected to the server that corresponding with service is provided by VPN, obtain respective service, data, information etc.VPN and Virtual Private Network, being set up the connection of interim a, safety by a common network (normally internet), is safe, a stable tunnel through chaotic common network.
But for industry internet distributed system, only carry out authentication to user, client and application process, its safe class is inadequate for the industry internet requiring high security.Further, IP address is only utilized to set up VPN to ensure that the mode of communication security is inadequate equally for distributed system.For existing industry internet distributed system, be applicable to distributed environment, the high demand for security of data can be ensured the network security access control apparatus of (i.e. the confidentiality of data, integrality and non-repudiation) in the urgent need to one.
Summary of the invention
The technical problem that the present invention mainly solves is to provide a kind of industrial Internet distributed system safety access control device, make, while the fail safe of the industry internet adopting distributed computing technology is protected, to meet the Resource orientation demand of industry internet under distributed environment.
In order to solve the problems of the technologies described above, the invention provides a kind of industrial Internet distributed system safety access control device, comprise network communication port, be connected with server in described industry internet or client by inner private network or public network, also comprise:
The identity of a pair user and server and accessing operation authority carry out the Certificate Authority module of certification, the accessing operation of a pair user or server carries out the Audit Module of auditing, and the object resource of a pair user or server access operation carries out the Resource orientation module of memory location positioning control;
Described Certificate Authority module, Audit Module and Resource orientation module are all connected with described network communication port; Described Certificate Authority module, by the authentication information of described network communication port accepts from subscription client or server, carries out the authentication and authorization of identity and accessing operation authority; Described Audit Module receives the accessing operation information from subscription client or server by described network communications port, audits to described accessing operation; Described Resource orientation module is connected with described Audit Module, after the audit of described accessing operation information by described Audit Module, positions the memory location of the object resource of described accessing operation.
As the improvement of technique scheme, this device also comprises certificate authority and the certificate repository that a pair digital certificate carries out basic management operation, and described basic management operation at least comprises certificate authority, index, stores and revoke;
Described certificate authority is connected with described Certificate Authority module, described certificate repository is connected with described Certificate Authority module with described certificate authority respectively, described certificate authority is issued in credentialing process for user, by described Certificate Authority module for user distributes Role and privilege, described certificate authority is that this user issues the digital certificate comprising Role Information, and this digital certificate is kept at certificate repository; Described Certificate Authority module, when carrying out certification to user identity and accessing operation authority, reads the digital certificate of this user from described certificate repository.
As the improvement of technique scheme, this device also comprises a resource management module, be connected with Resource orientation module, the component repository of the management and utilization system overall situation, resource allocation ATL, common information model pattern description file and CIM semantic model storehouse.
As the improvement of technique scheme, in described distributed system, object resource is divided into and can disposes object resource and plain objects resource, plain objects resource and the object resource disposed belonging to it are stored in same server, each object resource comprises a unique corresponding resource and indicates, this resource indicates the upper level comprised belonging to this object resource can dispose object resource identification code and this resource identification code two parts, register the resource sign and memory address that can dispose object resource in Resource orientation module, this Resource orientation module also comprises further:
Sub module stored, can dispose the resource sign of object resource and the corresponding relation of memory address described in preserving;
Search submodule, for indicating according to the resource in accessing operation request, determine whether requested resource is to dispose object resource, if can object resource be disposed, this resource identification code part in then indicating according to described resource, searches the memory address of this object resource from the corresponding relation that described sub module stored is preserved; If plain objects resource, then in indicating according to described resource, upper level can dispose object resource identification code portions, searches the memory address of this object resource from the corresponding relation that described sub module stored is preserved;
Feedback submodule, for the described memory address found is fed back to accessing operation requesting party, obtains required object resource by accessing operation requesting party from the server that this memory address is corresponding.
