CN103581173A - Safe data transmission method, system and device based on industrial Ethernet - Google Patents

Safe data transmission method, system and device based on industrial Ethernet Download PDF

Info

Publication number
CN103581173A
CN103581173A CN201310412456.4A CN201310412456A CN103581173A CN 103581173 A CN103581173 A CN 103581173A CN 201310412456 A CN201310412456 A CN 201310412456A CN 103581173 A CN103581173 A CN 103581173A
Authority
CN
China
Prior art keywords
information
message
data message
industrial protocol
cryptographic hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310412456.4A
Other languages
Chinese (zh)
Other versions
CN103581173B (en
Inventor
丁杰
孔勇
马化一
仁参考
李硕
张俭锋
薛百华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Dongtu vision Industrial Technology Co. Ltd.
Kyland Technology Co Ltd
Original Assignee
Kyland Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kyland Technology Co Ltd filed Critical Kyland Technology Co Ltd
Priority to CN201310412456.4A priority Critical patent/CN103581173B/en
Publication of CN103581173A publication Critical patent/CN103581173A/en
Application granted granted Critical
Publication of CN103581173B publication Critical patent/CN103581173B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The inventions discloses a safe data transmission method, system and device based on the industrial Ethernet, and aims to solve the problems that in the process of data transmission in the existing industrial Ethernet, a receiving terminal can not verify the identity of a transmitting terminal and the safety of data transmission can not be guaranteed. According to the method, when the transmitting terminal transmits data information, the transmitting terminal also transmits the digital signature and information to be verified of the transmitting terminal, conversion equipment completes primary verification of the identity of the transmitting terminal according to timestamp information and secret key information which are contained in the information to be verified, completes secondary verification of the identity of the transmitting terminal according to the digital signature and checks the safety of the data information according to industrial protocol information of the data information when the transmitting terminal passes identity verification. According to the safe data transmission method, system and device based on the industrial Ethernet, because comprehensive detection of the transmitting terminal and the data information is achieved, the purpose of verifying the identity of the transmitting terminal is achieved, detection of the safety of the data information is also achieved, and accordingly the safety of data transmission in the industrial Ethernet is improved.

