CN106302409A - The electric data transmission method of cross-safety zone - Google Patents
The electric data transmission method of cross-safety zone Download PDFInfo
- Publication number
- CN106302409A CN106302409A CN201610625336.6A CN201610625336A CN106302409A CN 106302409 A CN106302409 A CN 106302409A CN 201610625336 A CN201610625336 A CN 201610625336A CN 106302409 A CN106302409 A CN 106302409A
- Authority
- CN
- China
- Prior art keywords
- server
- user
- safety
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Abstract
The invention discloses the electric data transmission method of a kind of cross-safety zone, arrange caching server in different grades of safety operation area, each server in described safety operation area connects corresponding caching server;USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;Server is that user terminal arranges authorization privilege according to user type;The USB port of described user terminal connects built-in security encryption chip encryption, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;When server detects the access request of user, carry out user authentication;After certification success, user terminal sends the instruction of data search, and first the instruction of described data search makes a look up in caching server.The present invention is in order to realize the safe transmission of electric power data, and versatility is good, it is adaptable to the occasion that power department is higher to security request data.
Description
Technical field
The present invention relates to field of computer information security, especially relate to the electric power data transmission side of a kind of cross-safety zone
Method.
Background technology
Tradition realizes the technical scheme of computer information safe and is broadly divided into two big classes: a class is software engineering scheme.This
It is most technology of applying at present, utilizes safeguard protection software to realize computer information safe, this technical scheme low cost, open
Send out the advantages such as flexible, but there is also some shortcomings: after the refitting of (1) system, need to reinstall software;(2) software easily quilt
Unloading, causes computer to be in unprotected state;(3) there is leak in software, and wooden horse, virus can be attacked protection capacity of safety protection software, be stopped
Fall protection process so that security protection was lost efficacy.Another kind of is hardware technology scheme, such as hard disk, the safe U dish of band encryption chip,
This solution has that safety is high, crack the advantages such as difficulty, but there is also some shortcomings: hardware cost height, poor compatibility,
Poor universality.
Notification number is that the patent of invention of CN101901197 discloses a kind of information safety devices, control method and system, letter
After breath safety equipment are connected with main frame and power on, the status poll of Receiving Host, and return many next states and be unsatisfactory for instructing;Receive main
The interrupt signal that machine sends, the satisfied instruction of interruption return state is to main frame, with interrupt run AUTORUN program;Or, return shape
State meets instruction to main frame, operation AUTORUN program.This information safety devices and control system, sent by main frame and interrupt letter
Number give information safety devices, interrupt AUTORUN program operation so that information safety devices main frame Windows operate system
Use under Tong, can not be limited by user right.
Notification number is that the patent of invention of CN102546620 discloses a kind of information security control method, information security control
Device and client, during client terminal start-up operating system, its information security control device sends connection request to server, as
Fruit receives the response of described server, then close client part or total data output application;Client enters operating system
After, the request of transmission access license is to described server, if receiving the response allowing to access server, then and permission client visit
Ask described server, otherwise forbid server described in client-access.The method can make the information of server not by client
Arbitrarily download and propagate, thus improve the safety of server data.
Above two method is both needed to the security control using special information safety devices to carry out information, and its hardware cost is relatively
Height, and compatible and versatility is poor.
Summary of the invention
In view of this, it is an object of the invention to for the deficiencies in the prior art, it is provided that the electric power data of a kind of cross-safety zone
Transmission method, in order to realize the data transmission security of power domain.
For reaching above-mentioned purpose, the present invention by the following technical solutions:
The electric data transmission method of a kind of cross-safety zone, wherein, comprises the steps:
Arranging caching server in different grades of safety operation area, it is right that each server in described safety operation area connects
The caching server answered, is connected through virtual private network between server with caching server;
USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system only
Can start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, if not
Can normally work, then system automatic shutdown;
Described server is that user terminal arranges authorization privilege according to user type;In the USB port of described user terminal connects
The security encryption chip encryption put, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;
When described server detects the access request of user, carry out user authentication;
After certification success, user terminal sends the instruction of data search, and described data search instructs first in caching server
Make a look up;If described caching server does not finds, then make a look up in the server that described caching server is corresponding;
If the most also not finding, the most described server sends request, other safe work to other safety operation area server
Make district's whois lookup and send the data to this server after data, and corresponding at caching server at described server
Middle storage, is sent the data to user terminal by described caching server.
