CN105245530B - A kind of safe information transmission agency plant - Google Patents

A kind of safe information transmission agency plant Download PDF

Info

Publication number
CN105245530B
CN105245530B CN201510688059.9A CN201510688059A CN105245530B CN 105245530 B CN105245530 B CN 105245530B CN 201510688059 A CN201510688059 A CN 201510688059A CN 105245530 B CN105245530 B CN 105245530B
Authority
CN
China
Prior art keywords
information
module
transmission
sub
security situation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510688059.9A
Other languages
Chinese (zh)
Other versions
CN105245530A (en
Inventor
张铮
祝卫华
邬江兴
罗兴国
王晓梅
庞建民
谢光伟
何红旗
邰铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Digital Switch System Engineering Technology Research Center
Shanghai Redneurons Co Ltd
Original Assignee
NATIONAL DIGITAL SWITCH SYSTEM ENGINEERING TECHNOLOGY RESEARCH CENTER
Shanghai Redneurons Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NATIONAL DIGITAL SWITCH SYSTEM ENGINEERING TECHNOLOGY RESEARCH CENTER, Shanghai Redneurons Co Ltd filed Critical NATIONAL DIGITAL SWITCH SYSTEM ENGINEERING TECHNOLOGY RESEARCH CENTER
Priority to CN201510688059.9A priority Critical patent/CN105245530B/en
Publication of CN105245530A publication Critical patent/CN105245530A/en
Application granted granted Critical
Publication of CN105245530B publication Critical patent/CN105245530B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Abstract

The present invention provides a kind of safe information transmission agency plant, including information transmission modular, safety monitoring module, database module, Network Interface Module and dispatching control module, wherein, information transmission modular includes the different sub- transmission node of some function equivalences, structure;The safety state information of safety monitoring module monitoring information transport module, and security situation report is generated according to safety state information and stores security situation report into database module, corresponding alarm is exported when periodically analyzing the security situation report in database module, and predetermined abnormal conditions occur in security situation report to dispatching control module to report;Dispatching control module carries out corresponding scheduling controlling processing according to security situation report and alarm report to corresponding sub- transmission node in information transmission block.The present invention realizes the purpose of high integrality of the information transmission in agency plant, high security and high security based on isomery redundancy, information transmission randomization, mobilism thought.