As the improvement of technique scheme, this device also comprises a rights database, the authority information that the user for preserving different role is corresponding;
Described Certificate Authority module is after checking digital certificate validity, described rights database is associated with Role Information according to the username information in digital certificate, therefrom extract the authority information of user, return the user interface comprising accessing operation in its extent of competence to user.
As the improvement of technique scheme, when described Certificate Authority module is also for server generation behavior in described industry internet, authentication is carried out to this server, if certification by; allow this server that the behavior occurs; If certification is not passed through, refuse this server and the behavior occurs;
Described server behavior at least comprises one of following or its combination in any:
Startup of server, server providing services, server provide data, server provides operation and server uses system resource.
As the improvement of technique scheme, described certificate authority, also for being the server-assignment digital certificate in described industry internet and key, by the information of described server and the digital certificate distributed and key bindings, and is saved in described certificate repository;
Described Certificate Authority module obtains the digital certificate of server from described certificate repository, verify digital certificate and the key of described server, and whether the server info that digital certificate is bound mates with the server info in described certification, realizes the authentication to described server.
Embodiment of the present invention compared with prior art, the main distinction and effect thereof are: for industry internet arranges the secure access control device of an applicable distributed environment, gather the module of the identity of user and server and accessing operation authority being carried out to authentication and authorization in the apparatus, to the module that the accessing operation of user or server is audited, the object resource of user and server access is carried out to the module of unified resource location.Effectively guarantee access industrial Internet advertising distribution system and the fail safe of the user of obtaining information/service or server identity, authority validity.And, to make in industry internet user and server without the need to knowing the actual storage locations of required object resource, only need by the unified Resource orientation platform of distributed system, corresponding server can be navigated to, object resource needed for acquisition, it is quick, convenient to realize, and meets the demand under distributed environment.
As further improvement, object resource in distributed system is divided into and can disposes object resource and plain objects resource, be stored in each distributed server, plain objects resource and the object resource disposed belonging to it are stored in same server, each object resource comprises a resource ID, and the upper level comprised in ID belonging to this object resource can dispose object resource identification code and this object resource identification code two parts.ID and the memory address that only can dispose object resource are sent to Resource orientation facility registration; During Resource orientation module searches resource, first determine whether to dispose object resource, if can object resource be disposed, then according to this resource identification code part, search this object resource memory address; If plain objects resource, then can dispose object resource identification code portions according to upper level, search this object resource memory address; Resources requesting party obtains required object resource from memory address corresponding server.For comprising mass data and the various distributed system of resource type, this Resource orientation mode accelerates resource lookup and locating speed greatly, and owing to only needing registration can dispose object resource ID during resource registering, therefore big data quantity, polymorphic type information resources registration problem is solved, reduce the requirements such as the power system capacity to Resource orientation facility, handling property, effectively avoid Resource orientation facility to cause system bottleneck.
In addition, it is safe that the present invention to have abolished in traditional concept server in distributed network, without the need to the idea of authentication, by to providing the server of service to carry out real-time identity authentication in distributed network, the legitimacy of the service that server provides is inscribed when guaranteeing each, the validity of the data provided, effectively avoid the situation that server is stolen, meet the demand for security of user, comprise the confidentiality of data, integrality and non-repudiation, the level of security that distributed network is reached can meet the system of the contour demand for security of industry internet, comprise electric power, oil gas, the high level demand for security of user in the industrial circles such as traffic.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
Fig. 1 is secure access control device and Services in Distributed System device/client's side link structural representation in the present invention one better embodiment;
Fig. 2 is the present invention one better embodiment industrial Internet distributed system safety access control device structure chart.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiments of the present invention are described in further detail.
The present invention one better embodiment relates to a kind of industrial Internet distributed system safety access control device, as security control mechanism and the distributed platform of industry internet distributed system, it comprises network communication port, is directly or indirectly connected with Servers-all in industry internet and client by dedicated network (internal network) or public network.These servers in the zones of different of industry internet, can realize different services, operation etc., as each server can be distributed in one-level main website, the secondary main website, even substation of zones of different.Client can be connected to this device in any region by network, as shown in Figure 1.
