CN106302409A - The electric data transmission method of cross-safety zone - Google Patents

The electric data transmission method of cross-safety zone Download PDF

Info

Publication number
CN106302409A
CN106302409A CN201610625336.6A CN201610625336A CN106302409A CN 106302409 A CN106302409 A CN 106302409A CN 201610625336 A CN201610625336 A CN 201610625336A CN 106302409 A CN106302409 A CN 106302409A
Authority
CN
China
Prior art keywords
server
user
safety
access
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610625336.6A
Other languages
Chinese (zh)
Inventor
马聪
韩建利
贾涛
张华锋
宋宛平
李静
刘延民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanyang Power Supply Co of State Grid Henan Electric Power Co Ltd
Original Assignee
Nanyang Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanyang Power Supply Co of State Grid Henan Electric Power Co Ltd filed Critical Nanyang Power Supply Co of State Grid Henan Electric Power Co Ltd
Priority to CN201610625336.6A priority Critical patent/CN106302409A/en
Publication of CN106302409A publication Critical patent/CN106302409A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Abstract

The invention discloses the electric data transmission method of a kind of cross-safety zone, arrange caching server in different grades of safety operation area, each server in described safety operation area connects corresponding caching server;USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;Server is that user terminal arranges authorization privilege according to user type;The USB port of described user terminal connects built-in security encryption chip encryption, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;When server detects the access request of user, carry out user authentication;After certification success, user terminal sends the instruction of data search, and first the instruction of described data search makes a look up in caching server.The present invention is in order to realize the safe transmission of electric power data, and versatility is good, it is adaptable to the occasion that power department is higher to security request data.

