CN105162593A - Module authentication method applied to water treatment monitoring - Google Patents
Module authentication method applied to water treatment monitoring Download PDFInfo
- Publication number
- CN105162593A CN105162593A CN201510460598.7A CN201510460598A CN105162593A CN 105162593 A CN105162593 A CN 105162593A CN 201510460598 A CN201510460598 A CN 201510460598A CN 105162593 A CN105162593 A CN 105162593A
- Authority
- CN
- China
- Prior art keywords
- data acquisition
- master control
- daughter board
- control borad
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a module authentication method applied to water treatment monitoring. A water treatment monitoring system comprises a main control board and a data acquisition sub board. The main control board and the data acquisition sub board follow a certain protocol and communicate with each other through an industrial bus. In a configuration mode, the main control board and the data acquisition sub board respectively receive public keys sent by each other and record the public keys in secure storage areas of respective encryption chips. In a working mode, the main control board and the data acquisition sub board are authenticated through challenge and response at regular intervals, and after authentication succeeds, the encryption chips encrypt data for subsequent data communication. By adopting the module authentication method of the invention, identity authentication and data encryption can be carried out between the main control board and the data acquisition sub board, data counterfeiting and leaking is effectively avoided, and the security and reliability of the system are improved.
Description
Technical field
The invention belongs to industrial process control field, be specifically related to a kind of module authentication method being applied to water treatment monitoring.
Background technology
Water treatment supervisory control system is made up of master control borad and data acquisition daughter board, and it is reliably very important for guaranteeing data security in data transmission procedure.Carry out data communication without certification and encryption between traditional water treatment supervisory control system master control borad and daughter board, personation and the leakage of data may be caused.Carry out authentication by encryption chip to master control borad and data acquisition daughter board and data encryption can think the reliable a kind of new method that guarantees data security, this method enciphering rate is fast, takies resource few, and is difficult to be cracked.
Summary of the invention
The present invention proposes a kind of module authentication method being applied to water treatment monitoring, the method is applied in the module authentication system of water treatment monitoring: the authentication between water treatment supervisory control system master control borad and data acquisition daughter board and Data Encryption Scheme, this method can carry out authentication and data encryption between master control borad and data acquisition daughter board, ensure that the safety and reliability of industrial data.
Technical scheme just of the present invention is as follows:
Be applied to a module authentication method for water treatment monitoring, water treatment supervisory control system comprises master control borad and data acquisition daughter board, follows certain agreement and communicated by industrial bus between master control borad with data acquisition daughter board,
In the configuration mode, master control borad and data acquisition daughter board receive PKI that the other side sends respectively and are recorded in the secure storage areas of self-encryption chip;
In the operational mode, data encryption by challenge and authentication is carried out in response, by encryption chip is carried out follow-up data communication after authentication success every the regular hour by master control borad and data acquisition daughter board,
The process of authentication is: master control borad sends request authentication message to data acquisition daughter board, data acquisition daughter board sends back to master control borad by the random number of generation with through the random number information of data acquisition daughter board encrypted private key, the data acquisition daughter board PKI stored in master control borad self-encryption chip is decrypted the random number information through data acquisition daughter board encrypted private key, and compare with the random number that data acquisition daughter board sends, if both are equal, master control borad success identity data acquisition daughter board, master control borad sends to data acquisition daughter board by the random number of generation with through the random number information of master control borad encrypted private key afterwards, the master control borad PKI stored in data acquisition daughter board self-encryption chip is decrypted the random number information through master control borad encrypted private key, and compare with the random number that master control borad sends, if both are equal, data acquisition daughter board success identity master control borad, master control borad starts to communicate with data acquisition daughter board, otherwise authentication failure, system is by this information reporting,
The process of data encryption is: when master control borad sends data to data acquisition daughter board with the PKI of this data acquisition daughter board by information encryption, data acquisition daughter board receives the private key decryption information with self after data; When data acquisition daughter board sends data to master control borad, the PKI of master control borad is by information encryption, and master control borad receives the private key decryption information with self after data.
The invention has the advantages that: the method enciphering rate carrying out authentication and data encryption to master control borad and data acquisition daughter board by encryption chip is fast, takies resource few, and is difficult to be cracked; The method of carrying out authentication and data encryption between the master control borad and data acquisition daughter board of water treatment supervisory control system effectively prevent personation and the leakage of data, substantially increases the safety and reliability of system.