In present embodiment, client realizes authentication by this device, logs in distributed system, determines its own right, the object resource of the required accessing operation in location (in extent of competence), finally obtain required service intra vires.Server realizes authentication by this device, logs in distributed system, determines its own right, also obtains intra vires required object resource, intra vires for user provides service etc. by this device location.And, this secure access control device is except carrying out except Certificate Authority to the identity of client and server and authority, after also completing Resource orientation user and server, being connected to located server, further each operation of user and server is audited, guarantee that service that the operation performed by it obtains is all in its extent of competence.By multi-faceted multiple authentication Audit Mechanism, guarantee the safety and stability of industry internet distributed system.
Specifically, the secure access control device of present embodiment mainly comprises: the identity of a pair user and server and accessing operation authority carry out the Certificate Authority module of certification, the accessing operation of a pair user or server carries out the Audit Module of auditing, the object resource of a pair user or server access operation carries out the Resource orientation module of memory location positioning control, as shown in Figure 2.
Wherein, Certificate Authority module, Audit Module are all connected with network communication port with Resource orientation module; Certificate Authority module, by the authentication information of network communication port accepts from subscription client or server, carries out the authentication and authorization of identity and accessing operation authority; Audit Module receives the accessing operation information from subscription client or server by network communications port, audits to accessing operation; Resource orientation module is connected with Audit Module, after accessing operation information is by the audit of Audit Module, positions the memory location of the object resource of accessing operation.Audit Module can invokes authentication authorization module, completing the identity of client/server and the certification of authority to performing this accessing operation, determining that whether accessing operation is legal; Also directly can carry out certification to the identity of client/server and authority, determine that whether accessing operation is legal.
This secure access control device also comprises certificate authority and the certificate repository that a pair digital certificate carries out basic management operation, and basic management operation at least comprises certificate authority, index, stores and revoke.
Certificate authority is connected with Certificate Authority module, certificate repository is connected with Certificate Authority module with certificate authority respectively, certificate authority is issued in credentialing process for user, by Certificate Authority module for user distributes Role and privilege, certificate authority is that this user issues the digital certificate comprising Role Information, and this digital certificate is kept at certificate repository; Certificate Authority module, when carrying out certification to user identity and accessing operation authority, reads the digital certificate of this user from certificate repository.
This device also comprises a resource management module, be connected with Resource orientation module, the component repository of the management and utilization system overall situation, resource allocation ATL, common information model (Common InformationModel is called for short " CIM ") pattern description file and CIM semantic model storehouse.
This device also comprises a rights database, the authority information that the user for preserving different role is corresponding;
Certificate Authority module, after checking digital certificate validity, according to the username information in digital certificate and Role Information associated permissions database, is therefrom extracted the authority information of user, is returned the user interface comprising accessing operation in its extent of competence to user.
As the improvement of technique scheme, when Certificate Authority module is also for server generation behavior in industry internet, authentication is carried out to this server, if certification by; allow this server that the behavior occurs; If certification is not passed through, refuse this server and the behavior occurs.Server behavior at least comprises: startup of server, server providing services, server provide data, server provides operation and server uses system resource etc.
Corresponding, certificate authority can also be used for for the server-assignment digital certificate in industry internet and key, by the information of server and the digital certificate distributed and key bindings, and is saved in certificate repository; Certificate Authority module obtains the digital certificate of server from certificate repository, the digital certificate of authentication server and key, and whether the server info that digital certificate is bound mates with the server info in certification, realizes the authentication to server.