Description

A kind of data safe transmission method, system and device based on Industrial Ethernet
Technical field
The present invention relates to Industrial Ethernet technical field, relate in particular to a kind of data safe transmission method, system and device based on Industrial Ethernet.
Background technology
Along with developing rapidly of mechanics of communication, information network has become the important guarantee of social development.Due to the expansion of networking scale and the diversification of networking model of network, for the requirement of network system disposal ability and concatenation ability, also constantly improving.But when concatenation ability, information flow ability improve, the safety problem of connection Network Based also becomes increasingly conspicuous.
Industrial Ethernet is the ethernet technology that is applied to industrial control field, and the outstanding features such as it is strong with its applicability, high real-time, high interoperability manipulation, high reliability and anti-interference, have met the requirements at the higher level of industry spot to safety and reliability.Along with the fast development of two change fusions and Internet of Things, the safety problem that industrial control system faces is day by day serious, how to guarantee the data transmission security of Industrial Ethernet, will be that the major issue solving is badly in need of in futurity industry field.
While carrying out transfer of data in Industrial Ethernet, often adopt form expressly to transmit, take the issuing as example of data white list: when carrying out the transmission of data white list, generally by network, the equipment such as switch of opposite end are carried out to long-range monitoring management, when the first switch device logs in the second switch device, by belonging to gerentocratic username and password, this is verified as gerentocratic the first switch device, when being verified, the first switch device can be arbitrarily to data white list information such as the second switch device distributing policies.
General the second switch device in the prior art is not verified the identity of the first switch device, as long as this first switch device can be inputted correct username and password, can to the second switch device, carry out by network the operation of data white list transmission, but in the method, receive the second switch device of data white list, can not determine whether be the corresponding data white list of corresponding manager to its transmission, even and complete the authentication to the first switch device, also cannot determine the safety issue of this data white list itself.
Therefore, while carrying out transfer of data in existing Industrial Ethernet, because cannot verify the identity of transmitting terminal, so can not determine that whether the data that receive are reliable, thereby will cause serious potential safety hazard, even and the identity of transmitting terminal by checking, the data message that this transmitting terminal is sent also lacks further measuring means, therefore, cannot guarantee the fail safe of transfer of data in Industrial Ethernet.
Summary of the invention
The embodiment of the present invention provides a kind of data safe transmission method, system and device based on Industrial Ethernet, while carrying out transfer of data in order to solve prior art in the switching equipment of Industrial Ethernet, receiving terminal can not authenticate the identity of transmitting terminal, problem that cannot guaranteeing data security property.
The embodiment of the present invention provides a kind of data safe transmission method based on Industrial Ethernet, and the method comprises:
Switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature, timestamp information and key information;
Extract the timestamp information in described message, this message is verified, and according to the key information of preserving, this message is verified;
When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message;
The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared;
When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message;
The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving;
When the match is successful, process this data message.
The embodiment of the present invention provides a kind of data safe transmission system based on Industrial Ethernet, and this system comprises:
Other equipment, for sending message to switching equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Switching equipment, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving; When the match is successful, process this data message.
The embodiment of the present invention provides a kind of Security Data Transmission device based on Industrial Ethernet, and this device comprises:
Receiver module, the message sending for receiving other equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Authentication module, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving;
Processing module, for when the match is successful, processes this data message.
The embodiment of the present invention provides a kind of data safe transmission method, system and device based on Industrial Ethernet, in the method, switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature, timestamp information and key information; Extract the timestamp information in described message, this message is verified, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving; When the match is successful, process this data message.Because the authorization information that switching equipment is preserved according to self is in embodiments of the present invention carried out Information Authentication to the data message receiving, and by the coupling identification of industrial protocol information, this data message is carried out to secondary checking, thereby reach the object that the fail safe of message data information is verified, therefore, the method has improved the fail safe of transfer of data in industrial network.
Accompanying drawing explanation
A kind of Security Data Transmission process schematic diagram based on Industrial Ethernet that Fig. 1 provides for the embodiment of the present invention;
A detailed implementation process schematic diagram of a kind of Security Data Transmission based on Industrial Ethernet that Fig. 2 provides for the embodiment of the present invention;
Another detailed implementation process schematic diagram of a kind of Security Data Transmission based on Industrial Ethernet that Fig. 3 provides for the embodiment of the present invention;
A kind of data safe transmission system structural representation based on Industrial Ethernet that Fig. 4 provides for the embodiment of the present invention;
The structural representation of a kind of Security Data Transmission device based on Industrial Ethernet that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of Security Data Transmission device based on Industrial Ethernet that Fig. 6 provides for the embodiment of the present invention.
Embodiment
The present invention is in order to improve the reliability of transfer of data in Industrial Ethernet, and the embodiment of the present invention provides a kind of data safe transmission method, system and device based on Industrial Ethernet.
Below in conjunction with Figure of description, the present invention is described in detail.
A kind of Security Data Transmission process schematic diagram based on Industrial Ethernet that Fig. 1 provides for the embodiment of the present invention, this process comprises the following steps:
S101: switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature, timestamp information and key information.
In embodiments of the present invention in order to guarantee the fail safe of message transmissions in Industrial Ethernet, when other equipment send message to switching equipment, according to the data message of this message, determine its digital signature, determine the transmitting time of this message, timestamp information, digital signature, key information and data message that this transmitting time is corresponding send to the switching equipment as receiving terminal in the lump.Wherein, described other equipment can be terminal and sensor node device, can be also the switching equipment such as switch.
S102: extract the timestamp information in described message, this message is verified, and according to the key information of preserving, this message is verified, judge whether to be verified, when being verified, carry out step S103, otherwise, the data of reception are abandoned.
When switching equipment receives after the message of other equipment transmissions, extracting timestamp information and the key information of this message verifies this message, it is mainly the checking realizing transmitting terminal identity, in embodiments of the present invention as the switching equipment of receiving terminal when this transmitting apparatus is carried out to authentication, can first by timestamp information, verify and then carry out key information checking, or, first by key information, verify and then carry out timestamp information checking.
S103: the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message.
After the identity of this transmitting terminal being verified by timestamp information and key information, in order further to increase the fail safe of data white list transmission, this digital signature generates according to the data message of this message in embodiments of the present invention, therefore according to this data signature, can also further to other equipment as transmitting terminal, verify.