Description

The electric data transmission method of cross-safety zone
Technical field
The present invention relates to field of computer information security, especially relate to the electric power data transmission side of a kind of cross-safety zone Method.
Background technology
Tradition realizes the technical scheme of computer information safe and is broadly divided into two big classes: a class is software engineering scheme.This It is most technology of applying at present, utilizes safeguard protection software to realize computer information safe, this technical scheme low cost, open Send out the advantages such as flexible, but there is also some shortcomings: after the refitting of (1) system, need to reinstall software;(2) software easily quilt Unloading, causes computer to be in unprotected state;(3) there is leak in software, and wooden horse, virus can be attacked protection capacity of safety protection software, be stopped Fall protection process so that security protection was lost efficacy.Another kind of is hardware technology scheme, such as hard disk, the safe U dish of band encryption chip, This solution has that safety is high, crack the advantages such as difficulty, but there is also some shortcomings: hardware cost height, poor compatibility, Poor universality.
Notification number is that the patent of invention of CN101901197 discloses a kind of information safety devices, control method and system, letter After breath safety equipment are connected with main frame and power on, the status poll of Receiving Host, and return many next states and be unsatisfactory for instructing;Receive main The interrupt signal that machine sends, the satisfied instruction of interruption return state is to main frame, with interrupt run AUTORUN program;Or, return shape State meets instruction to main frame, operation AUTORUN program.This information safety devices and control system, sent by main frame and interrupt letter Number give information safety devices, interrupt AUTORUN program operation so that information safety devices main frame Windows operate system Use under Tong, can not be limited by user right.
Notification number is that the patent of invention of CN102546620 discloses a kind of information security control method, information security control Device and client, during client terminal start-up operating system, its information security control device sends connection request to server, as Fruit receives the response of described server, then close client part or total data output application;Client enters operating system After, the request of transmission access license is to described server, if receiving the response allowing to access server, then and permission client visit Ask described server, otherwise forbid server described in client-access.The method can make the information of server not by client Arbitrarily download and propagate, thus improve the safety of server data.
Above two method is both needed to the security control using special information safety devices to carry out information, and its hardware cost is relatively Height, and compatible and versatility is poor.
Summary of the invention
In view of this, it is an object of the invention to for the deficiencies in the prior art, it is provided that the electric power data of a kind of cross-safety zone Transmission method, in order to realize the data transmission security of power domain.
For reaching above-mentioned purpose, the present invention by the following technical solutions:
The electric data transmission method of a kind of cross-safety zone, wherein, comprises the steps:
Arranging caching server in different grades of safety operation area, it is right that each server in described safety operation area connects The caching server answered, is connected through virtual private network between server with caching server;
USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system only Can start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, if not Can normally work, then system automatic shutdown;
Described server is that user terminal arranges authorization privilege according to user type;In the USB port of described user terminal connects The security encryption chip encryption put, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;
When described server detects the access request of user, carry out user authentication;
After certification success, user terminal sends the instruction of data search, and described data search instructs first in caching server Make a look up;If described caching server does not finds, then make a look up in the server that described caching server is corresponding; If the most also not finding, the most described server sends request, other safe work to other safety operation area server Make district's whois lookup and send the data to this server after data, and corresponding at caching server at described server Middle storage, is sent the data to user terminal by described caching server.
Preferably, described server is that user terminal arranges authorization privilege according to user type, including:
Server is that user distributes credit value, determines access authorization privilege according to described credit value;
Server detects that the access authorization requests that user sends, described access authorization requests include: ID, log in password and Access item;
Authorization requests is converted into multiple subquery task that authorizes that accesses by server, respectively the plurality of access is authorized subquery Task is verified, if by checking, then by described access authorization requests, and user authentication success;If not verified, then refuse Exhausted described access authorization requests, and feedback result is sent to user.
Preferably, when described server detects the access request of user, carry out user authentication, including:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
Preferably, also include: terminal safety information that described server periodic detection user terminal sends, authorization privilege Use state, determines new credit value according to the use state of described terminal safety information and authorization privilege.
Preferably, also include: if safety detection and risk assessment are not passed through, according to the result of server feedback, prompting User terminal carries out upgrading and virus base updates.
A kind of electric power data transmitting device of cross-safety zone, wherein, including:
Module is set, caching server is set in different grades of safety operation area, each in described safety operation area Server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module, for connecting built-in security encryption chip encryption at the USB port of server, arranges BIOS, makes system Can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, as Cisco unity malfunction, then system automatic shutdown;
Authorization module, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal USB port connects built-in security encryption chip encryption, arranges BIOS, makes system can only encrypt from the safety specifying USB port Chip starts;
Authentication module, when described server detects the access request of user, carries out user authentication;
Performing module, after certification success, user terminal sends the instruction of data search, and first the instruction of described data search exists Caching server makes a look up;If described caching server does not finds, then in the service that described caching server is corresponding Device makes a look up;If the most also not finding, the most described server sends to other safety operation area server please Ask, after other safety operation area whois lookup to data, send the data to this server, and at described server pair Should store in caching server, described caching server send the data to user terminal.
Preferably, described authorization module, including:
Distribution sub module, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
For server, detection sub-module, detects that the access authorization requests that user sends, described access authorization requests include: use Family ID, log in password and access item;