Preferably, described server is that user terminal arranges authorization privilege according to user type, including:
Server is that user distributes credit value, determines access authorization privilege according to described credit value;
Server detects that the access authorization requests that user sends, described access authorization requests include: ID, log in password and
Access item;
Authorization requests is converted into multiple subquery task that authorizes that accesses by server, respectively the plurality of access is authorized subquery
Task is verified, if by checking, then by described access authorization requests, and user authentication success;If not verified, then refuse
Exhausted described access authorization requests, and feedback result is sent to user.
Preferably, when described server detects the access request of user, carry out user authentication, including:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net
Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result
Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet
Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
Preferably, also include: terminal safety information that described server periodic detection user terminal sends, authorization privilege
Use state, determines new credit value according to the use state of described terminal safety information and authorization privilege.
Preferably, also include: if safety detection and risk assessment are not passed through, according to the result of server feedback, prompting
User terminal carries out upgrading and virus base updates.
A kind of electric power data transmitting device of cross-safety zone, wherein, including:
Module is set, caching server is set in different grades of safety operation area, each in described safety operation area
Server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module, for connecting built-in security encryption chip encryption at the USB port of server, arranges BIOS, makes system
Can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, as
Cisco unity malfunction, then system automatic shutdown;
Authorization module, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal
USB port connects built-in security encryption chip encryption, arranges BIOS, makes system can only encrypt from the safety specifying USB port
Chip starts;
Authentication module, when described server detects the access request of user, carries out user authentication;
Performing module, after certification success, user terminal sends the instruction of data search, and first the instruction of described data search exists
Caching server makes a look up;If described caching server does not finds, then in the service that described caching server is corresponding
Device makes a look up;If the most also not finding, the most described server sends to other safety operation area server please
Ask, after other safety operation area whois lookup to data, send the data to this server, and at described server pair
Should store in caching server, described caching server send the data to user terminal.
Preferably, described authorization module, including:
Distribution sub module, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
For server, detection sub-module, detects that the access authorization requests that user sends, described access authorization requests include: use
Family ID, log in password and access item;
Checking submodule, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described many
Individual access authorizes subquery task to verify, if by checking, then by described access authorization requests, and user authentication success;
If not verified, then refuse described access authorization requests, and feedback result is sent to user.
Preferably, described authentication module, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success
After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be
The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check
Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
Preferably, more new module, for terminal safety information, the mandate of the transmission of described server periodic detection user terminal
The use state of authority, determines new credit value according to the use state of described terminal safety information and authorization privilege.
Preferably, also include feedback module, if when safety detection and risk assessment are not passed through, according to server feedback
Result, prompting user terminal carry out upgrading and virus base update.
The invention has the beneficial effects as follows:
Along with the universal of computer and the development of network, the information security issue of the Internet is more and more important, especially logarithm
According to the department that safety requirements is more, in order to avoid information leakage equivalent risk, inner net computer is forbidden connecting the Internet.The present invention is led to
Cross and user credit value and authorization privilege are set, carry out user authentication, for different user types and credit value, distribute different
Authorization privilege, and Client-initiated is accessed authorization requests, authorization requests is converted into multiple access and authorizes subquery by server
Task, authorizes subquery task to verify the plurality of access respectively, and the mode of this distributed query adds checking
Process, further ensure information security.
The present invention arranges caching server in different grades of safety operation area, each server in safety operation area
Connect corresponding caching server, be connected through virtual private network between server with caching server, solve existing electric power
The problem that in electrical secondary system, communications cost is higher, during data in extranet access server, for the number that access frequency is higher
According to, can quickly find in caching server, save time cost.