Description

A kind of safe information transmission agency plant
Technical field
The present invention relates to information security field, more specifically to a kind of safe information transmission agency plant.
Background technology
Under open environment, information mainly faces the safety problem of three aspects, i.e. information leakage, letter in transmitting procedure Breath is distorted and forged identity.When information is by acting on behalf of front end (such as client) and acting on behalf of between end (such as application server) When TSM Security Agent equipment is transmitted, problems are even more serious, once because agent equipment is broken control, then client is passed through All information of agent equipment transmission will likely be trapped, replicate, distort.In this regard, traditional solution is that transmission is believed Breath is encrypted, compress after re-encrypt (such as HTTPS, HTPP agreement), thus even if agent equipment is broken, attacker can only Obtain the encrypted information of a pile.
However, the technology such as existing ciphered compressed still has following both sides serious problems:
1) when acting on behalf of front end and acting on behalf of the end public and private key certification of progress, authentication information need to be passed by agent equipment It is defeated.If agent equipment is attacked, it can not only steal the authentication information, can also modify to the authentication information. For example, the agent equipment attacked can carry out public and private key certification with acting on behalf of front end and acting on behalf of end respectively, and before acting on behalf of at this time End is held and acted on behalf of then with to be authenticated with other side, so that " man-in-the-middle attack " (Man-in-the- can be formed MiddleAttack, referred to as " MITM attacks "), i.e. the agent equipment attacked is provided simultaneously with acting on behalf of front end and acts on behalf of end Private key, then whole message transmitting procedure does not have any difference for the agent equipment attacked with plaintext transmission .In this regard, the prior art only has the precautionary measures to MIMT attacks, but such attack, example are not solved the problems, such as fundamentally Such as, to be cheated for DNS, the prior art first checks for the hosted file of the machine, in order to avoid added malicious site to enter by attacker; Whether the dns server for then confirming to use is provided by isp server, because the security performance of isp server is relatively good at present, The attacker of mean level can not be successfully entered.But such precautionary measures are difficult to for " agent middleman's attack " Take effect, as soon as because agent equipment inherently " go-between " role, attacker need not carry out any deception energy and victim Connection, and agent equipment is not related to the factors such as MAC, thus the general precautionary measures do not work.
2) performance issue, for example, the request each time of client is both needed to consult with application server the process of transmission private key, Considerably increase the response time of application service so that the user experience of client substantially reduce (such as user open one it is multiple Above times half a minute such as miscellaneous webpage need).
In view of the above problems, Chinese patent application《Using TSM Security Agent method and using safety proxy system》Realize The flow equalization of more the dynamic expansion of safety proxy system scale, the dynamic expansion of performance and server-side TSM Security Agent equipment, It is achieved thereby that high security, high stability and the high-performance of safety proxy system entirety.The drawback is that:Same client please When asking a service, need to by same agent equipment, once so the agent equipment is controlled by attack, then user's is all Transmission information will be trapped.In addition, United States Patent (USP)《Proxy for tolerating faults in high-security systems》Fault-tolerant agency in disclosed high safety system can improve the overall security of agency plant, but once act on behalf of System is controlled by attack, then the information of its transmission may still be trapped, changes, replicate.
The content of the invention
For deficiency of the prior art, the present invention provides a kind of safe information transmission agency plant, and it is superfluous that it is based on isomery Remaining, information transmission randomization, dynamic design thought, realize that information transmits the high integrality in agency plant, high security With the purpose of high security.
To achieve these goals, the present invention adopts the following technical scheme that:
A kind of safe information transmission agency plant, is connected between a transmitting terminal and a receiving terminal, the system comprises one Information transmission modular, a safety monitoring module, a database module, a Network Interface Module and a dispatching control module, its In:
Described information transport module includes the different sub- transmission node of some function equivalences, structure, wherein, each sub- biography Defeated node is connected and is connected between the transmitting terminal and the receiving terminal two-by-two;
The safety monitoring module is connected between described information transport module and the database module, it is arranged to supervise The safety state information of described information transport module is surveyed, and each sub- transmission is corresponded to according to safety state information generation The security situation report of node simultaneously stores security situation report into the database module, while periodically to the number According in library module security situation report analyzed, and the security situation report in there are predetermined abnormal conditions when to The dispatching control module exports corresponding alarm report;
The database module is also connected with described information transport module, Network Interface Module and dispatching control module, with The security situation report is provided to described information transport module, Network Interface Module and dispatching control module;Described information passes Defeated module reports that the selection information that one or more sub- transmission nodes export the transmitting terminal is transmitted according to the security situation To the receiving terminal;
The Network Interface Module is also connected with the transmitting terminal, it is arranged to report random choosing according to the security situation A sub- transmission node is selected, so that the information of transmitting terminal output is transmitted to the corresponding sub- transmission node;
The dispatching control module is also connected with the safety monitoring module, it is arranged to be reported according to the security situation Corresponding scheduling controlling processing is carried out to the corresponding sub- transmission node in described information transmission block with alarm report.
Preferably, the safety state information includes the corresponding receive information number of each sub- transmission node, forwarding letter Breath number and whether modify to the information of process, replicate operation, further including the reception of whole described information transport module Informational capacity and forwarding information total amount.