In sum, in present embodiment, user will access the service in industry internet, first need to log in industrial Internet distributed system safety access control device, by Certificate Authority module certification carried out to the identity of user and determine its authority, returning the user interface (user interface only comprise operation that this user have permission) corresponding with its authority to user.When user needs to carry out concrete accessing operation by client, further the accessing operation authority of user is audited by Audit Module, if audit by; allow it to carry out this accessing operation, if audit not by; forbid this accessing operation, guarantee security of system.And, without the need to knowing, request service is positioned at that station server to user, no matter user needs to carry out what accessing operation, all only need ask to secure access control device, be that user carries out Resource orientation by Resource orientation module, determine the position at the object resource place that required service is corresponding, according to the result that Resource orientation module returns, find corresponding server to obtain respective service.
Except carry out identity purview certification and audit in user level except, in server aspect, server needs the certification carrying out identity and authority equally.Start at server, service is provided, data are provided, when operation being provided and using the behavior such as system resource, need equally to carry out certification and audit to its identity and authority, after passing through authentication, this server can start, provide service, provide data, provide operation etc.; After by audit, this server can carry out Resource orientation, use system resource, conduct interviews to other servers operation.
Visible, it is safe that the secure access control device of present embodiment to have abolished in traditional concept server in distributed network, without the need to the idea of authentication, by to providing the server of service to carry out real-time identity authentication in distributed network, the legitimacy of the service that server provides is inscribed when guaranteeing each, the validity of the data provided, effectively avoid the situation that server is stolen, meet the demand for security of industry internet system, comprise the confidentiality of data, integrality and non-repudiation, the level of security that industry internet distributed system is reached can meet the system of high demand for security in industrial circle, comprise electric power, oil gas, there is in the industrial circles such as traffic the system of high-level demand for security.And, guarantee that in industry internet, user and server are without the need to knowing the actual storage locations of required object resource, only need by the unified Resource orientation platform of distributed system, corresponding server can be navigated to, object resource needed for acquisition, it is quick, convenient to realize, and meets the demand under distributed environment.
As the improvement of technique scheme, in the distributed system of present embodiment, object resource is divided into and can disposes object resource and plain objects resource, plain objects resource and the object resource disposed belonging to it are stored in same server, each object resource comprises a unique corresponding resource and indicates, this resource indicates the upper level comprised belonging to this object resource can dispose object resource identification code and this resource identification code two parts, in Resource orientation module, the resource sign and memory address that can dispose object resource are registered, this Resource orientation module also comprises further:
Sub module stored, for preserving the corresponding relation of resource sign and the memory address can disposing object resource;
Search submodule, for indicating according to the resource in accessing operation request, determine whether requested resource is to dispose object resource, if can object resource be disposed, this resource identification code part in then indicating according to resource, searches the memory address of this object resource from the corresponding relation that sub module stored is preserved; If plain objects resource, then in indicating according to resource, upper level can dispose object resource identification code portions, searches the memory address of this object resource from the corresponding relation that sub module stored is preserved;
Feedback submodule, for the memory address found is fed back to accessing operation requesting party, obtains required object resource by accessing operation requesting party from the server that this memory address is corresponding.
That is, in this system, the ID and memory address that can dispose object resource only need be sent to Resource orientation facility registration by each server; During Resource orientation module searches resource, first determine whether to dispose object resource, if can object resource be disposed, then according to this resource identification code part, search this object resource memory address; If plain objects resource, then can dispose object resource identification code portions according to upper level, search this object resource memory address; Resources requesting party obtains required object resource from memory address corresponding server.For comprising mass data and the various distributed system of resource type, this Resource orientation technology accelerates resource lookup and locating speed greatly, and owing to only needing registration can dispose object resource ID during resource registering, therefore big data quantity, polymorphic type information resources registration problem is solved, reduce the requirements such as the power system capacity to Resource orientation facility, handling property, effectively avoid Resource orientation facility to cause system bottleneck.
Although by referring to some of the preferred embodiment of the invention, to invention has been diagram and describing, but those of ordinary skill in the art should be understood that and can do various change to it in the form and details, and without departing from the spirit and scope of the present invention.