This concrete digital signature, when generating, according to hash algorithm and this data message, is determined the cryptographic Hash of this data message as other equipment of transmitting terminal; According to the cryptographic Hash of this data message of determining, and the private key of preserving is encrypted generating digital signature to the cryptographic Hash of this data message.Transmitting terminal can, by this digital signature that comprises generation and the message of data message, send to the switching equipment as receiving terminal.
S104: the cryptographic Hash obtaining after the cryptographic Hash of this data message and deciphering is compared, judge that whether the cryptographic Hash of this data message is consistent with the cryptographic Hash of acquisition after deciphering, when judgment result is that while being, carry out step S105, otherwise, determine that these data are dangerous, by this packet loss.
Known according to the generative process of above-mentioned digital signature, this digital signature generates according to hash algorithm and the private key preserved as other equipment of transmitting terminal, therefore receiving terminal is when verifying the identity of transmitting terminal according to this digital signature, the second switching equipment as receiving terminal identifies digital signature in the message that comprises this data message and digital signature thereof, the PKI of preserving according to self is decrypted this digital signature, obtain its corresponding cryptographic Hash, afterwards this data message is carried out to Hash operation, determine the cryptographic Hash of this numeral white list.
The cryptographic Hash obtaining after the cryptographic Hash of data message and deciphering is compared, whether unanimously judge both, when judging that both are consistent, confirm that this transmitting terminal has corresponding data and sends identity, complete the authentication of data sending terminal.
S105: when judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message.
After the authentication of transmitting terminal being passed through by above-mentioned flow process in Industrial Ethernet, the fail safe that comprises data message in the message that need to send this transmitting terminal is further verified, switching equipment extracts the industrial protocol information of this data message, and this industrial protocol information is verified.Wherein, described industrial protocol information comprises: industrial protocol type feature code and industrial protocol keyword.
S106: the described industrial protocol information of extracting is mated with each industrial protocol information of self preserving, when the match is successful, carry out step S107, otherwise, determine that this data message is dangerous, by this packet loss.
Switching equipment as receiving terminal obtains the industrial protocol information of this data message from the message data information of other equipment transmissions as transmitting terminal, in each industrial protocol information of preserving at self, mate, networking model in view of Industrial Ethernet, in Industrial Ethernet, only have the industrial protocol type of switching equipment support to identify and to process, when the industrial protocol information of this data message is not when in switching equipment, the match is successful, illustrate that this data message is illegal, there is potential safety hazard, therefore, by this packet loss.
S107: the data message of processing this message.
Owing to receiving in embodiments of the present invention the second switching equipment of the message of other equipment transmissions, by timestamp information and key information, the data message of this message is verified, and PKI and the hash algorithm according to self, preserved are verified this data message, thereby reach the object to transmitting terminal authentication, because if the identity of transmitting terminal has problem, this data white list cannot be verified; After the authentication of transmitting terminal is passed through, the present invention is by verifying the industrial protocol information of this message data information of extracting, the further fail safe of verification msg, only have with the successful data of each industrial protocol information matches of self preserving and just can carry out subsequent treatment, so the method has improved the fail safe of transfer of data.
In the invention process in order to increase the fail safe of transfer of data, and can make can authenticate the identity of the equipment as transmitting terminal as the switching equipment of receiving terminal, in embodiments of the present invention, when other equipment as transmitting terminal send data to the switching equipment as receiving terminal, after other equipment of this transmitting terminal are processed these data, then send.
Concrete, as these other exchange devices of transmitting terminal, according to this data message to be sent, and the hash algorithm of self preserving, carries out Hash operation to this data message, determines the cryptographic Hash of this data message.The cryptographic Hash of this data message that basis is determined afterwards, and the private key of self preserving, be encrypted the cryptographic Hash of this data message, and generating digital signature, after being attached to this data message by this digital signature afterwards.
In addition, in embodiments of the present invention in order further to increase the fail safe of transfer of data, can make receiving terminal verify the identity of transmitting terminal, as the node device of transmitting terminal or switching equipment, when sending this data message and digital signature thereof, also send key information and the timestamp information corresponding with the transmitting time of this message.
This data safe transmission method providing due to the embodiment of the present invention is applicable in Industrial Ethernet, in Industrial Ethernet main equipment and between equipment by 1588 agreements carry out accurately to time, therefore can guarantee to keep between every equipment very high clock synchronization accuracy.When this information to be verified is timestamp information, as other equipment of transmitting terminal according to the time of self current this message of transmission, the timestamp information of this current time is carried in message to be sent, sends in the lump the switching equipment as receiving terminal with the digital signature of this data message and this data message.
When the switching equipment as receiving terminal receives timestamp information that other equipment send, data message and digital signature thereof, it to be verified, while being only verified, the identity of this transmitting terminal of guarantee is safe.Concrete when described information to be verified is timestamp information, the timestamp information in the described message of described extraction, this message is verified and comprised:
Switching equipment is according to the source address information of described this message of Receive message, and wherein this source address information comprises source IP information or source MAC information;
According to described source address information and the address information of self, determine the link delay between equipment;
According to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, this message is verified.
Concrete, described according to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, this message is verified and comprised:
According to described link delay, the described timestamp information of extraction, determines the theoretical time that receives described message;
Judge the described theoretical time, and whether the poor absolute value of current receiving time information is less than described time threshold information.
When switching equipment receives the message of other equipment transmissions, extract the timestamp information that this message comprises, and record receives time (the i.e. time of reception of this timestamp of the described message that other equipment send, also be the time of reception of digital information and digital signature thereof), obtain the source address information of this message, wherein this source address information comprises source IP information or source MAC information, according to the source IP information of this message or source MAC information and the address information of self, determine that other equipment of transmitting terminal are to the physical link of switch, according to precision interval clock agreement, calculate switching equipment to the link delay of transmitting terminal.
Switching equipment is according to this link delay calculating and the described timestamp information of extraction, determine the time that receives in theory this message, switching equipment receives the absolute value of the time difference of this message according to theoretical receiving time information and record, can authenticate the identity of other equipment as transmitting terminal, if being attack equipment, this information illegally obtains, the absolute value of the time difference of this theory receiving time information and this message of record reception is less than the threshold value of setting scarcely, if contrary these other equipment have the authority that sends this message, the absolute value of the time difference of this theory receiving time information and this message of record reception is less than the threshold value of setting.