Preferably, the dispatching control module is also configured to surpass in the alarm reporting quantities of safety monitoring module output When going out predetermined threshold, the scheduling controlling processing is carried out to the safety monitoring module.
Further, the scheduling controlling processing includes shutting down, cleans, upgrades renewal and/or reboot process.
Preferably, the Network Interface Module is realized based on webservice technologies.
In conclusion the main characteristic of the invention lies in that the transmission path of information is uncertain, system-level dynamic regulation, member Part level dynamic change and element isomerism.Compared with prior art, the present invention improves the Gao An that information passes through agency plant Quan Xing, high security and high reliability.And in the case that a small amount of sub- transmission node is broken control, attacker obtains All the possibility of transmission information is very low (unless whole agency plant is all broken control in a short time).
Brief description of the drawings
Fig. 1 is the structure diagram of the safe information transmission agency plant of the present invention;
Fig. 2 is the structure diagram of the information transmission modular in Fig. 1;
Fig. 3 is the schematic diagram of information normal transmission in one embodiment of the invention;
Fig. 4 is the schematic diagram of information normal transmission in another embodiment of the present invention;
Fig. 5 is the schematic diagram that information is intercepted, distorts in still another embodiment of the present invention.
Embodiment
With reference to specific embodiment, the present invention is described in detail.Following embodiments will be helpful to the technology of this area Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this area For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention Protection domain.
As shown in Figure 1, the safe information transmission agency plant of the present invention includes an information transmission modular 1, a network interface Module 2, a safety monitoring module 3, a database module 4 and a dispatching control module 5, the information transmission modular 1 are connected to Between one transmitting terminal 10 and a receiving terminal 20.
Above-mentioned modules are described in detail separately below:
Information transmission modular 1 includes the different sub- transmission node group of some function equivalence structures, and every sub- transmission node Group includes some identical sub- transmission nodes again.In embodiment as shown in Figure 2, information transmission modular 1, which includes son, to be transmitted Node SP1, SP2 ..., SPn, wherein, identical figure represents identical sub- transmission node (such as SP1, SP2 and SP7), it Belong to same sub- transmission node group;Different figures represent the different sub- transmission node of function equivalence structure (such as SP1 and SP3), they belong to different sub- transmission node groups.Here, to embody isomery superfluous for the different sub- transmission node of function equivalence structure Remaining thought, in one embodiment, can be by making the programming language of sub- transmission node is different to realize, for example, some uses Java language, some use Python, and some directly uses Nginx as positive supply.It should be understood that each sub- transmission section Point is configured to complete directional topology (being connected two-by-two) and is connected between transmitting terminal 10 and receiving terminal 20, works as transmission The information of the output of end 10 will be forwarded to output terminal after entering information transmission modular 1 with uncertain path.Uncertain road It is uncertain which the sub- transmission node that footpath refers to participate in has, and transfer sequence is not known yet.
Specifically, when transmitting terminal 10 exports an information, which is first transmitted to by Network Interface Module 2 (under It is described in detail in text) a randomly selected sub- transmission node;Then the sub- transmission node is (hereinafter detailed according to safety monitoring module 3 State) safety coefficient of its own of feedback, relatively randomly selected in a rational section next a sub- transmission node or Person directly transmits information to receiving terminal 20.In order to improve peaceful property, when the safety coefficient of a sub- transmission node is higher, then The probability that information is transferred to this sub- transmission node may be than being transferred to the probability of the sub- transmission node more relatively low than its safety coefficient more High (such as accounting for 3/5).So as to which the information content ratio forwarded by the higher sub- transmission node of safety coefficient is relatively low by safety coefficient Sub- transmission node forwarding information content it is more.Certainly, in order to occur without the phenomenon of polarization, rational section can be carried out Control, such as restricted information are transferred to the probability of the higher sub- transmission node of safety coefficient not over certain threshold value (such as 4/ 5)。
Fig. 3 and Fig. 4 respectively illustrates two different embodiments of information normal transmission, and indicating the path of information process is It is uncertain.When system safety coefficient is relatively low, the number for the sub- transmission node that information is passed through may be more, such as Fig. 3;When being When safety coefficient of uniting is higher, the sub- transmission node that may pass through is less, such as Fig. 4.
In specific implementation, the number of sub- transmission node can be passed through come relation control information by probability, such as, receive To the random number generated between one 1 to 10 of sub- transmission node of information, if this number is more than 4, this sub- transmission node will Information is transmitted to receiving terminal 20, is otherwise transmitted to next sub- transmission node;So information is by the general of sub- transmission node Rate is 0.4, and the probability by two sub- transmission nodes is 0.4*0.4.
In addition, when a sub- transmission node receives an information, understand to safety monitoring module 3 and send one corresponding to this The reception information signal of sub- transmission node;When a sub- transmission node forwards an information, one can be sent to safety monitoring module 3 A information forward signal corresponding to the sub- transmission node., can be to safety monitoring module when information enters information transmission modular 1 3 send a System Information reception signal;When information leave message transport module 1, one can be sent to safety monitoring module 3 System information forward signal.According to these signals, safety monitoring module 3 can obtain the corresponding receive information of each sub- transmission node Number and forwarding information number, and the receive information total amount and forwarding information total amount of whole information transmission modular 1, so as to be safety Monitoring modular 3 generates the report of system security situation and alarm report provides foundation.