Claims (7)
1. an industrial Internet distributed system safety access control device, comprises network communication port, is connected, it is characterized in that, also comprise by inner private network or public network with server in described industry internet or client:
The identity of a pair user and server and accessing operation authority carry out the Certificate Authority module of certification, the accessing operation of a pair user or server carries out the Audit Module of auditing, the object resource of a pair user or server access operation carries out the Resource orientation module of memory location positioning control, described object resource is divided into can dispose object resource and plain objects resource, plain objects resource and the object resource disposed belonging to it are stored in same server, each object resource comprises a unique corresponding resource and indicates, this resource indicates the upper level comprised belonging to this object resource can dispose object resource identification code and this resource identification code two parts, in Resource orientation module, the resource sign and memory address that can dispose object resource are registered,
Described Certificate Authority module, Audit Module and Resource orientation module are all connected with described network communication port; Described Certificate Authority module, by the authentication information of described network communication port accepts from subscription client or server, carries out the authentication and authorization of identity and accessing operation authority; Described Audit Module receives the accessing operation information from subscription client or server by described network communications port, audits to described accessing operation; Described Resource orientation module is connected with described Audit Module, after the audit of described accessing operation information by described Audit Module, positions the memory location of the object resource of described accessing operation.
2. industrial Internet distributed system safety access control device according to claim 1, it is characterized in that, this device also comprises certificate authority and the certificate repository that a pair digital certificate carries out basic management operation, and described basic management operation at least comprises certificate authority, index, stores and revoke;
Described certificate authority is connected with described Certificate Authority module, described certificate repository is connected with described Certificate Authority module with described certificate authority respectively, described certificate authority is issued in credentialing process for user, by described Certificate Authority module for user distributes Role and privilege, described certificate authority is that this user issues the digital certificate comprising Role Information, and this digital certificate is kept at certificate repository; Described Certificate Authority module, when carrying out certification to user identity and accessing operation authority, reads the digital certificate of this user from described certificate repository.
3. industrial Internet distributed system safety access control device according to claim 1, it is characterized in that, this device also comprises a resource management module, be connected with described Resource orientation module, the component repository of the management and utilization system overall situation, resource allocation ATL, common information model pattern description file and CIM semantic model storehouse.
4. industrial Internet distributed system safety access control device according to claim 1, is characterized in that, this Resource orientation module also comprises further:
Sub module stored, can dispose the resource sign of object resource and the corresponding relation of memory address described in preserving;
Search submodule, for indicating according to the resource in accessing operation request, determine whether requested resource is to dispose object resource, if can object resource be disposed, this resource identification code part in then indicating according to described resource, searches the memory address of this object resource from the corresponding relation that described sub module stored is preserved; If plain objects resource, then in indicating according to described resource, upper level can dispose object resource identification code portions, searches the memory address of this object resource from the corresponding relation that described sub module stored is preserved;
Feedback submodule, for the described memory address found is fed back to accessing operation requesting party, obtains required object resource by accessing operation requesting party from the server that this memory address is corresponding.
5. industrial Internet distributed system safety access control device according to claim 2, is characterized in that, this device also comprises a rights database, the authority information that the user for preserving different role is corresponding;
Described Certificate Authority module is after checking digital certificate validity, described rights database is associated with Role Information according to the username information in digital certificate, therefrom extract the authority information of user, return the user interface comprising accessing operation in its extent of competence to user.
6. industrial Internet distributed system safety access control device according to claim 2, it is characterized in that, when described Certificate Authority module is also for server generation behavior in described industry internet, authentication is carried out to this server, if certification is passed through, allows this server that the behavior occurs; If certification is not passed through, refuse this server and the behavior occurs;
Described server behavior at least comprises one of following or its combination in any:
Startup of server, server providing services, server provide data, server provides operation and server uses system resource.
