CN104320332A - Multi-protocol industrial communication safety gateway and communication method with gateway applied - Google Patents
Multi-protocol industrial communication safety gateway and communication method with gateway applied Download PDFInfo
- Publication number
- CN104320332A CN104320332A CN201410638244.2A CN201410638244A CN104320332A CN 104320332 A CN104320332 A CN 104320332A CN 201410638244 A CN201410638244 A CN 201410638244A CN 104320332 A CN104320332 A CN 104320332A
- Authority
- CN
- China
- Prior art keywords
- data
- gateway
- management
- security
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a multi-protocol industrial communication safety gateway and a communication method with the gateway applied. In the data communication process, a source gateway encrypts data through a secret key management mechanism module and a VPN encryption and decryption module and then sends the data to a target gateway. The target gateway decrypts the data through the VPN encryption and decryption module, and provides safe detection and control service for data communication through a safety domain safety protection module; if the data are safe, secret key decryption is carried out on application layer data, the types of the application layer data are judged, an application management safety module is used for management if the application layer data are application management data, and an application layer message detecting and filtering module is called for detecting and filtering messages if the application layer data are application layer messages. The mode of combination of the VPN encryption and decryption, the secret key encryption and decryption, and the application layer message detecting and filtering is adopted for communication safety assurance; the safety domain safety protection and the application safety management are adopted for gateway application safety assurance.
Description
Technical field
The present invention relates to a kind of security gateway product, particularly relate to a kind of multi-protocol industry communication secure gateway and apply the communication means of this gateway.
Background technology
Exchanges data between general industry net control needs industrial communication gateway to change, because industrial control network data communication relates to multiple industrial communication protocol, Industry Control gateway compares focuses on protocol data conversion, existing universal gateway, mostly only for a kind of agreement, therefore cannot be applied directly in industrial control network.And the security protection of existing gateway is weaker, the communication security of industrial control network cannot be ensured.
Summary of the invention
For solving the problem, the invention provides a kind of communication secure gateway supporting multiple industrial control communication agreement, data communications security and gateway application safety can be ensured.
Multi-protocol industry communication secure gateway of the present invention, comprising:
Key management mechanism module, carries out encryption and decryption management and the encryption and decryption to application layer data for adopting the Digital Envelope Technology of asymmetric arithmetic key management to the management of key and acquisition process; Application layer data refers to and to arrive or through the remote backup data of the management data of security gateway, industrial communication protocol data and gateway daily record;
VPN encryption/decryption module, for carrying out VPN encryption and decryption to visit data; Visit data refers to all arrival or the data through gateway, comprises the data of secret key encryption, can carry out double-encryption like this, at utmost ensure the safety of communication data to important communication data;
Security domain safety protection module, for providing virus defense, intrusion prevention, application identification, flow control, NAT process safety detection and controlling service to data communication;
Application layer packet check and filtering module, for carrying out message format detection and the IP address filtering based on white list to application layer-management data message and daily record remote backup data message, and message format detection and the filtration based on the IP address of white list, instruction, sensitive data are carried out to application layer industrial communication data message;
Application management security module is used for carrying out login management, rights management and security audit to data communication.
Gateway of the present invention both can be used as source gateway, also can be used as intended gateway.When data communication, source gateway sends to intended gateway after utilizing key management mechanism module and VPN encryption/decryption module to be encrypted data.Intended gateway is decrypted by VPN encryption/decryption module, then utilizes security domain safety protection module, provides safety detection and control service to data communication; If data security, then secret key decryption is carried out to application layer data; Judge application layer data type, if application management data then utilize application management security module to manage, if application layer message then calls application layer packet check and filtering module is detected chimney filter reason to message.
The present invention adopts VPN to encrypt the mode that to combine with secret key encryption, can the high safety of safeguards system communication data.VPN agency carries out the encapsulation of fail safe to packet and is encrypted simultaneously, transmit again after built-in compression algorithm is compressed data stream, the bandwidth of the required actual linking Internet of bandwidth ratio is much lower, virtually dramatically saves on bandwidth and improve the forwarding speed of data flow, and ensure that the fail safe of data in Internet Transmission.Secret key encryption is encrypted for application layer data, ensure that the safety of application layer data.The cooperatively interact fail safe of the safety, particularly application layer data both ensured in data output process of two kinds of encryptions reaches high security intensity grade.