Checking submodule, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described many Individual access authorizes subquery task to verify, if by checking, then by described access authorization requests, and user authentication success; If not verified, then refuse described access authorization requests, and feedback result is sent to user.
Preferably, described authentication module, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
Preferably, more new module, for terminal safety information, the mandate of the transmission of described server periodic detection user terminal The use state of authority, determines new credit value according to the use state of described terminal safety information and authorization privilege.
Preferably, also include feedback module, if when safety detection and risk assessment are not passed through, according to server feedback Result, prompting user terminal carry out upgrading and virus base update.
The invention has the beneficial effects as follows:
Along with the universal of computer and the development of network, the information security issue of the Internet is more and more important, especially logarithm According to the department that safety requirements is more, in order to avoid information leakage equivalent risk, inner net computer is forbidden connecting the Internet.The present invention is led to Cross and user credit value and authorization privilege are set, carry out user authentication, for different user types and credit value, distribute different Authorization privilege, and Client-initiated is accessed authorization requests, authorization requests is converted into multiple access and authorizes subquery by server Task, authorizes subquery task to verify the plurality of access respectively, and the mode of this distributed query adds checking Process, further ensure information security.
The present invention arranges caching server in different grades of safety operation area, each server in safety operation area Connect corresponding caching server, be connected through virtual private network between server with caching server, solve existing electric power The problem that in electrical secondary system, communications cost is higher, during data in extranet access server, for the number that access frequency is higher According to, can quickly find in caching server, save time cost.
Server of the present invention, when accepting the access request of user terminal, carries out safety detection and risk assessment, by peace The result of full detection carries out risk assessment, if thinking after risk assessment, devoid of risk or risk are less, then agree to access request, if wind Think after the assessment of danger that risk is relatively big, then disagree access request, this result is fed back to user terminal simultaneously.This mode is at body Further network security being judged on the basis of part certification, avoiding the risk of information leakage to the full extent, and if sentencing Break risk bigger time, this safety detection result and risk evaluation result are fed back to user terminal, enable user terminal and The security risk that Shi Faxian self exists, guarantees the information security of terminal by modes such as upgrading, virus base renewals.
Other features and advantages of the present invention will illustrate in the following description, and, partly become from description Obtain it is clear that or understand by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Structure specifically noted in book, claims and accompanying drawing realizes and obtains.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the electric data transmission method of a kind of cross-safety zone of the present invention.
Fig. 2 is the method flow diagram of electric data transmission method step S102 of a kind of cross-safety zone of the present invention.
Fig. 3 is the theory diagram of the electric data transmission method of a kind of cross-safety zone of the present invention.
Fig. 4 is the theory diagram of the electric data transmission method authorization module of a kind of cross-safety zone of the present invention.
Detailed description of the invention
The invention will be further described with embodiment below in conjunction with the accompanying drawings.
As it is shown in figure 1, the electric data transmission method of a kind of cross-safety zone, comprise the steps:
Step S101, arranges caching server in different grades of safety operation area, each clothes in described safety operation area Business device connects corresponding caching server, is connected through virtual private network between server with caching server;
Step S102, the USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;System boot, it is judged that whether security encryption chip Normal work, such as cisco unity malfunction, then system automatic shutdown;
Step S103, described server is that user terminal arranges authorization privilege according to user type;The USB end of described user terminal Mouth connects built-in security encryption chip encryption, arranges BIOS, makes system can only open from the security encryption chip specifying USB port Dynamic;
Step S104, when described server detects the access request of user, carries out user authentication;
Step S105, after certification success, user terminal sends the instruction of data search, and the instruction of described data search is first at caching Server makes a look up;If described caching server does not finds, then in the server that described caching server is corresponding Make a look up;If the most also not finding, the most described server sends request to other safety operation area server, its Its safety operation area whois lookup sends the data to this server after data, and corresponding slow at described server Deposit in server and store, described caching server send the data to user terminal.
In this embodiment, according to addressed number of times, frequency, time scale information, data are ranked up, comprehensive addressed time Number and frequency are ranked up, and the most and frequency its sequence the highest priority of addressed number of times is the highest, and ranking results is one Dynamically the process of change, is continuously updated according to addressed number of times and frequency.Ranking index, sequence rope here is increased after sequence Draw and may refer to pin or chained list.It is stored in being often accessed for data in caching server, and (i.e. visits according to addressed number of times Ask number of times) it is ranked up, during data in extranet access server, for the data that access frequency is higher, can be at caching clothes Business device is quickly found, has saved time cost.
Described server, caching server, the USB port of user terminal are all connected with built-in security encryption chip encryption, BIOS is set, makes system can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip The most normally work, such as cisco unity malfunction, then system automatic shutdown.If security encryption chip normally works, system is from firmly Disk startup, retains a USB interface and built-in USB interface, closes other port.So, except ensureing to transmit at network During data safety, it is also possible to from hardware, realize physical isolation, it is ensured that data safety.Additionally, server directly with User terminal sets up data cube computation, but corresponding data are transferred to caching server, by caching server again by these data It is transferred to user terminal, is isolated layer by layer and protection by this, can each safety operation area and trouble free service to greatest extent Data safety between district.
The present invention, by arranging security encryption chip to server, is encrypted management by this encryption chip to system, Realizing system communication data encryption respectively, grid connects encryption.Effectively prevent the external the Internet of server and cause letter Breath is revealed, and infects virus and wooden horse etc. and has the hacker software of security threat.Cancel corresponding external hardware device communication simultaneously And connectivity port, to ensure that the information data of user's hard disk does not leaks, it is ensured that the secret and safe of server hardware system information.