7. industrial Internet distributed system safety access control device according to claim 6, it is characterized in that, described certificate authority is also for being the server-assignment digital certificate in described industry internet and key, by the information of described server and the digital certificate distributed and key bindings, and be saved in described certificate repository;
Described Certificate Authority module obtains the digital certificate of server from described certificate repository, verify digital certificate and the key of described server, and whether the server info that digital certificate is bound mates with the server info in described certification, realizes the authentication to described server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010570979.8A CN102487383B (en) | 2010-12-02 | 2010-12-02 | Industrial internet distributed system safety access control device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010570979.8A CN102487383B (en) | 2010-12-02 | 2010-12-02 | Industrial internet distributed system safety access control device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102487383A CN102487383A (en) | 2012-06-06 |
| CN102487383B true CN102487383B (en) | 2015-01-28 |
Family
ID=46152837
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010570979.8A Active CN102487383B (en) | 2010-12-02 | 2010-12-02 | Industrial internet distributed system safety access control device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102487383B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103106357B (en) * | 2012-11-12 | 2015-09-30 | 成都锦瑞投资有限公司 | Based on property system of real name authentication and authorization system and the method for CFCA Valuation Standard |
| CN104753902B (en) * | 2013-12-31 | 2019-03-26 | 格尔软件股份有限公司 | A kind of operation system verification method and verifying device |
| US9438628B2 (en) * | 2014-01-27 | 2016-09-06 | Honeywell International Inc. | Apparatus and method for securing a distributed control system (DCS) |
| CN104657501B (en) * | 2015-03-12 | 2017-12-15 | 浪潮天元通信信息系统有限公司 | A kind of resource surveys the acquisition methods and device of scheme in advance |
| CN107925653B (en) * | 2015-05-26 | 2022-06-03 | T·弗里杰里奥 | Telecommunication system for secure transmission of data therein and device associated with the telecommunication system |
| CN107276965B (en) * | 2016-04-07 | 2021-05-14 | 阿里巴巴集团控股有限公司 | Authority control method and device of service discovery component |
| CN106504091B (en) * | 2016-10-27 | 2018-06-29 | 深圳壹账通智能科技有限公司 | The method and device merchandised on block chain |
| CN114978583A (en) * | 2018-03-05 | 2022-08-30 | 上海可鲁系统软件有限公司 | Intelligent virtual private network system for industrial Internet of things |
| CN110620750A (en) * | 2018-06-20 | 2019-12-27 | 宁德师范学院 | Network security verification method of distributed system |
| CN109344600B (en) * | 2018-10-09 | 2022-04-08 | 象翌微链科技发展有限公司 | Distributed system and data processing method based on same |
| CN109246143A (en) * | 2018-10-29 | 2019-01-18 | 航天信息股份有限公司 | Identity authentication method, device and storage medium based on digital certificate |
| CN109547557A (en) * | 2018-12-06 | 2019-03-29 | 南京邮电大学 | Industry internet Intelligent Decision-making Method, readable storage medium storing program for executing and terminal |
| CN110266666A (en) * | 2019-06-05 | 2019-09-20 | 瀚云科技有限公司 | A kind of method for managing security and system based on industry internet |
| CN111131207B (en) * | 2019-12-13 | 2021-12-07 | 新华三大数据技术有限公司 | Certificate verification method and device in distributed task and server |
| CN112087511A (en) * | 2020-09-08 | 2020-12-15 | 国润创投(北京)科技有限公司 | Automation equipment information acquisition system based on industrial internet |
| CN112291278B (en) * | 2020-12-29 | 2021-06-04 | 中天众达智慧城市科技有限公司 | Personal consumption data processing device in urban brain system |
| CN114640497B (en) * | 2022-01-26 | 2023-03-17 | 山东中网云安智能科技有限公司 | Network security isolation system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155030A (en) * | 2006-09-29 | 2008-04-02 | 维豪信息技术有限公司 | Network resource integration access method based on registration and authentication |
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN101547096A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Net-meeting system and management method thereof based on digital certificate |