Or, switching equipment is according to the time of the described message of reception of this link delay calculating and record, other equipment in theory determined send the time of this message, the absolute value that switching equipment is poor according to this timestamp information of the theoretical transmission time information of this message and extraction, also can authenticate the identity of other equipment as transmitting terminal, if being attack equipment, this information illegally obtains, the poor absolute value of the theoretical transmission time information of this message and this timestamp information of extraction is less than the threshold value of setting scarcely, if contrary these other equipment have the authority that sends this message, the poor absolute value of the theoretical transmission time information of message and this timestamp information of extraction is less than the threshold value of setting.
A detailed implementation process schematic diagram of a kind of Security Data Transmission based on Industrial Ethernet that Fig. 2 provides for the embodiment of the present invention, this process comprises the following steps:
S201: switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature and timestamp information.
Concrete, other equipment are according to data message to be sent, and the hash algorithm of self preserving, this data message is carried out to Hash operation, determine the cryptographic Hash of this data message, according to the cryptographic Hash of this data message of determining, and the private key of self preserving, cryptographic Hash to this data message is encrypted, generating digital signature, after afterwards this digital signature being attached to this data message, according to the time of self current these data of transmission, the timestamp information of this current time is carried in message to be sent, send in the lump the switching equipment as receiving terminal with the digital signature of this data message and this data message.
S202: switching equipment is according to the source address information of described this message of Receive message, and wherein this source address information comprises source IP information or source MAC information.
S203: switching equipment, according to described source address information and the address information of self, is determined the link delay between equipment.
S204: according to described link delay, the described timestamp information of extraction, determines the theoretical time that receives described message.
S205: whether the poor absolute value that judges this theory time and current receiving time information is less than the threshold value of setting, when judgment result is that while being, carries out step S206, otherwise, determine that this counts message dangerous, by this packet loss.
S206: the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message.
S207: the cryptographic Hash obtaining after the cryptographic Hash of this data message and deciphering is compared, judge that whether the cryptographic Hash of this data message is consistent with the cryptographic Hash of acquisition after deciphering, when judgment result is that while being, carry out step S208, otherwise, determine that this message is dangerous, by this packet loss.
S208: extract the industrial protocol information in described data message, this industrial protocol information of extracting is mated with each industrial protocol information of self preserving, when the match is successful, carry out step S209, otherwise, determine that this data message is dangerous, by this packet loss.
S209: the data message of processing this message.
The information to be verified of carrying in the data that in addition, these other equipment send to switching equipment in embodiments of the present invention can also comprise key information.Concrete, these other equipment as transmitting terminal are according to this data message to be sent, and the hash algorithm of self preserving, and this data message is carried out to Hash operation, determine the cryptographic Hash of this data message.The cryptographic Hash of this data message that basis is determined afterwards, and the private key of self preserving, be encrypted the cryptographic Hash of this data message, and generating digital signature, after being attached to this data message by this digital signature afterwards.
As other equipment of transmitting terminal, in order to increase the fail safe of transfer of data, asymmetric (AES) key of preserving according to self, is encrypted this data message and digital signature thereof.I.e. this unsymmetrical key of this key information in embodiments of the present invention.The digital signature of key information, data message and this data message that other equipment send, can be with form transmission expressly, and for the fail safe of transfer of data, above-mentioned information also can adopt PKI to be encrypted rear transmission to above-mentioned information.Be, after other equipment are encrypted the PKI of the data message after encrypting and digital signature and this unsymmetrical key employing self preservation, to send to switching equipment.
When this information to be verified is key information, described authorization information of preserving according to self, switching equipment is verified and is comprised this information to be verified:
The private key that described switching equipment is preserved according to self, is decrypted the message receiving;
Key information in this message after identification deciphering;
Judge whether this key information can be decrypted this data message and digital signature thereof.
In order to increase the fail safe of transfer of data in Industrial Ethernet, and can verify the identity of transmitting terminal, transmitting terminal can also be when carrying out data transmission in embodiments of the present invention, key information to be verified is carried in data, sends in the lump the switching equipment as receiving terminal with the digital signature of this data message and data message.
When switching equipment receives after above-mentioned information, if above-mentioned information is transmitted with cipher mode, the private key that first switching equipment is preserved according to self, is decrypted above-mentioned information, obtains the digital signature of this key information, data message and this data message after deciphering.
In the information of switching equipment after deciphering, identify key information, this key information is verified, first this switching equipment judges whether this key information can be decrypted data message and the digital signature thereof after encrypting, when this key information can be verified this data message and digital signature thereof, determine that the authentication of this transmitting terminal is passed through.
In addition, in order further to increase the reliability of transfer of data, the PKI that switching equipment is also further preserved according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash in embodiments of the present invention, and this data message is carried out to Hash operation, determine the cryptographic Hash of this digital information; The cryptographic Hash obtaining after the cryptographic Hash of digital information and deciphering is compared; When the cryptographic Hash that obtains after the cryptographic Hash of digital information and deciphering is consistent, the authentication of transmitting terminal is passed through, otherwise, determine that to send other equipment of this message dangerous, by this packet loss.
Another detailed implementation process schematic diagram of a kind of Security Data Transmission based on Industrial Ethernet that Fig. 3 provides for the embodiment of the present invention, this process comprises the following steps:
S301: switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature and key information.
Concrete, other equipment are according to data message to be sent, and the hash algorithm of self preserving, this data message is carried out to Hash operation, determine the cryptographic Hash of this data message, according to the cryptographic Hash of this data message of determining, and the private key of self preserving, cryptographic Hash to this data message is encrypted, generating digital signature, after afterwards this digital signature being attached to this data message, the asymmetric AES key of preserving according to self, this data message and digital signature thereof are encrypted, adopt the private key of self preserving, data message and digital signature thereof to this asymmetric AES key and after encrypting are encrypted, and the information after encrypting is sent to switching equipment.
S302: the PKI that switching equipment is preserved according to self, the data after the encryption receiving are decrypted, obtain asymmetric AES key, and data message and digital signature thereof after encrypting.
S303: adopt this asymmetric AES key to be decrypted data message and digital signature information thereof after encrypting, judge whether asymmetric AES key can be decrypted this data message and digital signature thereof, in the time can deciphering, carry out step S304, otherwise, determine that this data message is dangerous, by this packet loss.
S304: the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message.
S305: the cryptographic Hash obtaining after the cryptographic Hash of data message and deciphering is compared, judge that whether the cryptographic Hash of acquisition is consistent after the cryptographic Hash of data message and deciphering, when judgment result is that while being, carry out step S306, otherwise, determine that this data message is dangerous, by this packet loss.
S306: extract the industrial protocol information in described data message.
S307: this industrial protocol information of extracting is mated with each industrial protocol information of self preserving, when the match is successful, carry out step S308, otherwise, determine that this data message is dangerous, by this packet loss
S308: the data message of processing this message.
In the invention process in order further to increase the fail safe of transfer of data, reduce the risk that data plaintext transmission exists, other equipment are after having determined the digital signature of data message, the asymmetric AES key of preserving according to self, this data message and digital signature thereof are encrypted, adopt the PKI of self preserving, data message and digital signature thereof to this asymmetric AES key and after encrypting are encrypted, afterwards, according to the time of self current this message of transmission, the timestamp information of this current time is carried in message to be sent, this timestamp information is sent to switching equipment in the lump.
When switching equipment receives after this message sending in the lump, identify the timestamp information in this message, according to the time that receives this message, and and as the link delay between other equipment of transmitting terminal, determine the theoretical transmission time information of these other equipment, according to this theory transmission time information and this timestamp information determined, identity to this transmitting terminal is verified, when being verified, the private key of preserving according to self, information after the encryption receiving is decrypted, obtain asymmetric AES key, and data message and digital signature information thereof after encrypting.Adopt this asymmetric AES key to be decrypted data message and digital signature information thereof after encrypting, according to whether can further the identity of this transmitting terminal being verified by successful decryption, thus the fail safe that improves transfer of data.
When being verified, the PKI that this switching equipment can also be preserved according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this digital information; The cryptographic Hash obtaining after the cryptographic Hash of digital information and deciphering is compared; Whether the cryptographic Hash and the rear cryptographic Hash obtaining of deciphering that judge digital information be consistent, comes the fail safe to this message source identity again to verify, further improved the fail safe of transfer of data.
In addition, in order further to improve the fail safe of transfer of data in Industrial Ethernet, feature in conjunction with Industrial Ethernet networking model, after the authentication of transmitting terminal is passed through, the present invention also verifies the fail safe of data message by the industrial protocol information of data message, and described industrial protocol information comprises: industrial protocol type feature code and industrial protocol keyword;
Described the described industrial protocol information of extracting mated and comprised with each industrial protocol information of self preservation:
Extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving; When the match is successful, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving; Or,
Extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving, when the match is successful, extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving.
Concrete, switching equipment is being verified sending the identity of other equipment of described message for the first time by key information and timestamp information, after the authentication for the second time of carrying out Hash operation with data message by after deciphering and having compared with cryptographic Hash that this message comprises, extract industrial protocol type feature code and the industrial protocol keyword of this data message, in the industrial protocol type feature code storehouse of preserving at self and industrial protocol key word library, mate respectively.Wherein, described industrial protocol type feature code comprises EtherCAT, Powerlink, IEC61850GOOSE, IEC61850SV, PROFinet, Modbus TCP and IEC61850MMS etc.
A kind of data safe transmission system structural representation based on Industrial Ethernet that Fig. 4 provides for the embodiment of the present invention, this system comprises:
Other equipment 41, for sending message to switching equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Switching equipment 42, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving; When the match is successful, process this data message.
The structural representation of a kind of Security Data Transmission device based on Industrial Ethernet that Fig. 5 provides for the embodiment of the present invention, this device comprises:
Receiver module 51, the message sending for receiving other equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Authentication module 52, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving;
Processing module 53, for when the match is successful, processes this data message.
Described authentication module 52, specifically for according to the source address information of described this message of Receive message, wherein this source address information comprises source IP information or source MAC information; According to described source address information and the address information of self, determine the link delay between equipment; According to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, this message is verified.
Described authentication module 52, specifically for according to described link delay, the described timestamp information of extraction, determines the theoretical time that receives described message; Judge the described theoretical time, and whether the poor absolute value of current receiving time information is less than described time threshold information.
Described authentication module 52, specifically for extracting the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mates with each industrial protocol type feature code of self preserving; When the match is successful, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving; Or, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving, when the match is successful, extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving.
This device is arranged in receiving device.
The structural representation of a kind of Security Data Transmission device based on Industrial Ethernet that Fig. 6 provides for the embodiment of the present invention, this device comprises:
The first encrypting module 61, for according to data message to be sent, and the hash algorithm of preserving, determines the cryptographic Hash of this data white list;
The second encrypting module 62, for according to the private key of the cryptographic Hash of this data message of determining and self preservation, determines the digital signature of this data message;
Sending module 63, for according to current transmission time information, is carried at current timestamp in data, sends to other device together with this data message and digital signature thereof; Or according to the digital signature of this data message and definite this data message, the unsymmetrical key of adopt preserving is encrypted this data message and digital signature thereof, and the data message after encrypting and digital signature thereof are sent to other device after together with this asymmetric-key encryption.
This device is arranged in sending ending equipment.
The embodiment of the present invention provides a kind of data safe transmission method, system and device based on Industrial Ethernet, in the method, switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature, timestamp information and key information; Extract the timestamp information in described message, this message is verified, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving; When the match is successful, process this data message.Because the authorization information that switching equipment is preserved according to self is in embodiments of the present invention carried out Information Authentication to the data message receiving, and by the coupling identification of industrial protocol information, this data message is carried out to secondary checking, thereby reach the object that the fail safe of message data information is verified, therefore, the method has improved the fail safe of transfer of data in industrial network.
Those skilled in the art should understand, the application's embodiment can be provided as method, system or computer program.Therefore, the application can adopt complete hardware implementation example, implement software example or in conjunction with the form of the embodiment of software and hardware aspect completely.And the application can adopt the form that wherein includes the upper computer program of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code one or more.
The application is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present application, equipment (system) and computer program.Should understand can be in computer program instructions realization flow figure and/or block diagram each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction of carrying out by the processor of computer or other programmable data processing device is produced for realizing the device in the function of flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame on computer or other programmable devices.
Although described the application's preferred embodiment, once those skilled in the art obtain the basic creative concept of cicada, can make other change and modification to these embodiment.So claims are intended to all changes and the modification that are interpreted as comprising preferred embodiment and fall into the application's scope.
Obviously, those skilled in the art can carry out various changes and modification and the spirit and scope that do not depart from the application to the application.Like this, if within these of the application are revised and modification belongs to the scope of the application's claim and equivalent technologies thereof, the application is also intended to comprise these changes and modification interior.

Claims (10)

1. the data safe transmission method based on Industrial Ethernet, is characterized in that, described method comprises:
Switching equipment receives the message that other equipment send, and wherein said message comprises data message, its digital signature, timestamp information and key information;
Extract the timestamp information in described message, this message is verified, and according to the key information of preserving, this message is verified;
When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message;
The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared;
When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message;
The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving;
When the match is successful, process this data message.
2. the method for claim 1, is characterized in that, the timestamp information in the described message of described extraction is verified and comprised this message:
Switching equipment is according to the source address information of described this message of Receive message, and wherein this source address information comprises source IP information or source MAC information;
According to described source address information and the address information of self, determine the link delay between equipment;
According to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, this message is verified.
3. method as claimed in claim 2, is characterized in that, described according to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, and this message is verified and comprised:
According to described link delay, the described timestamp information of extraction, determines the theoretical time that receives described message;
Judge the described theoretical time, and whether the poor absolute value of current receiving time information is less than described time threshold information.
4. the method for claim 1, is characterized in that, described according to the key information of preserving, and this message is verified and comprised:
The private key that described switching equipment is preserved according to self, is decrypted the message receiving;
Key information in this message after identification deciphering;
Judge whether this key information can be decrypted this data message and digital signature thereof.
5. the method for claim 1, is characterized in that, described industrial protocol information comprises: industrial protocol type feature code and industrial protocol keyword;
Described the described industrial protocol information of extracting mated and comprised with each industrial protocol information of self preservation:
Extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving; When the match is successful, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving; Or,
Extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving, when the match is successful, extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving.
6. the data safe transmission system based on Industrial Ethernet, is characterized in that, described system comprises:
Other equipment, for sending message to switching equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Switching equipment, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving; When the match is successful, process this data message.
7. the Security Data Transmission device based on Industrial Ethernet, is characterized in that, described device comprises:
Receiver module, the message sending for receiving other equipment, wherein said message comprises data message, its digital signature, timestamp information and key information;
Authentication module, for extracting the timestamp information of described message, verifies this message, and according to the key information of preserving, this message is verified; When being verified, the PKI of preserving according to self is decrypted this digital signature, obtains its corresponding cryptographic Hash, and this data message is carried out to Hash operation, determines the cryptographic Hash of this data message; The rear cryptographic Hash obtaining of the cryptographic Hash of this data message and deciphering is compared; When judging that the cryptographic Hash of this data message and the cryptographic Hash of the rear acquisition of deciphering are consistent, extract the industrial protocol information in described data message; The described industrial protocol information of extracting is mated with each industrial protocol information of self preserving;
Processing module, for when the match is successful, processes this data message.
8. device as claimed in claim 7, is characterized in that, described authentication module, and specifically for according to the source address information of described this message of Receive message, wherein this source address information comprises source IP information or source MAC information; According to described source address information and the address information of self, determine the link delay between equipment; According to the described timestamp information of described link delay, extraction, current receiving time information and the time threshold information of preservation, this message is verified.
9. device as claimed in claim 7, is characterized in that, described authentication module, and specifically for according to described link delay, the described timestamp information of extraction, determines the theoretical time that receives described message; Judge the described theoretical time, and whether the poor absolute value of current receiving time information is less than described time threshold information.
10. device as claimed in claim 7, is characterized in that, described industrial protocol information comprises: industrial protocol type feature code and industrial protocol keyword; Described authentication module, specifically for extracting the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mates with each industrial protocol type feature code of self preserving; When the match is successful, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving; Or, extract the industrial protocol keyword in described data message; The described industrial protocol keyword extracting is mated with each industrial protocol keyword of self preserving, when the match is successful, extract the industrial protocol type feature code in described data message, by the described industrial protocol type feature code extracting, mate with each industrial protocol type feature code of self preserving.
CN201310412456.4A 2013-09-11 2013-09-11 Safe data transmission method, system and device based on industrial Ethernet Active CN103581173B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310412456.4A CN103581173B (en) 2013-09-11 2013-09-11 Safe data transmission method, system and device based on industrial Ethernet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310412456.4A CN103581173B (en) 2013-09-11 2013-09-11 Safe data transmission method, system and device based on industrial Ethernet

Publications (2)

Publication Number Publication Date
CN103581173A true CN103581173A (en) 2014-02-12
CN103581173B CN103581173B (en) 2017-02-22

Family

ID=50052103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310412456.4A Active CN103581173B (en) 2013-09-11 2013-09-11 Safe data transmission method, system and device based on industrial Ethernet

Country Status (1)

Country Link
CN (1) CN103581173B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015035576A1 (en) * 2013-09-11 2015-03-19 北京东土科技股份有限公司 Secure data transmission method, system and device based on industrial ethernet
CN104579627A (en) * 2014-12-06 2015-04-29 上海移远通信技术有限公司 Data encryption method and system
CN104917765A (en) * 2015-06-10 2015-09-16 杭州华三通信技术有限公司 Attack prevention method, and equipment
WO2016065647A1 (en) * 2014-10-31 2016-05-06 西安酷派软件科技有限公司 Mic verification method in d2d communications and d2d communications system
CN105721500A (en) * 2016-04-10 2016-06-29 北京工业大学 TPM-based Modbus/TCP security enhancement method
CN105978798A (en) * 2016-06-29 2016-09-28 深圳中兴网信科技有限公司 Message encryption transmission method, terminal and server
CN106597903A (en) * 2016-12-26 2017-04-26 刘震 System for perceiving environment of stationary position
CN107547559A (en) * 2017-09-20 2018-01-05 新华三信息安全技术有限公司 A kind of message processing method and device
CN107979470A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 For signature server, the method for terminal and signature server, terminal
CN108471430A (en) * 2018-07-03 2018-08-31 杭州安恒信息技术股份有限公司 A kind of Internet of Things embedded-type security means of defence and device
CN108718339A (en) * 2018-05-23 2018-10-30 杭州优行科技有限公司 Data processing method, device and server
CN109345665A (en) * 2018-09-18 2019-02-15 金邦达有限公司 A kind of separate type novel intelligent door-locking system and its working method
CN109613898A (en) * 2018-12-13 2019-04-12 四川永能油气技术开发有限公司 A kind of enterprise's creation data monitoring method based on industrial Internet of Things
CN111371786A (en) * 2020-03-04 2020-07-03 盛科网络(苏州)有限公司 Encryption method and device for clock synchronization messages between Ethernet devices
CN113259347A (en) * 2021-05-12 2021-08-13 东信和平科技股份有限公司 Equipment safety system and equipment behavior management method in industrial Internet
CN113824705A (en) * 2021-09-10 2021-12-21 浙江大学 Safety reinforcement method for Modbus TCP (transmission control protocol)
CN115549983A (en) * 2022-09-14 2022-12-30 电子科技大学 Safety authentication device and method of IPv6 network transmission equipment based on time synchronization
CN116684203A (en) * 2023-08-03 2023-09-01 南京南自华盾数字技术有限公司 Method and system for realizing ModbusTCP protocol security protection without code variation
CN116980230A (en) * 2023-09-19 2023-10-31 深圳市众志天成科技有限公司 Information security protection method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137095A (en) * 2010-12-29 2011-07-27 中国电力科学研究院 Industrial control system data exchange safety protection method and system and device thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102137095A (en) * 2010-12-29 2011-07-27 中国电力科学研究院 Industrial control system data exchange safety protection method and system and device thereof