In one embodiment, as in figure 2 it is shown, step S102 can be embodied as following steps:
Step S201, server is that user distributes credit value, determines access authorization privilege according to described credit value.
Step S202, server detects that the access authorization requests that user sends, described access authorization requests include: user ID, log in password and access item.
Step S203, access authorization requests is converted into multiple access and authorizes subquery task, respectively to described by server Multiple access authorizes subquery task to verify, if by checking, then by described access authorization requests, user authentication becomes Merit;If not verified, then refuse described access authorization requests, and feedback result is sent to user.
According to authorization rule, access authorization requests is decomposed into multiple subquery task, then these subquery tasks are sent Verifying to different authorization servers, final Authorization result is the comprehensive descision to multiple subquery tasks.Server Including the storage server of data and authorization server, the server of storage data for data query, call, the behaviour such as change Make, authorization server according to authorization rule to ID, log in password and access item authorize, such as, according to user class The other access item authority to different user ID distribution is different, a user is conducted interviews mandate time, obtain after needing to log in Credit value, then carry out authorizing access.If anonymous or unknown device, need to distribute corresponding initial credit value.If A certain subscription access server causes information leakage, then reduced by the credit value of this user, and this ID is classified as emphasis sight Examine object.
In one embodiment, step S103 can be embodied as following steps:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
When server detects user's access request, carry out network security detection, safety detection include malicious attack detection, Tender spots detection, network data Packet capturing and network topology detection.Tender spots detects, and refers to utilize tender spots scanning device to find out network Each host node tender spots that may be present.Carry out risk identification according to safety detection result, analyze, assess, according to tender spots The credibility existed and the difficulty or ease program being utilized calculate the probability that success attack occurs, to obtain final risk assessment Value.
Along with the universal of computer and the development of network, the information security issue of the Internet is more and more important, especially The department more to security request data, in order to avoid information leakage equivalent risk, inner net computer is forbidden connecting the Internet.This Bright carrying out user authentication by arranging user credit value and authorization privilege, for different user types and credit value, distribution is not Same authorization privilege, and Client-initiated is accessed authorization requests, authorization requests is converted into multiple access and authorizes son by server Query task, authorizes subquery task to verify the plurality of access respectively, and the mode of this distributed query adds The process of checking, further ensures information security.
Server of the present invention, when accepting the access request of user terminal, carries out safety detection and risk assessment, by peace The result of full detection carries out risk assessment, if thinking after risk assessment, devoid of risk or risk are less, then agree to access request, if wind Think after the assessment of danger that risk is relatively big, then disagree access request, this result is fed back to user terminal simultaneously.This mode is at body Further network security being judged on the basis of part certification, avoiding the risk of information leakage to the full extent, and if sentencing Break risk bigger time, this safety detection result and risk evaluation result are fed back to user terminal, enable user terminal and The security risk that Shi Faxian self exists, guarantees the information security of terminal by modes such as upgrading, virus base renewals.
In one embodiment, this embodiment step S102 also includes step S204, described server periodic detection user Terminal safety information that terminal sends, the use state of authorization privilege, according to making of described terminal safety information and authorization privilege New credit value is determined by state.
In one embodiment, this embodiment step S102 also includes step S205, if safety detection and risk assessment are not By time, according to the result of server feedback, prompting user terminal carries out upgrading and virus base updates.
As it is shown on figure 3, the electric power data transmitting device of a kind of cross-safety zone, including:
Module 101 is set, caching server is set in different grades of safety operation area, each in described safety operation area Individual server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module 102, for connecting the encryption of built-in security encryption chip at the USB port of server, arranges BIOS, make be System can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, Such as cisco unity malfunction, then system automatic shutdown;
Authorization module 103, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal USB port connect the encryption of built-in security encryption chip, BIOS is set, makes system can only add from the safety specifying USB port Close chip starts;
Authentication module 104, when described server detects the access request of user, carries out user authentication;Perform module 105, after certification success, user terminal sends the instruction of data search, and described data search instructs first at buffer service Device makes a look up;If described caching server does not finds, then carry out in the server that described caching server is corresponding Search;If the most also not finding, the most described server sends request to other safety operation area server, other peace Full workspace service device sends the data to this server after finding data, and corresponding at caching clothes at described server Business device stores, described caching server sends the data to user terminal.
In one embodiment, as shown in Figure 4, described authorization module 103, including:
Distribution sub module 201, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
Detection sub-module 202, detects the access authorization requests that user sends, described access authorization requests bag for server Include: ID, log in password and access item;
Checking submodule 203, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described Multiple access authorizes subquery task to verify, if by checking, then by described access authorization requests, user authentication becomes Merit;If not verified, then refuse described access authorization requests, and feedback result is sent to user.
In one embodiment, described authentication module 104, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
In one embodiment, described authorization module 102 also includes: updates submodule, periodically examines for described server Survey terminal safety information, the use state of authorization privilege that user terminal sends, according to described terminal safety information and mandate power The use state of limit determines new credit value.
In one embodiment, described authorization module 102 also includes: feedback submodule, if for safety detection and risk When assessment is not passed through, according to the result of server feedback, prompting user terminal carries out upgrading and virus base updates.
Illustrate, above example only in order to technical scheme to be described and unrestricted, ordinary skill Other amendment or equivalents that technical scheme is made by personnel, without departing from the essence of technical solution of the present invention God and scope, all should contain in the middle of scope of the presently claimed invention.