Further, VPN encryption and decryption mode is the one in IPSec, GRE, SSL, L2TP.
Further, described application layer packet check and filtering module comprise white list management, security policy manager, protocol detection, protocol filtering.Gateway is based on white list patten's design safety function, and white list had both comprised the white list of IP address and port numbers, also comprises the instruction of agreement and the white list of register address access.Gateway provides security strategy for all leading subscribers, system provides 1000 kinds of Security Strategies, gateway carries out protocol detection and filtration according to the security strategy provided and communication protocol itself to communication data, forwards after protocol detection and the data key-encrypted be filtered through, VPN encryption.
Further, described login management comprises identity verify, multiple discriminating, differentiates the management of failure handling, login-timeout.Gateway has system manager, safety officer, audit administrator 3 kinds of administrator roles, and each role has different authorities, must conduct interviews in the authority possessed and operate.
Further, described security audit refers to that system carries out security audit to VPN encryption and decryption, key encryption and decryption, security domain security protection, application management, packet check and filtration behavior, forms audit log, and provides classified inquiry and the storage administration of daily record.
Further, described application safety administration module takes user name password and digital certificate two kinds of modes to carry out identity verify simultaneously.Gateway adopts Remote WEB mode to carry out administration configuration to gateway, and therefore having application safety administration module for gateway provides security protection.Application safety administration module provides two kinds of identity verify, only has two kinds of modes all to differentiate just can login system to configure successfully, when generation repeatedly differentiates that unsuccessfully, termination is served and the User IP of login and user piped off by system.Distribute authority according to identity after user logs in, system is carried out to the operations such as optimum configurations.Business datums such as recording all parameter managements through gateway, safety inspection, protocol filtering is carried out follow-up auditing by security audit function, ensures the comprehensive Audit control of operation of gateway.
This gateway is supported based on the agreement of Industrial Ethernet and the industrial protocol based on RS485 bus.Agreement based on Industrial Ethernet has BACNet/IP, Ethnet/IP, DNP3, Modbus/TCP etc., and the industrial protocol based on RS485 bus has Modbus-RTU, DLT645-2007, CJ/T188-1999 etc.
Apply the communication means of described multi-protocol industry communication secure gateway, comprise source gateway and intended gateway, source gateway and intended gateway are distributed between the supervising the network of industrial control network and net control, comprise the following steps:
S1, source gateway to sent the advanced row secret key encryption of qualified data, then are sent to intended gateway after carrying out VPN encryption;
The data received are carried out VPN deciphering and secret key decryption by S2, intended gateway, security domain security protection and application safety management are carried out to data communication simultaneously, by the application layer data after deciphering after application layer packet check and filtering module detect and filter, qualified data are forwarded.Security domain security protection provides the System Safety Guarantees such as anti-virus, Network Intrusion, Flow Control, application identification, NAT service for gateway, and application safety management provides the application safeties such as configuration registry management, right assignment management, security audit management to ensure for gateway.
The concrete steps of S2 step are as follows:
S2-1, VPN deciphering is carried out to the data separate security domain safety protection module received, if VPN data bag is destroyed, data stop, and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse; Otherwise obtain key from remote cipher key server, and utilize double secret key application data to carry out data deciphering;
Whether S2-2, judgement encrypted data are destroyed, if destroyed, then data stop and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse, otherwise determine whether system configuration data, if so, then enter S2-3 step; If not, then enter S2-4 step;
S2-3, enter system configuration and log in identification system and differentiate, differentiates arrange system parameters successfully and carry out security audit, record discriminating time, source address, discriminating user, identification result information, formation audit log is also stored into gateway data storehouse; Differentiate unsuccessful, carry out discriminating failure handling;
S2-4, decision data are communication service data, the type of industrial control protocols is obtained by security strategy, and check form and the agreement verification of agreement, protocol testing is qualified enters S2-5 protocol filtering step, otherwise data stop and carry out security audit, recording events time, source address, destination address, check result information, form audit log and be stored into gateway data storehouse;
S2-5, protocol filtering function obtain security strategy and obtain white list, and protocol data is filtered, data qualifier carries out data retransmission, otherwise carry out data to stop and security audit, recording events time, source address, destination address, filter result information, form audit log and be stored into gateway data storehouse.