| CN101582769A (en) * | 2009-07-03 | 2009-11-18 | 杭州华三通信技术有限公司 | Authority setting method of user access network and equipment |
-
2010
- 2010-12-02 CN CN201010570979.8A patent/CN102487383B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155030A (en) * | 2006-09-29 | 2008-04-02 | 维豪信息技术有限公司 | Network resource integration access method based on registration and authentication |
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN101547096A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Net-meeting system and management method thereof based on digital certificate |
| CN101582769A (en) * | 2009-07-03 | 2009-11-18 | 杭州华三通信技术有限公司 | Authority setting method of user access network and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 基于802.1x的局域网认证、授权与审计系统的设计与实现;杨猛;《第一届中国高校通信类院系学术研讨会论文集》;20070701;第1162-1168页,图1,图2 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102487383A (en) | 2012-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102487383B (en) | Industrial internet distributed system safety access control device | |
| CN105656903B (en) | A kind of user safety management system of Hive platforms and application | |
| CN109992622A (en) | A kind of shared exchange system of emergency resources | |
| CN112085417A (en) | Industrial Internet identification distribution and data management method based on block chain | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN102651775A (en) | Method, equipment and system for managing shared objects of a plurality of lessees based on cloud computation | |
| CN109003207B (en) | Residence permit information processing method and platform based on block chain | |
| CN103051631A (en) | Unified security authentication method for PaaS (Platform as a Service) platform and SaaS (Software as a Service) application system | |
| CN101729541B (en) | Method and system for accessing resources of multi-service platform | |
| CN112671580A (en) | QAR data management method based on block chain technology | |
| CN105225072A (en) | A kind of access management method of multi-application system and system | |
| CN110581824A (en) | Quick login management system based on multiple WeChat public numbers | |
| CN102255870B (en) | Security authentication method and system for distributed network | |
| CN112508733A (en) | Big data intelligence service system in electric wire netting space-time based on big dipper | |
| CN202153753U (en) | Remote communication service device of industrial Internet distributed system | |
| CN103533094A (en) | Identification code all-in-one machine and identification code system | |
| Song et al. | Smart contract-based trusted content retrieval mechanism for NDN | |
| CN111682934B (en) | Method and system for storing, accessing and sharing comprehensive energy metering data | |
| CN112258373B (en) | Data processing method and device | |
| CN102413137B (en) | Data access method and device | |
| CN104935576A (en) | Data safe divided storage and assigned user sharing system | |
| CN106060032B (en) | User data integration and reassignment method and system | |
| CN103530232B (en) | A kind of software testing management framework establishment method and device | |
| CN106411905A (en) | Method for implementing distributed architecture through soft routing | |
| CN102122333B (en) | Method for logging in document library system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 201203 403d, building 5, No. 3000, Longdong Avenue, Pudong New Area, Shanghai Patentee after: Shanghai Kelu Software Co.,Ltd. Address before: 201203 Shanghai city Pudong New Area road 887 Lane 82 Zuchongzhi Building No. two North Patentee before: Shanghai Kelu Software Co.,Ltd. |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Liang Jun Inventor after: Lin Yuan Inventor after: Yu Gaoyu Inventor after: Wang Lei Inventor before: Liang Jun Inventor before: Yu Gaoyu Inventor before: Wang Lei |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231108 Address after: 201203 north, 2nd floor, No.82, Lane 887, Zuchongzhi Road, Pudong New Area, Shanghai Patentee after: Shanghai Kelu Software Co.,Ltd. Patentee after: Shanghai Left Bank Investment Management Co.,Ltd. Address before: 201203 403D 5, 3000 Longdong Avenue, Pudong New Area, Shanghai. Patentee before: Shanghai Kelu Software Co.,Ltd. |