Claims (10)

1. the electric data transmission method of a cross-safety zone, it is characterised in that: comprise the steps:
Arranging caching server in different grades of safety operation area, it is right that each server in described safety operation area connects The caching server answered, is connected through virtual private network between server with caching server;
USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system only Can start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, if not Can normally work, then system automatic shutdown;
Described server is that user terminal arranges authorization privilege according to user type;In the USB port of described user terminal connects The security encryption chip encryption put, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;
When described server detects the access request of user, carry out user authentication;
After certification success, user terminal sends the instruction of data search, and described data search instructs first in caching server Make a look up;If described caching server does not finds, then make a look up in the server that described caching server is corresponding; If the most also not finding, the most described server sends request, other safe work to other safety operation area server Make district's whois lookup and send the data to this server after data, and corresponding at caching server at described server Middle storage, is sent the data to user terminal by described caching server.
The electric data transmission method of a kind of cross-safety zone the most according to claim 1, it is characterised in that: described server It is that user terminal arranges authorization privilege according to user type, including:
Server is that user distributes credit value, determines access authorization privilege according to described credit value;
Server detects that the access authorization requests that user sends, described access authorization requests include: ID, log in password and Access item;
Authorization requests is converted into multiple subquery task that authorizes that accesses by server, respectively the plurality of access is authorized subquery Task is verified, if by checking, then by described access authorization requests, and user authentication success;If not verified, then refuse Exhausted described access authorization requests, and feedback result is sent to user.
The electric data transmission method of a kind of cross-safety zone the most according to claim 2, it is characterised in that: described server When the access request of user being detected, carry out user authentication, including:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
The electric data transmission method of a kind of cross-safety zone the most according to claim 3, it is characterised in that: also include: institute State terminal safety information, the use state of authorization privilege that server periodic detection user terminal sends, pacify according to described terminal The use state of full information and authorization privilege determines new credit value.
The electric data transmission method of a kind of cross-safety zone the most according to claim 4, it is characterised in that: also include: if When safety detection and risk assessment are not passed through, according to the result of server feedback, prompting user terminal carries out upgrading and virus base Update.
6. the electric power data transmitting device of a cross-safety zone, it is characterised in that: including:
Module is set, caching server is set in different grades of safety operation area, each in described safety operation area Server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module, for connecting built-in security encryption chip encryption at the USB port of server, arranges BIOS, makes system Can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, as Cisco unity malfunction, then system automatic shutdown;
Authorization module, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal USB port connects built-in security encryption chip encryption, arranges BIOS, makes system can only encrypt from the safety specifying USB port Chip starts;
Authentication module, when described server detects the access request of user, carries out user authentication;
Performing module, after certification success, user terminal sends the instruction of data search, and first the instruction of described data search exists Caching server makes a look up;If described caching server does not finds, then in the service that described caching server is corresponding Device makes a look up;If the most also not finding, the most described server sends to other safety operation area server please Ask, after other safety operation area whois lookup to data, send the data to this server, and at described server pair Should store in caching server, described caching server send the data to user terminal.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 6, it is characterised in that: described mandate mould Block, including:
Distribution sub module, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
For server, detection sub-module, detects that the access authorization requests that user sends, described access authorization requests include: use Family ID, log in password and access item;
Checking submodule, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described many Individual access authorizes subquery task to verify, if by checking, then by described access authorization requests, and user authentication success; If not verified, then refuse described access authorization requests, and feedback result is sent to user.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 7, it is characterised in that: described certification mould Block, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 8, it is characterised in that: also include: more New module, for terminal safety information, the use state of authorization privilege of the transmission of described server periodic detection user terminal, root New credit value is determined according to the use state of described terminal safety information and authorization privilege.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 9, it is characterised in that: also include: anti- Feedback module, if when safety detection and risk assessment are not passed through, according to the result of server feedback, prompting user terminal is carried out Upgrading and virus base update.
CN201610625336.6A 2016-07-30 2016-07-30 The electric data transmission method of cross-safety zone Pending CN106302409A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610625336.6A CN106302409A (en) 2016-07-30 2016-07-30 The electric data transmission method of cross-safety zone