Further, described discriminating failure handling is for differentiate to stop unsuccessfully service routine, if more than 3 login failures in the same account short time, entry address and the account are added blacklist and forbid again accessing, and carry out security audit, the information such as record discriminating time, source address, discriminating user, identification result, form audit log and are stored into gateway data storehouse.
Beneficial effect of the present invention:
1, the mode adopting 3 kinds of measures such as VPN encryption and decryption, key encryption and decryption, application layer packet check and filtration to combine carries out communication security guarantee.Three kinds of communication security safeguard measures will guarantee the high security intensity of industrial control network data communication, particularly apply the detection of message and will filter and can effectively stop misoperation or artificial destruction, ensure the safety of industrial equipment and equipment use, maintenance personal.
2, adopt security domain security protection and application safety to manage two kinds of measures and carry out gateway application safety assurance.Security domain security protection mainly provides the protection to exterior gateway base layer support system such as (SuSE) Linux OS, such as virus defense, intrusion prevention, flow control, application identification, NAT process etc.Application safety management ensures the safety of the setting options such as the optimum configurations of gateway mainly through measures such as user's login, user rights.And security audit formation audit log is carried out to all behaviors of gateway, the behavior record of gateway can be reviewed like this, and analyze potential threat or infringement.
3, gateway supports various protocols, is applicable to building automation, SCADA and other industrial DCS system.
Accompanying drawing explanation
Fig. 1 is the system deployment diagram of security gateway of the present invention;
Fig. 2 is the fundamental diagram of security gateway of the present invention;
Fig. 3 is the flow chart of communication means of the present invention.
Embodiment
A kind of multi-protocol industry communication secure gateway, comprising:
Key management mechanism module, carries out encryption and decryption management and the encryption and decryption to application layer data for adopting the Digital Envelope Technology of asymmetric arithmetic key management to the management of key and acquisition process; Application layer data refers to and to arrive or through the remote backup data of the management data of security gateway, industrial communication protocol data and gateway daily record;
VPN encryption/decryption module, for carrying out VPN encryption and decryption to visit data; Visit data refers to all arrival or the data through gateway, comprises the data of secret key encryption, can carry out double-encryption like this, at utmost ensure the safety of communication data to important communication data; VPN encryption and decryption mode is the one in IPSec, GRE, SSL, L2TP.
Security domain safety protection module, for providing virus defense, intrusion prevention, application identification, flow control, NAT process safety detection and controlling service to data communication;
Application layer packet check and filtering module, for carrying out message format detection and the IP address filtering based on white list to application layer-management data message and daily record remote backup data message, and message format detection and the filtration based on the IP address of white list, instruction, sensitive data are carried out to application layer industrial communication data message;
Application management security module is used for carrying out login management, rights management and security audit to data communication.Wherein, login management comprises identity verify, multiple discriminating, differentiates the management of failure handling, login-timeout.Gateway has system manager, safety officer, audit administrator 3 kinds of administrator roles, and each role has different authorities, must conduct interviews in the authority possessed and operate.Security audit refers to that system carries out security audit to VPN encryption and decryption, key encryption and decryption, security domain security protection, application management, packet check and filtration behavior, forms audit log, and provides classified inquiry and the storage administration of daily record.Application safety administration module takes user name password and digital certificate two kinds of modes to carry out identity verify simultaneously.Two kinds of modes are only had all to differentiate just can login system to configure successfully, when generation repeatedly differentiates that unsuccessfully, termination is served and the User IP of login and user piped off by system.
This gateway is supported based on the agreement of Industrial Ethernet and the industrial protocol based on RS485 bus.Agreement based on Industrial Ethernet has BACNet/IP, Ethnet/IP, DNP3, Modbus/TCP etc., and the industrial protocol based on RS485 bus has Modbus-RTU, DLT645-2007, CJ/T188-1999 etc.
Fig. 1 is the system deployment diagram of security gateway.By gateway deployment between the supervising the network and net control of industrial control network, management gateway is disposed at supervising the network, net control is disposed and is controlled gateway, management gateway carries out exchanges data with control gateway through industrial local network, and management gateway and control gateway can as source gateway or intended gateways.
Fig. 2 mainly illustrates the fundamental diagram of security gateway.Qualified transmission data are sent to intended gateway by source gateway after secret key encryption and VPN encryption, intended gateway receives data and after VPN deciphering and secret key decryption, the application layer data after deciphering is detected through application layer packet check and filtering module and after filtration, qualified data forwarded.Security domain security protection provides the System Safety Guarantee such as anti-virus, Network Intrusion, flow control, application identification, NAT service for gateway, and application safety management provides the application safety guarantees such as configuration registry management, right assignment management, security audit management for gateway.
Fig. 3 is the method flow diagram utilizing security gateway of the present invention to securely communicate, and in figure, main presentation is the handling process of intended gateway to data, and source gateway is just encrypted data, and detailed process is not shown in the drawings.This communication means comprises the following steps:
S1, source gateway to sent the advanced row secret key encryption of qualified data, then are sent to intended gateway after carrying out VPN encryption.
S2, intended gateway are to the decrypt data received and detection and filtration treatment:
S2-1, VPN deciphering is carried out to the data separate security domain safety protection module received, if VPN data bag is destroyed, data stop, and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse; Otherwise obtain key from remote cipher key server, and utilize double secret key application data to carry out data deciphering.
Whether S2-2, judgement encrypted data are destroyed, if destroyed, then data stop and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse, otherwise determine whether system configuration data (whether being meet https data), if so, then enter S2-3 step; If not, then enter S2-4 step.
S2-3, enter system configuration log in identification system differentiate, identification system utilizes user name password and the multiple identification method of digital certificate, differentiate that successfully carrying out rights management gives authority to keeper, and whether detect user's login overtime, if time-out needs again to log in, otherwise enters system parameter setting, after being provided with, carry out security audit, record discriminating time, source address, discriminating user, identification result information, form audit log and be stored into gateway data storehouse.Differentiate unsuccessful, carry out discriminating failure handling, differentiate to stop service routine unsuccessfully, if more than 3 login failures in the same account short time, entry address and the account are added blacklist and forbid again accessing, and carry out security audit, the information such as record discriminating time, source address, discriminating user, identification result, form audit log and are stored into gateway data storehouse.
If S2-4 system data is not system configuration data, but communication service data, the type of industrial control protocols is obtained by security strategy, and check form and the agreement verification of agreement, protocol testing is qualified enters S2-5 protocol filtering step, otherwise data stop and carry out security audit, recording events time, source address, destination address, check result information, form audit log and be stored into gateway data storehouse;
S2-5, protocol filtering function obtain security strategy and obtain white list, and protocol data is filtered, data qualifier carries out data retransmission, otherwise carry out data to stop and security audit, recording events time, source address, destination address, filter result information, form audit log and be stored into gateway data storehouse.
Claims (10)
1. a multi-protocol industry communication secure gateway, is characterized in that comprising:
Key management mechanism module, carries out encryption and decryption management and the encryption and decryption to application layer data for adopting the Digital Envelope Technology of asymmetric arithmetic key management to the management of key and acquisition process;
VPN encryption/decryption module, for carrying out VPN encryption and decryption to visit data;
Security domain safety protection module, for providing virus defense, intrusion prevention, application identification, flow control, NAT process safety detection and controlling service to data communication;
Application layer packet check and filtering module, for carrying out message format detection and the IP address filtering based on white list to application layer-management data message and daily record remote backup data message, and message format detection and the filtration based on the IP address of white list, instruction, sensitive data are carried out to application layer industrial communication data message;
Application management security module is used for carrying out login management, rights management and security audit to data communication.
2. multi-protocol industry communication secure gateway according to claim 1, is characterized in that: VPN encryption and decryption mode is the one in IPSec, GRE, SSL, L2TP.
3. multi-protocol industry communication secure gateway according to claim 1, is characterized in that: described application layer packet check and filtering module comprise white list management, security policy manager, protocol detection, protocol filtering.
4. multi-protocol industry communication secure gateway according to claim 1, is characterized in that: described login management comprises identity verify, multiple discriminating, differentiates the management of failure handling, login-timeout.
5. multi-protocol industry communication secure gateway according to claim 1, it is characterized in that: described security audit refers to that system carries out security audit to VPN encryption and decryption, key encryption and decryption, security domain security protection, application management, packet check and filtration behavior, form audit log, and classified inquiry and the storage administration of daily record are provided.
6. multi-protocol industry communication secure gateway according to claim 1, is characterized in that: described application safety administration module takes user name password and digital certificate two kinds of modes to carry out identity verify simultaneously.
7. the multi-protocol industry communication secure gateway according to any one of claim 1-6, is characterized in that: this gateway is supported based on the agreement of Industrial Ethernet and the industrial protocol based on RS485 bus.
8. apply the communication means of multi-protocol industry communication secure gateway described in power 7, comprise source gateway and intended gateway, source gateway and intended gateway are distributed between the supervising the network of industrial control network and net control, it is characterized in that: comprise the following steps:
S1, source gateway to sent the advanced row secret key encryption of qualified data, then are sent to intended gateway after carrying out VPN encryption;
The data received are carried out VPN deciphering and secret key decryption by S2, intended gateway, security domain security protection and application safety management are carried out to data communication simultaneously, by the application layer data after deciphering after application layer packet check and filtering module detect and filter, qualified data are forwarded.
9. communication means according to claim 8, is characterized in that: the concrete steps of S2 step are as follows:
S2-1, VPN deciphering is carried out to the data separate security domain safety protection module received, if VPN data bag is destroyed, data stop, and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse; Otherwise obtain key from remote cipher key server, and utilize double secret key application data to carry out data deciphering;
Whether S2-2, judgement encrypted data are destroyed, if destroyed, then data stop and carry out security audit, the time that record data are prevented from, source address, destination address, prevention cause information, form audit log and be stored into gateway data storehouse, otherwise determine whether system configuration data, if so, then enter S2-3 step; If not, then enter S2-4 step;
S2-3, enter system configuration and log in identification system and differentiate, differentiates arrange system parameters successfully and carry out security audit, record discriminating time, source address, discriminating user, identification result information, formation audit log is also stored into gateway data storehouse; Differentiate unsuccessful, carry out discriminating failure handling;
S2-4, decision data are communication service data, the type of industrial control protocols is obtained by security strategy, and check form and the agreement verification of agreement, protocol testing is qualified enters S2-5 protocol filtering step, otherwise data stop and carry out security audit, recording events time, source address, destination address, check result information, form audit log and be stored into gateway data storehouse;
S2-5, protocol filtering function obtain security strategy and obtain white list, and protocol data is filtered, data qualifier carries out data retransmission, otherwise carry out data to stop and security audit, recording events time, source address, destination address, filter result information, form audit log and be stored into gateway data storehouse.
10. communication means according to claim 9, it is characterized in that: described discriminating failure handling is for differentiate to stop unsuccessfully service routine, if more than 3 login failures in the same account short time, entry address and the account are added blacklist and forbid again accessing, and carry out security audit, the information such as record discriminating time, source address, discriminating user, identification result, form audit log and are stored into gateway data storehouse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410638244.2A CN104320332A (en) | 2014-11-13 | 2014-11-13 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410638244.2A CN104320332A (en) | 2014-11-13 | 2014-11-13 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104320332A true CN104320332A (en) | 2015-01-28 |
Family
ID=52375506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410638244.2A Pending CN104320332A (en) | 2014-11-13 | 2014-11-13 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104320332A (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN105072025A (en) * | 2015-08-05 | 2015-11-18 | 北京科技大学 | Safe protective gateway and system for modern industrial control system network communication |
| CN105721499A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Information security system of industrial communication security gateway |
| CN105847266A (en) * | 2016-04-07 | 2016-08-10 | 周文奇 | Protection system for key controller for industrial communication |
| CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
| CN106254231A (en) * | 2016-08-18 | 2016-12-21 | 中京天裕科技(北京)有限公司 | A kind of industrial safety encryption gateway based on state and its implementation |
| CN106790309A (en) * | 2017-03-31 | 2017-05-31 | 山东超越数控电子有限公司 | A kind of filtering module for being applied to multi-protocols security gateway system and its application |
| CN107070905A (en) * | 2017-03-31 | 2017-08-18 | 山东超越数控电子有限公司 | A kind of security gateway system for parsing multi-protocols and its application |
| CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN107370759A (en) * | 2017-08-30 | 2017-11-21 | 安徽天达网络科技有限公司 | A kind of network access control system based on IP lockings |
| CN107528836A (en) * | 2017-08-10 | 2017-12-29 | 上海庄生机电工程设备有限公司 | A kind of method that BACnet agreements directly enter DataBase Gateway |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
| CN108183936A (en) * | 2016-12-08 | 2018-06-19 | 西门子瑞士有限公司 | For providing the method for network communication, communication web services and server between BACnet equipment |
| CN108494672A (en) * | 2018-04-17 | 2018-09-04 | 上海振华重工(集团)股份有限公司 | A kind of industrial communication gateway, industrial data security isolation system and method |
| CN108494755A (en) * | 2018-03-13 | 2018-09-04 | 华为技术有限公司 | A kind of method and device of transmission application Program Interfaces API request |
| CN108600232A (en) * | 2018-04-27 | 2018-09-28 | 北京网藤科技有限公司 | A kind of industry control safety auditing system and its auditing method |
| CN109194616A (en) * | 2018-08-01 | 2019-01-11 | 北京科技大学 | A kind of industrial information security protection system for variable frequency vector control device |
| CN109547494A (en) * | 2019-01-02 | 2019-03-29 | 广东电网有限责任公司 | Network security detection gateway and system |
| CN110545226A (en) * | 2018-05-28 | 2019-12-06 | 中国石油天然气集团有限公司 | device communication method and communication system |
| CN110582735A (en) * | 2017-02-20 | 2019-12-17 | 株式会社Kmc | Production information collection system, computer system, production information collection method, and program |
| CN113162885A (en) * | 2020-01-07 | 2021-07-23 | 中国石油天然气股份有限公司 | Safety protection method and device for industrial control system |
| CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
| CN113395258A (en) * | 2021-05-11 | 2021-09-14 | 无锡航天江南数据系统科技有限公司 | Industrial internet authentication gateway test development system and authentication process thereof |
| WO2021253366A1 (en) * | 2020-06-16 | 2021-12-23 | 北京京投信安科技发展有限公司 | Switch encryption system |
| CN113973275A (en) * | 2021-10-28 | 2022-01-25 | 中国联合网络通信集团有限公司 | Data processing method, apparatus and medium |
| CN115695091A (en) * | 2022-10-31 | 2023-02-03 | 东土科技(宜昌)有限公司 | Authorization method, device and system of gateway equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030126466A1 (en) * | 2001-12-28 | 2003-07-03 | So-Hee Park | Method for controlling an internet information security system in an IP packet level |
| CN101895578A (en) * | 2010-07-06 | 2010-11-24 | 国都兴业信息审计系统技术(北京)有限公司 | Document monitor and management system based on comprehensive safety audit |
| CN102438026A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Industrial control network security protection method and system |
| CN202856781U (en) * | 2012-08-29 | 2013-04-03 | 广东电网公司电力科学研究院 | Industrial control system main station safety device |
| CN103457948A (en) * | 2013-08-29 | 2013-12-18 | 网神信息技术(北京)股份有限公司 | Industrial control system and safety device thereof |
-
2014
- 2014-11-13 CN CN201410638244.2A patent/CN104320332A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030126466A1 (en) * | 2001-12-28 | 2003-07-03 | So-Hee Park | Method for controlling an internet information security system in an IP packet level |
| CN101895578A (en) * | 2010-07-06 | 2010-11-24 | 国都兴业信息审计系统技术(北京)有限公司 | Document monitor and management system based on comprehensive safety audit |
| CN102438026A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Industrial control network security protection method and system |
| CN202856781U (en) * | 2012-08-29 | 2013-04-03 | 广东电网公司电力科学研究院 | Industrial control system main station safety device |
| CN103457948A (en) * | 2013-08-29 | 2013-12-18 | 网神信息技术(北京)股份有限公司 | Industrial control system and safety device thereof |
Non-Patent Citations (4)
| Title |
|---|
| ERIC D.KNAPP: "《工业网络安全》", 30 June 2014 * |
| 侯加兵: "厂级监控信息系统信息安全关键技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 朱鹏: "基于TCP/IP协议的工业控制网络远程数据通信网关的安全技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 游银辉: "电子政务的网络信息安全研究", 《中国优秀博硕士学位论文全文数据库 (硕士) 社会科学Ⅰ辑(经济政治与法律)》 * |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN105072025B (en) * | 2015-08-05 | 2018-03-13 | 北京科技大学 | For the security protection gateway and system of modern industrial control system network service |
| CN105072025A (en) * | 2015-08-05 | 2015-11-18 | 北京科技大学 | Safe protective gateway and system for modern industrial control system network communication |
| CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN105847266A (en) * | 2016-04-07 | 2016-08-10 | 周文奇 | Protection system for key controller for industrial communication |
| CN105721499A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Information security system of industrial communication security gateway |
| CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
| CN106254231A (en) * | 2016-08-18 | 2016-12-21 | 中京天裕科技(北京)有限公司 | A kind of industrial safety encryption gateway based on state and its implementation |
| CN108183936A (en) * | 2016-12-08 | 2018-06-19 | 西门子瑞士有限公司 | For providing the method for network communication, communication web services and server between BACnet equipment |
| CN110582735A (en) * | 2017-02-20 | 2019-12-17 | 株式会社Kmc | Production information collection system, computer system, production information collection method, and program |
| CN107070905A (en) * | 2017-03-31 | 2017-08-18 | 山东超越数控电子有限公司 | A kind of security gateway system for parsing multi-protocols and its application |
| CN106790309A (en) * | 2017-03-31 | 2017-05-31 | 山东超越数控电子有限公司 | A kind of filtering module for being applied to multi-protocols security gateway system and its application |
| CN107528836A (en) * | 2017-08-10 | 2017-12-29 | 上海庄生机电工程设备有限公司 | A kind of method that BACnet agreements directly enter DataBase Gateway |
| CN107370759A (en) * | 2017-08-30 | 2017-11-21 | 安徽天达网络科技有限公司 | A kind of network access control system based on IP lockings |
| CN107612733A (en) * | 2017-09-19 | 2018-01-19 | 杭州安恒信息技术有限公司 | A kind of network audit and monitoring method and its system based on industrial control system |
| CN108494755A (en) * | 2018-03-13 | 2018-09-04 | 华为技术有限公司 | A kind of method and device of transmission application Program Interfaces API request |
| US11956210B2 (en) | 2018-03-13 | 2024-04-09 | Huawei Technologies Co., Ltd. | Method and apparatus for transmitting application programming interface API request |
| CN108494755B (en) * | 2018-03-13 | 2020-04-03 | 华为技术有限公司 | Method and device for transmitting Application Programming Interface (API) request |
| CN108494672A (en) * | 2018-04-17 | 2018-09-04 | 上海振华重工(集团)股份有限公司 | A kind of industrial communication gateway, industrial data security isolation system and method |
| CN108600232A (en) * | 2018-04-27 | 2018-09-28 | 北京网藤科技有限公司 | A kind of industry control safety auditing system and its auditing method |
| CN108600232B (en) * | 2018-04-27 | 2021-11-16 | 北京网藤科技有限公司 | Industrial control safety audit system and audit method thereof |
| CN110545226A (en) * | 2018-05-28 | 2019-12-06 | 中国石油天然气集团有限公司 | device communication method and communication system |
| CN110545226B (en) * | 2018-05-28 | 2021-12-17 | 中国石油天然气集团有限公司 | Device communication method and communication system |
| CN109194616B (en) * | 2018-08-01 | 2020-03-10 | 北京科技大学 | Industrial information safety protection system for variable frequency vector control device |
| CN109194616A (en) * | 2018-08-01 | 2019-01-11 | 北京科技大学 | A kind of industrial information security protection system for variable frequency vector control device |
| CN109547494A (en) * | 2019-01-02 | 2019-03-29 | 广东电网有限责任公司 | Network security detection gateway and system |
| CN113162885A (en) * | 2020-01-07 | 2021-07-23 | 中国石油天然气股份有限公司 | Safety protection method and device for industrial control system |
| CN113162885B (en) * | 2020-01-07 | 2022-11-01 | 中国石油天然气股份有限公司 | Safety protection method and device for industrial control system |
| WO2021253366A1 (en) * | 2020-06-16 | 2021-12-23 | 北京京投信安科技发展有限公司 | Switch encryption system |
| CN113395258A (en) * | 2021-05-11 | 2021-09-14 | 无锡航天江南数据系统科技有限公司 | Industrial internet authentication gateway test development system and authentication process thereof |
| CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
| CN113973275A (en) * | 2021-10-28 | 2022-01-25 | 中国联合网络通信集团有限公司 | Data processing method, apparatus and medium |
| CN113973275B (en) * | 2021-10-28 | 2023-06-27 | 中国联合网络通信集团有限公司 | Data processing method, device and medium |
| CN115695091A (en) * | 2022-10-31 | 2023-02-03 | 东土科技(宜昌)有限公司 | Authorization method, device and system of gateway equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104320332A (en) | Multi-protocol industrial communication safety gateway and communication method with gateway applied | |
| CN110996318B (en) | Safety communication access system of intelligent inspection robot of transformer substation | |
| Volkova et al. | Security challenges in control network protocols: A survey | |
| US10581803B1 (en) | Application-aware connection rules for network access client | |
| US11102226B2 (en) | Dynamic security method and system based on multi-fusion linkage response | |
| Dzung et al. | Security for industrial communication systems | |
| Bartman et al. | Securing communications for SCADA and critical industrial systems | |
| Coates et al. | A trust system architecture for SCADA network security | |
| Carter et al. | Cyber security assessment of distributed energy resources | |
| Mahan et al. | Secure data transfer guidance for industrial control and SCADA systems | |
| Fauri et al. | Encryption in ICS networks: A blessing or a curse? | |
| Zhang et al. | An adaptive encryption-as-a-service architecture based on fog computing for real-time substation communications | |
| CN102333098A (en) | Implementation method for security private cloud system | |
| Alisherov et al. | Secure SCADA network technology and methods | |
| Alsiherov et al. | Research trend on secure SCADA network technology and methods | |
| Kumar et al. | Cyber security threats in synchrophasor system in WAMS | |
| Zafirovic-Vukotic et al. | Secure Scada network supporting NERC CIP | |
| He | The research of computer network security and protection strategy | |
| Hahn et al. | Cybersecurity of SCADA within Substations | |
| Fuloria et al. | Towards a security architecture for substations | |
| Wells | Better practices for IoT smart home security | |
| Hareesh et al. | Passive security monitoring for IEC-60870-5-104 based SCADA systems | |
| Weerathunga et al. | Securing IEDs against cyber threats in critical substation automation and industrial control systems | |
| Bartman et al. | Securing critical industrial systems with SEL solutions | |
| Kiuchi et al. | Security technologies, usage and guidelines in SCADA system networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150128 |