Server of the present invention, when accepting the access request of user terminal, carries out safety detection and risk assessment, by peace
The result of full detection carries out risk assessment, if thinking after risk assessment, devoid of risk or risk are less, then agree to access request, if wind
Think after the assessment of danger that risk is relatively big, then disagree access request, this result is fed back to user terminal simultaneously.This mode is at body
Further network security being judged on the basis of part certification, avoiding the risk of information leakage to the full extent, and if sentencing
Break risk bigger time, this safety detection result and risk evaluation result are fed back to user terminal, enable user terminal and
The security risk that Shi Faxian self exists, guarantees the information security of terminal by modes such as upgrading, virus base renewals.
Other features and advantages of the present invention will illustrate in the following description, and, partly become from description
Obtain it is clear that or understand by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write
Structure specifically noted in book, claims and accompanying drawing realizes and obtains.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the electric data transmission method of a kind of cross-safety zone of the present invention.
Fig. 2 is the method flow diagram of electric data transmission method step S102 of a kind of cross-safety zone of the present invention.
Fig. 3 is the theory diagram of the electric data transmission method of a kind of cross-safety zone of the present invention.
Fig. 4 is the theory diagram of the electric data transmission method authorization module of a kind of cross-safety zone of the present invention.
Detailed description of the invention
The invention will be further described with embodiment below in conjunction with the accompanying drawings.
As it is shown in figure 1, the electric data transmission method of a kind of cross-safety zone, comprise the steps:
Step S101, arranges caching server in different grades of safety operation area, each clothes in described safety operation area
Business device connects corresponding caching server, is connected through virtual private network between server with caching server;
Step S102, the USB port at server and caching server connects built-in security encryption chip encryption, arranges
BIOS, makes system can only start from the security encryption chip specifying USB port;System boot, it is judged that whether security encryption chip
Normal work, such as cisco unity malfunction, then system automatic shutdown;
Step S103, described server is that user terminal arranges authorization privilege according to user type;The USB end of described user terminal
Mouth connects built-in security encryption chip encryption, arranges BIOS, makes system can only open from the security encryption chip specifying USB port
Dynamic;
Step S104, when described server detects the access request of user, carries out user authentication;
Step S105, after certification success, user terminal sends the instruction of data search, and the instruction of described data search is first at caching
Server makes a look up;If described caching server does not finds, then in the server that described caching server is corresponding
Make a look up;If the most also not finding, the most described server sends request to other safety operation area server, its
Its safety operation area whois lookup sends the data to this server after data, and corresponding slow at described server
Deposit in server and store, described caching server send the data to user terminal.
In this embodiment, according to addressed number of times, frequency, time scale information, data are ranked up, comprehensive addressed time
Number and frequency are ranked up, and the most and frequency its sequence the highest priority of addressed number of times is the highest, and ranking results is one
Dynamically the process of change, is continuously updated according to addressed number of times and frequency.Ranking index, sequence rope here is increased after sequence
Draw and may refer to pin or chained list.It is stored in being often accessed for data in caching server, and (i.e. visits according to addressed number of times
Ask number of times) it is ranked up, during data in extranet access server, for the data that access frequency is higher, can be at caching clothes
Business device is quickly found, has saved time cost.
Described server, caching server, the USB port of user terminal are all connected with built-in security encryption chip encryption,
BIOS is set, makes system can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip
The most normally work, such as cisco unity malfunction, then system automatic shutdown.If security encryption chip normally works, system is from firmly
Disk startup, retains a USB interface and built-in USB interface, closes other port.So, except ensureing to transmit at network
During data safety, it is also possible to from hardware, realize physical isolation, it is ensured that data safety.Additionally, server directly with
User terminal sets up data cube computation, but corresponding data are transferred to caching server, by caching server again by these data
It is transferred to user terminal, is isolated layer by layer and protection by this, can each safety operation area and trouble free service to greatest extent
Data safety between district.