Accompanying drawing explanation
Fig. 1 is water treatment supervisory control system structured flowchart;
Fig. 2 is authentication principles figure;
Embodiment
Embodiment 1
As shown in Figure 1, a kind of water treatment supervisory control system general structure: water treatment supervisory control system comprises a master control borad and analog input, modulating output, numeral input, numeral export daughter board.Master control borad carries out daughter board by system bus and four seed plates and communicates.Whole system has N number of interface towards field apparatus (N depends on daughter board number) and some interfaces towards upper end, module authentication system of the present invention can make master control borad and daughter board carry out authentication and data encryption by encryption chip, and by reporting authentication and data message towards the interface of upper end.
Embodiment 2
Authentication principles: (F1 as shown in Figure 2, F2, F3, F4 is SQL, Ni is the private key of daughter board encryption chip, Nj is the private key of master control borad encryption chip, Ci, Cj is the random number produced, Ki is the daughter board PKI stored in master control borad, Kj is the master control borad PKI stored in daughter board, Q1 is the result with daughter board encrypted private key random number Ci, Q2 is the result of master control borad daughter board public key decryptions Q1, Q3 is the result with master control borad encrypted private key random number Cj, Q4 is the result of daughter board master control borad public key decryptions Q3), in the process of certification, first master control borad sends request authentication message to daughter board, daughter board produces random number Ci, by daughter board encrypted private key random number information:
Q1=F1(Ni,Ci)
Random number Ci and encrypted result Q1 is sent to master control borad, the daughter board public key decryptions Q1 that master control borad stores:
Q2=F2(Q1,Ki)
Relatively whether Ci and Q2 be equal, if both are equal, and master control borad success identity daughter board, master control borad produces random number Cj afterwards, by master control encrypted private key random number information:
Q3=F3(Nj,Cj)
Random number Cj and encrypted result Q3 is sent to daughter board, the master control borad public key decryptions Q3 that son stores:
Q4=F4(Q3,Kj)
Relatively whether Cj and Q4 be equal, if both are equal, and daughter board success identity master control borad, master control borad and daughter board can start to communicate; Otherwise authentication failure, system is by this information reporting.
Embodiment 3
Data encryption principle: when master control borad sends data to daughter board with the PKI of this daughter board by information encryption, daughter board receives the private key decryption information with self after data; When daughter board sends data to master control borad, the PKI of master control borad is by information encryption, and master control borad receives the private key decryption information with self after data.
Embodiment 4
Be applied to a module authentication system for water treatment monitoring, comprise master control borad and data acquisition daughter board composition.This system can enter configuration mode by network signal, USBKey and input password three kinds of modes.In the configuration mode, master control borad and data acquisition daughter board receive PKI that the other side sends respectively and are recorded in the secure storage areas of self-encryption chip.In the operational mode, master control borad and data acquisition daughter board every the regular hour by challenge and authentication is carried out in response, the process of authentication is: master control borad sends request authentication message to data acquisition daughter board, and data acquisition daughter board sends back to master control borad by the random number of generation with through the random number information of data acquisition daughter board encrypted private key.The data acquisition daughter board PKI stored in master control borad self-encryption chip is decrypted the random number information through data acquisition daughter board encrypted private key, and compare with the random number that data acquisition daughter board sends, if both are equal, master control borad success identity data acquisition daughter board.Master control borad sends to data acquisition daughter board by the random number of generation with through the random number information of master control borad encrypted private key afterwards, the master control borad PKI stored in data acquisition daughter board self-encryption chip is decrypted the random number information through master control borad encrypted private key, and compare with the random number that master control borad sends, if both are equal, data acquisition daughter board success identity master control borad, control plate can start to communicate with data acquisition daughter board.Otherwise authentication failure, system is by this information reporting.By encryption chip, follow-up data communication is carried out in data encryption after authentication success.The process of data encryption is: when master control borad sends data to data acquisition daughter board with the PKI of this data acquisition daughter board by information encryption, data acquisition daughter board receives the private key decryption information with self after data; When data acquisition daughter board sends data to master control borad, the PKI of master control borad is by information encryption, and master control borad receives the private key decryption information with self after data.As there is the situation that board is changed, the authentication between master control borad and data acquisition daughter board cannot be passed through, and system can by this information reporting.This master control borad and data acquisition daughter board effectively prevent personation and the leakage of data by the method that encryption chip carries out authentication and data encryption, substantially increase the safety and reliability of system.