In the present invention, Network Interface Module 2 is provided as safe information transmission agency plant of the present invention to transmitting terminal 10 Network interface, its major function be to transmitting terminal 10 at random provide an information transmission modular 1 in available sub- transmission node IP address and port numbers (being provided by database module 4) so that transmitting terminal 10 export current information be directly transferred to first Corresponding sub- transmission node, so that it is guaranteed that information enters the randomness and dynamic changeability of information transmission modular 1.Wherein, network Interface module 2 can be based on webservice technologies and realize.
Safety monitoring module 3 is connected between information transmission modular 1 and database module 4, it is equivalent to safety of the invention The alarm device of agency plant, to the safety state information of real-time monitoring information transport module 1, and believes according to the safe condition Breath produces and exports corresponding security situation report (including the corresponding safety coefficient of each sub- transmission node) and alarm report.Safety Whether status information includes the corresponding receive information number of each sub- transmission node, forwarding information number and to the information of transmission Modify, replicate operation, further include the receive information total amount and forwarding information total amount of whole information transmission modular 1.
Database module 4 at the same time with information transmission modular 1, Network Interface Module 2, safety monitoring module 3 and scheduling controlling Module 5 connects, it is mainly used for receiving the security situation report that safety monitoring module 3 exports, and to information transmission modular 1, net Network interface module 2 and dispatching control module 5 provide relevant information.Wherein, each module is limited to the access limit of database module 4 System, specifically, read operation can only be carried out for information transmission modular 1, Network Interface Module 2, and for 3 He of safety monitoring module Dispatching control module 5 is readable writeable.In one embodiment, security situation is reported in database module 4 with the shape of two tables Formula, i.e., sub- transmission node table (UTT) and safety records table (SRT).Wherein, UTT includes five contents:ID、IP、PORT、 SecurityNumber and USABLE, represent respectively the corresponding sequence number of each sub- transmission node, IP address, port numbers, safety coefficient, And whether upstate;SRT mainly includes four attributes of sub- transmission node:ID, receive information number, forwarding information Count and whether have the operation such as modification or duplication to transmitted information, the receive information for further including whole information transmission modular 1 is total Amount and forwarding information total amount.
When system restarts each time, safety monitoring module 3 can be zeroed out SRT;When have sub- transmission node into Row shuts down, cleans, restarting when operation, and safety monitoring module 3 can also be zeroed out the list item corresponding to it.
Safety monitoring module 3 periodically can also be scanned SRT tables Inspection and analysis, and the table of alert consitions is produced to meeting Item (representing that there occurs abnormal conditions for corresponding child node) sends safety alarm.For example, if ID is the sub- transmission node of some value Receive information number be much larger than its forwarding information number, then this sub- transmission node may control under attack, and to institute Transmission information is stolen;If it, which exists, has information the operation such as modification, duplication, control subject to attacks is likely to System, safety monitoring module 3 can produce corresponding alarm and send alarm report to dispatching control module 5.
Dispatching control module 5 is the control centre of the present invention, but to prevent scheduling controller module from being controlled by attack, its It can only be scheduled in a pre-set unalterable reasonable interval, can be performed for more than in no instance Control scheduling outside this reasonable interval.Dispatching control module 5 is responsible for initializing all modules of whole system, and energy The alarm report sent according to the security situation report stored in database module 4 and safety monitoring module 3 is expanded accordingly Exhibition scheduling, if for example, producing safety alarm, scheduling controlling to the sub- transmission node of certain in information transmission modular 1 in alarm report Device module will carry out the sub- transmission node corresponding scheduling controlling processing, for example, shut down, cleaning, upgrading are updated, restarted, most Afterwards by this logout in system log.But when safety monitoring module 3 produce alarm it is excessive and during more than a reasonable interval, Scheduling controller module will be considered that system safety monitoring module 3 is subject to attacks, and then it is carried out the operation such as to restart, such Mechanism also prevent because of the negative effect that system safety monitoring module 3 is under attack and produces.
When the safe transmission agency plant of the present invention starts, scheduling controller module will be remembered according to the current of system log Record carries out startup initialization to modules, number, type comprising the startup of 1 Neutron Transmission node of configuration information transport module, Safety coefficient etc..For example, when the Windows loopholes occurred in the recent period are more, then operate in the son transmission under windows platform The startup number of node will reduce, and their safety coefficient also can set very low, so by the letter of its forwarding Breath can also greatly reduce.
Five modules of the above are all the indispensable parts of the present invention, they complement each other, cooperate, common to improve The high security of whole secure software agent model, high security, high reliability.
In addition, as shown in figure 5, when transmitting terminal 10 sends the data content for including 100 information, these information are randomly Several paths transmission are have selected, thus attacker can not predict that several sub- transmission nodes add transmitting procedure, so as to increase The selection difficulty of target of attack is added.Even if correctly attacking to a sub- transmission node (such as SP3), but it intercepts, distorts Information be small part, receiving terminal 20 can be recovered by fault tolerant mechanism.That is, even if attacker is by SP3 20 information of forwarding all intercept, such as still can pass through other 80 letters according to fault tolerant mechanism without forwarding, the present invention Breath recovers the full content that original 100 information is included, and attacker can not be recovered at all by 20 obtained information The full content that originally 100 information is included, so as to further increase security of system.But also it can be transmitted in information Increase in module 1 it is several seem can normal transmission, but actual idle sub- transmission node to confuse attacker, increases system By the difficulty of attack control, this (can set in the database by the way that the safety coefficient of the corresponding sub- transmission node of setting is zero Put), then information transmission modular 1 sets the sub- transmission node that safety coefficient is zero to be transmitted without information and realizes.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims (5)