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610625336.6A CN106302409A (en) 2016-07-30 2016-07-30 The electric data transmission method of cross-safety zone

Publications (1)

Publication Number Publication Date
CN106302409A true CN106302409A (en) 2017-01-04

Family

ID=57664337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610625336.6A Pending CN106302409A (en) 2016-07-30 2016-07-30 The electric data transmission method of cross-safety zone

Country Status (1)

Country Link
CN (1) CN106302409A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109917761A (en) * 2019-03-13 2019-06-21 浙江浙能长兴天然气热电有限公司 A kind of method and system improving DCS of Power Plant security protection
CN110609208A (en) * 2019-09-15 2019-12-24 杭州拓深科技有限公司 Portable fault wave recording monitor and wave recording monitoring method thereof
CN112150306A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Power data network security test method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101924765A (en) * 2010-08-20 2010-12-22 河南省电力公司 Single-system and single-network computer communication method
CN103813334A (en) * 2014-02-24 2014-05-21 宇龙计算机通信科技(深圳)有限公司 Right control method and right control device
CN104468310A (en) * 2014-11-14 2015-03-25 国家电网公司 Power communication system and method
CN104935636A (en) * 2015-04-29 2015-09-23 广州杰赛科技股份有限公司 Network channel acceleration method and system
CN105450703A (en) * 2014-08-28 2016-03-30 杭州迪普科技有限公司 Data caching method and data caching device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101924765A (en) * 2010-08-20 2010-12-22 河南省电力公司 Single-system and single-network computer communication method
CN103813334A (en) * 2014-02-24 2014-05-21 宇龙计算机通信科技(深圳)有限公司 Right control method and right control device
CN105450703A (en) * 2014-08-28 2016-03-30 杭州迪普科技有限公司 Data caching method and data caching device
CN104468310A (en) * 2014-11-14 2015-03-25 国家电网公司 Power communication system and method
CN104935636A (en) * 2015-04-29 2015-09-23 广州杰赛科技股份有限公司 Network channel acceleration method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
窦文阳: ""普适计算环境下的安全分布式访问控制系统研究"", 《计算机科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109917761A (en) * 2019-03-13 2019-06-21 浙江浙能长兴天然气热电有限公司 A kind of method and system improving DCS of Power Plant security protection
CN110609208A (en) * 2019-09-15 2019-12-24 杭州拓深科技有限公司 Portable fault wave recording monitor and wave recording monitoring method thereof
CN112150306A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Power data network security test method and device
CN112150306B (en) * 2020-09-15 2023-12-05 深圳供电局有限公司 Power data network security test method and equipment

Similar Documents

Publication Publication Date Title
CN106209847A (en) Electric data transmission method and device
CN106254329A (en) For the method protecting computer network security
US20200045039A1 (en) Hardware-based device authentication
CN106302415A (en) A kind of method verifying equipment validity and distribution automatic to legitimate device
EP3029593B1 (en) System and method of limiting the operation of trusted applications in the presence of suspicious programs
CN105959319A (en) Data safe transmission method and device
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
US20060224897A1 (en) Access control service and control server
CN111737366A (en) Private data processing method, device, equipment and storage medium of block chain
CN111447222A (en) Distributed system authority authentication system and method based on micro-service architecture
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
CN106161445A (en) A kind of computer information safe control method and device
EP3884405B1 (en) Secure count in cloud computing networks
CN106209844A (en) The electric power safety means of communication
US20190349356A1 (en) Cybersecurity intelligence platform that predicts impending cyber threats and proactively protects heterogeneous devices using highly-scalable bidirectional secure connections in a federated threat intelligence environment
CN109274653A (en) Data management-control method, system, equipment and storage medium based on user right
CN105657712A (en) Access control method and device of WiFi hotspot
CN109614204A (en) Memory insulation blocking method, isolation check hardware, SOC chip and storage medium
CN106302409A (en) The electric data transmission method of cross-safety zone
CN202652255U (en) SQL injection safety protection system
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
CN110099041A (en) A kind of Internet of Things means of defence and equipment, system
CN105279433A (en) Application protection method and apparatus
CN116821020A (en) BMC controller, information security system and information interaction method
CN202085191U (en) Data safe storage and transmission system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170104

RJ01 Rejection of invention patent application after publication