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015035576A1 (en) * 2013-09-11 2015-03-19 北京东土科技股份有限公司 Secure data transmission method, system and device based on industrial ethernet
WO2016065647A1 (en) * 2014-10-31 2016-05-06 西安酷派软件科技有限公司 Mic verification method in d2d communications and d2d communications system
US10531290B2 (en) 2014-10-31 2020-01-07 Nanchang Coolpad Intelligent Technology Company Limited Mic verification method in D2D communications and D2D communications system
CN104579627B (en) * 2014-12-06 2018-06-05 上海移远通信技术股份有限公司 A kind of data ciphering method and system
CN104579627A (en) * 2014-12-06 2015-04-29 上海移远通信技术有限公司 Data encryption method and system
CN104917765A (en) * 2015-06-10 2015-09-16 杭州华三通信技术有限公司 Attack prevention method, and equipment
CN105721500B (en) * 2016-04-10 2019-01-15 北京工业大学 A kind of safe Enhancement Method of the Modbus/TCP agreement based on TPM
CN105721500A (en) * 2016-04-10 2016-06-29 北京工业大学 TPM-based Modbus/TCP security enhancement method
CN105978798A (en) * 2016-06-29 2016-09-28 深圳中兴网信科技有限公司 Message encryption transmission method, terminal and server
CN107979470A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 For signature server, the method for terminal and signature server, terminal
CN106597903A (en) * 2016-12-26 2017-04-26 刘震 System for perceiving environment of stationary position
CN107547559A (en) * 2017-09-20 2018-01-05 新华三信息安全技术有限公司 A kind of message processing method and device
CN107547559B (en) * 2017-09-20 2021-07-20 新华三信息安全技术有限公司 Message processing method and device
CN108718339A (en) * 2018-05-23 2018-10-30 杭州优行科技有限公司 Data processing method, device and server
CN108471430A (en) * 2018-07-03 2018-08-31 杭州安恒信息技术股份有限公司 A kind of Internet of Things embedded-type security means of defence and device
CN109345665A (en) * 2018-09-18 2019-02-15 金邦达有限公司 A kind of separate type novel intelligent door-locking system and its working method
CN109613898A (en) * 2018-12-13 2019-04-12 四川永能油气技术开发有限公司 A kind of enterprise's creation data monitoring method based on industrial Internet of Things
CN109613898B (en) * 2018-12-13 2020-09-11 四川永能油气技术开发有限公司 Enterprise production data monitoring method based on industrial Internet of things
CN111371786A (en) * 2020-03-04 2020-07-03 盛科网络(苏州)有限公司 Encryption method and device for clock synchronization messages between Ethernet devices
CN113259347A (en) * 2021-05-12 2021-08-13 东信和平科技股份有限公司 Equipment safety system and equipment behavior management method in industrial Internet
CN113259347B (en) * 2021-05-12 2022-11-18 东信和平科技股份有限公司 Equipment safety system and equipment behavior management method in industrial Internet
CN113824705A (en) * 2021-09-10 2021-12-21 浙江大学 Safety reinforcement method for Modbus TCP (transmission control protocol)
CN113824705B (en) * 2021-09-10 2022-05-10 浙江大学 Safety reinforcement method for Modbus TCP (transmission control protocol)
CN115549983A (en) * 2022-09-14 2022-12-30 电子科技大学 Safety authentication device and method of IPv6 network transmission equipment based on time synchronization
CN116684203A (en) * 2023-08-03 2023-09-01 南京南自华盾数字技术有限公司 Method and system for realizing ModbusTCP protocol security protection without code variation
CN116684203B (en) * 2023-08-03 2023-12-22 南京南自华盾数字技术有限公司 Method and system for realizing ModbusTCP protocol security protection without code variation
CN116980230A (en) * 2023-09-19 2023-10-31 深圳市众志天成科技有限公司 Information security protection method and device
CN116980230B (en) * 2023-09-19 2023-12-01 深圳市众志天成科技有限公司 Information security protection method and device

Also Published As

Publication number Publication date
CN103581173B (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN103581173A (en) Safe data transmission method, system and device based on industrial Ethernet
CN111835752B (en) Lightweight authentication method based on equipment identity and gateway
CN109600350B (en) System and method for secure communication between controllers in a vehicle network
CN109257327B (en) Communication message safety interaction method and device for power distribution automation system
CN101917270B (en) Weak authentication and key agreement method based on symmetrical password
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
US10567428B2 (en) Secure wireless ranging
CN105656859B (en) Tax control equipment software safety online upgrading method and system
IL261137A (en) System and method for performing secure communications
CN103095460B (en) Intelligent card safety communication method
US10439801B2 (en) Entity authentication method and device based on pre-shared key
CN101478548B (en) Data transmission ciphering and integrity checking method
CN103491072A (en) Boundary access control method based on double one-way separation gatekeepers
CN104821944A (en) Hybrid encryption network data security method and system
KR101608815B1 (en) Method and system for providing service encryption in closed type network
CN109309566B (en) Authentication method, device, system, equipment and storage medium
JP2019022115A (en) Synchronization system, communication device, synchronization program, and synchronization method
CN112671710B (en) Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method
RU2645597C2 (en) Method of authentication in data hidden terminal transmission channel
CN101958907A (en) Method, system and device for transmitting key
CN105791258A (en) Data transmission method, terminal and open platform
CN113472520A (en) ModbusTCP (Transmission control protocol) security enhancement method and system
CN104125239A (en) Network authentication method and system based on data link encryption transmission
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN109451504B (en) Internet of things module authentication method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190513

Address after: 100041 Beijing Shijingshan District, Shixing Street, No. 30 Courtyard, No. 2 Building, 8th to 12th floors, 901

Co-patentee after: Shanghai Dongtu vision Industrial Technology Co. Ltd.

Patentee after: Beijing Dongtu Technology Co., Ltd.

Address before: 100041 Chongxin Creative Building, 18 Shixing East Street, Shijingshan District, Beijing

Patentee before: Beijing Dongtu Technology Co., Ltd.

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20140212

Assignee: Hubei Dongtu Taiyi Wisdom Technology Co., Ltd.

Assignor: Beijing Dongtu Technology Co., Ltd.|Shanghai Dongtu vision Industrial Technology Co. Ltd.

Contract record no.: 2019990000250

Denomination of invention: Safe data transmission method, system and device based on industrial Ethernet

Granted publication date: 20170222

License type: Common License

Record date: 20190723