1. a kind of safe information transmission agency plant, is connected between a transmitting terminal and a receiving terminal, it is characterised in that the system System includes an information transmission modular, a safety monitoring module, a database module, a Network Interface Module and a scheduling controlling Module, wherein:
Described information transport module includes the different sub- transmission node of some function equivalences, structure, wherein, each sub- transmission section Point is connected and is connected between the transmitting terminal and the receiving terminal two-by-two;
The safety monitoring module is connected between described information transport module and the database module, it is arranged to monitoring institute The safety state information of information transmission modular is stated, and each sub- transmission node is corresponded to according to safety state information generation Security situation report and security situation report is stored into the database module, while periodically to the database Mould security situation report in the block is analyzed, and when there are predetermined abnormal conditions during the security situation is reported to described Dispatching control module exports corresponding alarm report;
The database module is also connected with described information transport module, Network Interface Module and dispatching control module, with to institute State information transmission modular, Network Interface Module and dispatching control module and the security situation report is provided;Described information transmits mould Root tuber reports that the information that the transmitting terminal exports is transmitted to institute by the one or more sub- transmission nodes of selection according to the security situation State receiving terminal;
The Network Interface Module is also connected with the transmitting terminal, it is arranged to according to security situation report random selection one A sub- transmission node, so that the information of transmitting terminal output is transmitted to the corresponding sub- transmission node;
The dispatching control module is also connected with the safety monitoring module, it is arranged to according to security situation report and institute State alarm report and corresponding scheduling controlling processing is carried out to the corresponding sub- transmission node in described information transport module.
2. safe information transmission agency plant according to claim 1, it is characterised in that the safety state information includes The corresponding receive information number of each sub- transmission node, forwarding information number and whether modify to the information of process, Operation is replicated, further includes the receive information total amount and forwarding information total amount of whole described information transport module.
3. safe information transmission agency plant according to claim 1, it is characterised in that the dispatching control module is also set It is set to when the alarm reporting quantities of safety monitoring module output exceed predetermined threshold, the safety monitoring module is carried out The scheduling controlling processing.
4. the safe information transmission agency plant according to claim 1 or 3, it is characterised in that the scheduling controlling processing Including shut down, clean, upgrade renewal and/or reboot process.
5. safe information transmission agency plant according to claim 1, it is characterised in that the Network Interface Module is based on Webservice technologies are realized.
CN201510688059.9A 2015-10-21 2015-10-21 A kind of safe information transmission agency plant Active CN105245530B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510688059.9A CN105245530B (en) 2015-10-21 2015-10-21 A kind of safe information transmission agency plant