The present invention, by arranging security encryption chip to server, is encrypted management by this encryption chip to system,
Realizing system communication data encryption respectively, grid connects encryption.Effectively prevent the external the Internet of server and cause letter
Breath is revealed, and infects virus and wooden horse etc. and has the hacker software of security threat.Cancel corresponding external hardware device communication simultaneously
And connectivity port, to ensure that the information data of user's hard disk does not leaks, it is ensured that the secret and safe of server hardware system information.
In one embodiment, as in figure 2 it is shown, step S102 can be embodied as following steps:
Step S201, server is that user distributes credit value, determines access authorization privilege according to described credit value.
Step S202, server detects that the access authorization requests that user sends, described access authorization requests include: user
ID, log in password and access item.
Step S203, access authorization requests is converted into multiple access and authorizes subquery task, respectively to described by server
Multiple access authorizes subquery task to verify, if by checking, then by described access authorization requests, user authentication becomes
Merit;If not verified, then refuse described access authorization requests, and feedback result is sent to user.
According to authorization rule, access authorization requests is decomposed into multiple subquery task, then these subquery tasks are sent
Verifying to different authorization servers, final Authorization result is the comprehensive descision to multiple subquery tasks.Server
Including the storage server of data and authorization server, the server of storage data for data query, call, the behaviour such as change
Make, authorization server according to authorization rule to ID, log in password and access item authorize, such as, according to user class
The other access item authority to different user ID distribution is different, a user is conducted interviews mandate time, obtain after needing to log in
Credit value, then carry out authorizing access.If anonymous or unknown device, need to distribute corresponding initial credit value.If
A certain subscription access server causes information leakage, then reduced by the credit value of this user, and this ID is classified as emphasis sight
Examine object.
In one embodiment, step S103 can be embodied as following steps:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net
Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result
Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet
Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
When server detects user's access request, carry out network security detection, safety detection include malicious attack detection,
Tender spots detection, network data Packet capturing and network topology detection.Tender spots detects, and refers to utilize tender spots scanning device to find out network
Each host node tender spots that may be present.Carry out risk identification according to safety detection result, analyze, assess, according to tender spots
The credibility existed and the difficulty or ease program being utilized calculate the probability that success attack occurs, to obtain final risk assessment
Value.
Along with the universal of computer and the development of network, the information security issue of the Internet is more and more important, especially
The department more to security request data, in order to avoid information leakage equivalent risk, inner net computer is forbidden connecting the Internet.This
Bright carrying out user authentication by arranging user credit value and authorization privilege, for different user types and credit value, distribution is not
Same authorization privilege, and Client-initiated is accessed authorization requests, authorization requests is converted into multiple access and authorizes son by server
Query task, authorizes subquery task to verify the plurality of access respectively, and the mode of this distributed query adds
The process of checking, further ensures information security.
Server of the present invention, when accepting the access request of user terminal, carries out safety detection and risk assessment, by peace
The result of full detection carries out risk assessment, if thinking after risk assessment, devoid of risk or risk are less, then agree to access request, if wind
Think after the assessment of danger that risk is relatively big, then disagree access request, this result is fed back to user terminal simultaneously.This mode is at body
Further network security being judged on the basis of part certification, avoiding the risk of information leakage to the full extent, and if sentencing
Break risk bigger time, this safety detection result and risk evaluation result are fed back to user terminal, enable user terminal and
The security risk that Shi Faxian self exists, guarantees the information security of terminal by modes such as upgrading, virus base renewals.
In one embodiment, this embodiment step S102 also includes step S204, described server periodic detection user
Terminal safety information that terminal sends, the use state of authorization privilege, according to making of described terminal safety information and authorization privilege
New credit value is determined by state.
In one embodiment, this embodiment step S102 also includes step S205, if safety detection and risk assessment are not
By time, according to the result of server feedback, prompting user terminal carries out upgrading and virus base updates.
As it is shown on figure 3, the electric power data transmitting device of a kind of cross-safety zone, including:
Module 101 is set, caching server is set in different grades of safety operation area, each in described safety operation area
Individual server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module 102, for connecting the encryption of built-in security encryption chip at the USB port of server, arranges BIOS, make be
System can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works,
Such as cisco unity malfunction, then system automatic shutdown;
Authorization module 103, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal
USB port connect the encryption of built-in security encryption chip, BIOS is set, makes system can only add from the safety specifying USB port
Close chip starts;
Authentication module 104, when described server detects the access request of user, carries out user authentication;Perform module
105, after certification success, user terminal sends the instruction of data search, and described data search instructs first at buffer service
Device makes a look up;If described caching server does not finds, then carry out in the server that described caching server is corresponding
Search;If the most also not finding, the most described server sends request to other safety operation area server, other peace
Full workspace service device sends the data to this server after finding data, and corresponding at caching clothes at described server
Business device stores, described caching server sends the data to user terminal.
In one embodiment, as shown in Figure 4, described authorization module 103, including:
Distribution sub module 201, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
Detection sub-module 202, detects the access authorization requests that user sends, described access authorization requests bag for server
Include: ID, log in password and access item;
Checking submodule 203, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described
Multiple access authorizes subquery task to verify, if by checking, then by described access authorization requests, user authentication becomes
Merit;If not verified, then refuse described access authorization requests, and feedback result is sent to user.
In one embodiment, described authentication module 104, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success
After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be
The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check
Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
In one embodiment, described authorization module 102 also includes: updates submodule, periodically examines for described server
Survey terminal safety information, the use state of authorization privilege that user terminal sends, according to described terminal safety information and mandate power
The use state of limit determines new credit value.
In one embodiment, described authorization module 102 also includes: feedback submodule, if for safety detection and risk
When assessment is not passed through, according to the result of server feedback, prompting user terminal carries out upgrading and virus base updates.
Illustrate, above example only in order to technical scheme to be described and unrestricted, ordinary skill
Other amendment or equivalents that technical scheme is made by personnel, without departing from the essence of technical solution of the present invention
God and scope, all should contain in the middle of scope of the presently claimed invention.
Claims (10)
1. the electric data transmission method of a cross-safety zone, it is characterised in that: comprise the steps:
Arranging caching server in different grades of safety operation area, it is right that each server in described safety operation area connects
The caching server answered, is connected through virtual private network between server with caching server;
USB port at server and caching server connects built-in security encryption chip encryption, arranges BIOS, makes system only
Can start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, if not
Can normally work, then system automatic shutdown;
Described server is that user terminal arranges authorization privilege according to user type;In the USB port of described user terminal connects
The security encryption chip encryption put, arranges BIOS, makes system can only start from the security encryption chip specifying USB port;
When described server detects the access request of user, carry out user authentication;
After certification success, user terminal sends the instruction of data search, and described data search instructs first in caching server
Make a look up;If described caching server does not finds, then make a look up in the server that described caching server is corresponding;
If the most also not finding, the most described server sends request, other safe work to other safety operation area server
Make district's whois lookup and send the data to this server after data, and corresponding at caching server at described server
Middle storage, is sent the data to user terminal by described caching server.
The electric data transmission method of a kind of cross-safety zone the most according to claim 1, it is characterised in that: described server
It is that user terminal arranges authorization privilege according to user type, including:
Server is that user distributes credit value, determines access authorization privilege according to described credit value;
Server detects that the access authorization requests that user sends, described access authorization requests include: ID, log in password and
Access item;
Authorization requests is converted into multiple subquery task that authorizes that accesses by server, respectively the plurality of access is authorized subquery
Task is verified, if by checking, then by described access authorization requests, and user authentication success;If not verified, then refuse
Exhausted described access authorization requests, and feedback result is sent to user.
The electric data transmission method of a kind of cross-safety zone the most according to claim 2, it is characterised in that: described server
When the access request of user being detected, carry out user authentication, including:
When server detects the access request of user, first carry out user authentication, after user authentication success, be isolated to separation net
Network region, carries out safety detection and risk assessment, determines whether connecing of consenting user according to safety detection and risk evaluation result
Enter request, and result is fed back to user;Described safety detection includes the detection of malicious attack detection, tender spots, network packet
Capture and network topology detect;User authentication is unsuccessful, then refuse access request.
The electric data transmission method of a kind of cross-safety zone the most according to claim 3, it is characterised in that: also include: institute
State terminal safety information, the use state of authorization privilege that server periodic detection user terminal sends, pacify according to described terminal
The use state of full information and authorization privilege determines new credit value.
The electric data transmission method of a kind of cross-safety zone the most according to claim 4, it is characterised in that: also include: if
When safety detection and risk assessment are not passed through, according to the result of server feedback, prompting user terminal carries out upgrading and virus base
Update.
6. the electric power data transmitting device of a cross-safety zone, it is characterised in that: including:
Module is set, caching server is set in different grades of safety operation area, each in described safety operation area
Server connects corresponding caching server, is connected through virtual private network between server with caching server;
Encrypting module, for connecting built-in security encryption chip encryption at the USB port of server, arranges BIOS, makes system
Can only start from the security encryption chip specifying USB port;System boot, it is judged that security encryption chip the most normally works, as
Cisco unity malfunction, then system automatic shutdown;
Authorization module, is that user terminal arranges authorization privilege for described server according to user type;Described user terminal
USB port connects built-in security encryption chip encryption, arranges BIOS, makes system can only encrypt from the safety specifying USB port
Chip starts;
Authentication module, when described server detects the access request of user, carries out user authentication;
Performing module, after certification success, user terminal sends the instruction of data search, and first the instruction of described data search exists
Caching server makes a look up;If described caching server does not finds, then in the service that described caching server is corresponding
Device makes a look up;If the most also not finding, the most described server sends to other safety operation area server please
Ask, after other safety operation area whois lookup to data, send the data to this server, and at described server pair
Should store in caching server, described caching server send the data to user terminal.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 6, it is characterised in that: described mandate mould
Block, including:
Distribution sub module, is that user distributes credit value for server, determines access authorization privilege according to described credit value;
For server, detection sub-module, detects that the access authorization requests that user sends, described access authorization requests include: use
Family ID, log in password and access item;
Checking submodule, is converted into multiple access for server by authorization requests and authorizes subquery task, respectively to described many
Individual access authorizes subquery task to verify, if by checking, then by described access authorization requests, and user authentication success;
If not verified, then refuse described access authorization requests, and feedback result is sent to user.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 7, it is characterised in that: described certification mould
Block, including:
Authentication sub module, when the access request of user being detected for server, first carries out user authentication, user authentication success
After, it is isolated to isolation network region, carries out safety detection and risk assessment, determine according to safety detection and risk evaluation result and be
The access request of no consenting user, and result is fed back to user;Described safety detection includes malicious attack detection, fragile spot check
Survey, network data Packet capturing and network topology detection;User authentication is unsuccessful, then refuse access request.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 8, it is characterised in that: also include: more
New module, for terminal safety information, the use state of authorization privilege of the transmission of described server periodic detection user terminal, root
New credit value is determined according to the use state of described terminal safety information and authorization privilege.
The electric power data transmitting device of a kind of cross-safety zone the most according to claim 9, it is characterised in that: also include: anti-
Feedback module, if when safety detection and risk assessment are not passed through, according to the result of server feedback, prompting user terminal is carried out
Upgrading and virus base update.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610625336.6A CN106302409A (en) | 2016-07-30 | 2016-07-30 | The electric data transmission method of cross-safety zone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610625336.6A CN106302409A (en) | 2016-07-30 | 2016-07-30 | The electric data transmission method of cross-safety zone |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106302409A true CN106302409A (en) | 2017-01-04 |
Family
ID=57664337
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610625336.6A Pending CN106302409A (en) | 2016-07-30 | 2016-07-30 | The electric data transmission method of cross-safety zone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302409A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
CN110609208A (en) * | 2019-09-15 | 2019-12-24 | 杭州拓深科技有限公司 | Portable fault wave recording monitor and wave recording monitoring method thereof |
CN112150306A (en) * | 2020-09-15 | 2020-12-29 | 深圳供电局有限公司 | Power data network security test method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101924765A (en) * | 2010-08-20 | 2010-12-22 | 河南省电力公司 | Single-system and single-network computer communication method |
CN103813334A (en) * | 2014-02-24 | 2014-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Right control method and right control device |
CN104468310A (en) * | 2014-11-14 | 2015-03-25 | 国家电网公司 | Power communication system and method |
CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
-
2016
- 2016-07-30 CN CN201610625336.6A patent/CN106302409A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101924765A (en) * | 2010-08-20 | 2010-12-22 | 河南省电力公司 | Single-system and single-network computer communication method |
CN103813334A (en) * | 2014-02-24 | 2014-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Right control method and right control device |
CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
CN104468310A (en) * | 2014-11-14 | 2015-03-25 | 国家电网公司 | Power communication system and method |
CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
Non-Patent Citations (1)
Title |
---|
窦文阳: ""普适计算环境下的安全分布式访问控制系统研究"", 《计算机科学》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109917761A (en) * | 2019-03-13 | 2019-06-21 | 浙江浙能长兴天然气热电有限公司 | A kind of method and system improving DCS of Power Plant security protection |
CN110609208A (en) * | 2019-09-15 | 2019-12-24 | 杭州拓深科技有限公司 | Portable fault wave recording monitor and wave recording monitoring method thereof |
CN112150306A (en) * | 2020-09-15 | 2020-12-29 | 深圳供电局有限公司 | Power data network security test method and device |
CN112150306B (en) * | 2020-09-15 | 2023-12-05 | 深圳供电局有限公司 | Power data network security test method and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209847A (en) | Electric data transmission method and device | |
CN106254329A (en) | For the method protecting computer network security | |
US20200045039A1 (en) | Hardware-based device authentication | |
CN106302415A (en) | A kind of method verifying equipment validity and distribution automatic to legitimate device | |
EP3029593B1 (en) | System and method of limiting the operation of trusted applications in the presence of suspicious programs | |
CN105959319A (en) | Data safe transmission method and device | |
CN104320389B (en) | A kind of fusion identity protection system and method based on cloud computing | |
US20060224897A1 (en) | Access control service and control server | |
CN111737366A (en) | Private data processing method, device, equipment and storage medium of block chain | |
CN111447222A (en) | Distributed system authority authentication system and method based on micro-service architecture | |
CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
CN106161445A (en) | A kind of computer information safe control method and device | |
EP3884405B1 (en) | Secure count in cloud computing networks | |
CN106209844A (en) | The electric power safety means of communication | |
US20190349356A1 (en) | Cybersecurity intelligence platform that predicts impending cyber threats and proactively protects heterogeneous devices using highly-scalable bidirectional secure connections in a federated threat intelligence environment | |
CN109274653A (en) | Data management-control method, system, equipment and storage medium based on user right | |
CN105657712A (en) | Access control method and device of WiFi hotspot | |
CN109614204A (en) | Memory insulation blocking method, isolation check hardware, SOC chip and storage medium | |
CN106302409A (en) | The electric data transmission method of cross-safety zone | |
CN202652255U (en) | SQL injection safety protection system | |
CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
CN105279433A (en) | Application protection method and apparatus | |
CN116821020A (en) | BMC controller, information security system and information interaction method | |
CN202085191U (en) | Data safe storage and transmission system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |
|
RJ01 | Rejection of invention patent application after publication |