Claims (1)
1. be applied to a module authentication method for water treatment monitoring, water treatment supervisory control system comprises master control borad and data acquisition daughter board, follows certain agreement and is communicated by industrial bus, it is characterized in that between master control borad with data acquisition daughter board:
In the configuration mode, master control borad and data acquisition daughter board receive PKI that the other side sends respectively and are recorded in the secure storage areas of self-encryption chip;
In the operational mode, data encryption by challenge and authentication is carried out in response, by encryption chip is carried out follow-up data communication after authentication success every the regular hour by master control borad and data acquisition daughter board,
The process of authentication is: master control borad sends request authentication message to data acquisition daughter board, data acquisition daughter board sends back to master control borad by the random number of generation with through the random number information of data acquisition daughter board encrypted private key, the data acquisition daughter board PKI stored in master control borad self-encryption chip is decrypted the random number information through data acquisition daughter board encrypted private key, and compare with the random number that data acquisition daughter board sends, if both are equal, master control borad success identity data acquisition daughter board, master control borad sends to data acquisition daughter board by the random number of generation with through the random number information of master control borad encrypted private key afterwards, the master control borad PKI stored in data acquisition daughter board self-encryption chip is decrypted the random number information through master control borad encrypted private key, and compare with the random number that master control borad sends, if both are equal, data acquisition daughter board success identity master control borad, master control borad starts to communicate with data acquisition daughter board, otherwise authentication failure, system is by this information reporting,
The process of data encryption is: when master control borad sends data to data acquisition daughter board with the PKI of this data acquisition daughter board by information encryption, data acquisition daughter board receives the private key decryption information with self after data; When data acquisition daughter board sends data to master control borad, the PKI of master control borad is by information encryption, and master control borad receives the private key decryption information with self after data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510460598.7A CN105162593A (en) | 2015-07-27 | 2015-07-27 | Module authentication method applied to water treatment monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510460598.7A CN105162593A (en) | 2015-07-27 | 2015-07-27 | Module authentication method applied to water treatment monitoring |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105162593A true CN105162593A (en) | 2015-12-16 |
Family
ID=54803358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510460598.7A Pending CN105162593A (en) | 2015-07-27 | 2015-07-27 | Module authentication method applied to water treatment monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105162593A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112784259A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security mechanism authentication method for expanding server through CPLD |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
| CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
| CN104253694A (en) * | 2014-09-27 | 2014-12-31 | 杭州电子科技大学 | Encrypting method for network data transmission |
-
2015
- 2015-07-27 CN CN201510460598.7A patent/CN105162593A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964786A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Set-top box-based secure information transmission system and method |
| CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
| CN104253694A (en) * | 2014-09-27 | 2014-12-31 | 杭州电子科技大学 | Encrypting method for network data transmission |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112784259A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security mechanism authentication method for expanding server through CPLD |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108092776B (en) | System based on identity authentication server and identity authentication token | |
| CN106911513B (en) | trusted device management method based on decentralized network | |
| CN101908959B (en) | Method, equipment and system thereof for establishing shared key | |
| CN101783800B (en) | Embedded system safety communication method, device and system | |
| CN103795534A (en) | Password-based authentication method and apparatus executing the method | |
| CN102664739A (en) | PKI (Public Key Infrastructure) implementation method based on safety certificate | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN104184743A (en) | Three-layer authentication system and method oriented to cloud computing platform | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN103986583A (en) | Dynamic encryption method and encryption communication system thereof | |
| CN103905204A (en) | Data transmission method and transmission system | |
| CN104468126A (en) | Safety communication system and method | |
| CN103678174A (en) | Data safety method, storage device and data safety system | |
| CN107508791A (en) | A kind of terminal identity verification method and system based on distributed key encryption | |
| CN116132043B (en) | Session key negotiation method, device and equipment | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN105262586B (en) | The method for distributing key and device of automobile burglar equipment | |
| CN111884814B (en) | Method and system for preventing intelligent terminal from being counterfeited | |
| CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
| US20230388121A1 (en) | Method for encrypting and decrypting data across domains based on privacy computing | |
| CN102724205B (en) | A kind of method to the encryption of industrial circle communication process and data acquisition equipment | |
| CN105577650A (en) | Remote time synchronization method and system of one-time password (OTP) | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN104753682A (en) | Generating system and method of session keys | |
| GB2543359A (en) | Methods and apparatus for secure communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151216 |