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510688059.9A CN105245530B (en) 2015-10-21 2015-10-21 A kind of safe information transmission agency plant

Publications (2)

Publication Number Publication Date
CN105245530A CN105245530A (en) 2016-01-13
CN105245530B true CN105245530B (en) 2018-04-13

Family

ID=55043030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510688059.9A Active CN105245530B (en) 2015-10-21 2015-10-21 A kind of safe information transmission agency plant

Country Status (1)

Country Link
CN (1) CN105245530B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111542063A (en) * 2020-04-28 2020-08-14 张鹏程 Communication device and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111053A (en) * 2006-07-18 2008-01-23 中兴通讯股份有限公司 System and method for defending network attack in mobile network
CN102904905A (en) * 2012-11-13 2013-01-30 无锡江南计算技术研究所 Application security proxy method and application security proxy system
US8615562B1 (en) * 2006-12-29 2013-12-24 Google Inc. Proxy for tolerating faults in high-security systems

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0312009D0 (en) * 2003-05-24 2003-07-02 Univ Strathclyde Management and control of telecommunication services delivery

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101111053A (en) * 2006-07-18 2008-01-23 中兴通讯股份有限公司 System and method for defending network attack in mobile network
US8615562B1 (en) * 2006-12-29 2013-12-24 Google Inc. Proxy for tolerating faults in high-security systems
CN102904905A (en) * 2012-11-13 2013-01-30 无锡江南计算技术研究所 Application security proxy method and application security proxy system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于代理的Web服务安全研究;宋栋 等;《网络安全技术与应用》;20081130;全文 *

Also Published As

Publication number Publication date
CN105245530A (en) 2016-01-13

Similar Documents

Publication Publication Date Title
WO2021203733A1 (en) Power edge gateway device and device-based sensor data uplink storage method
US20210149663A1 (en) Data processing method based on intelligent contract, device, and storage medium
Sikeridis et al. A blockchain-based mechanism for secure data exchange in smart grid protection systems
Maw et al. ICS-BlockOpS: Blockchain for operational data security in industrial control system
Darwish et al. Smart grid DNP3 vulnerability analysis and experimentation
CN105656902A (en) One-way reliable transmission and control system based on light transmission
CN104579781B (en) A kind of the intelligent grid polymerization and system of difference personal secrets and failure tolerant
Amoah et al. Formal modelling and analysis of DNP3 secure authentication
CN103856345B (en) Server account number and password management method and system and server
CN103812699A (en) Monitoring management system based on cloud computing
Babay et al. Deploying intrusion-tolerant scada for the power grid
JP2012150805A (en) Systems and methods for detecting fraud associated with systems application processing
WO2021227465A1 (en) Security defense method and system for industrial control system network
CN105245530B (en) A kind of safe information transmission agency plant
Tsai et al. An efficient blockchain-based firmware update framework for iot environment
CN105245336B (en) A kind of file encryption management system
CN115361273A (en) Block chain-based electric power operation and maintenance safety supervision and emergency management and control system and method
Fundin Generating datasets through the introduction of an attack agent in a SCADA testbed: A methodology of creating datasets for intrusion detection research in a SCADA system using IEC-60870-5-104
Hasan et al. Intrusion detection in a private network by satisfying constraints
CN113645196A (en) Internet of things equipment authentication method and system based on block chain and edge assistance
Zhang et al. Design and Implementation of IEC61850 Communication Security Protection Scheme for Smart Substation based on Bilinear Function
Zheng et al. Research on SDN-based mimic server defense technology
Aydeger Software defined networking for smart grid communications
EP2634988A1 (en) A method and a system for performing a security update in a smart grid network
Mashima et al. Cybersecurity for Modern Smart Grid Against Emerging Threats

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20171019

Address after: 201112, 5 building, 3A building, 1588 union airways, Shanghai, Minhang District

Applicant after: Shanghai RedNeurons Information Technology Co., Ltd.

Applicant after: National Digital Switch System Engineering Technology Research Center

Address before: 201112 3A building, No. 1588 union airways, Shanghai, Minhang District

Applicant before: Shanghai RedNeurons Information Technology Co., Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant