CN106789842B - Security development middleware and management and control method for mobile power inspection terminal - Google Patents
Security development middleware and management and control method for mobile power inspection terminal Download PDFInfo
- Publication number
- CN106789842B CN106789842B CN201510815209.8A CN201510815209A CN106789842B CN 106789842 B CN106789842 B CN 106789842B CN 201510815209 A CN201510815209 A CN 201510815209A CN 106789842 B CN106789842 B CN 106789842B
- Authority
- CN
- China
- Prior art keywords
- inspection terminal
- safety
- hardware
- basic
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007689 inspection Methods 0.000 title claims abstract description 90
- 238000011161 development Methods 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000011217 control strategy Methods 0.000 claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 3
- 238000007726 management method Methods 0.000 claims description 19
- 238000012550 audit Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Abstract
The invention provides a safety development middleware and a control method for a mobile electric inspection terminal, wherein the middleware comprises a safety parameter acquisition unit, a safety strategy management unit and a basic safety service unit, the three units adopt a standard TCP/IP protocol for communication, and the safety parameter acquisition unit is used for acquiring basic information of inspection terminal hardware and an operation environment thereof; the safety strategy management unit is used for communicating with a superior inspection terminal management center to acquire a safety control strategy; the basic security service unit is used for shielding the difference between the hardware of the inspection terminal with different models and the difference between the operating systems of different versions of the inspection terminal, and providing basic security service. The invention provides a uniform safety development interface for the power inspection terminal, realizes remote safety control of the power inspection equipment, and ensures that the development of the power inspection service does not reduce the safety protection intensity of the original information system.
Description
Technical Field
The invention relates to a security development middleware and a control method, in particular to a security development middleware and a control method for a mobile power inspection terminal.
Background
In the early electric power inspection process, an inspector is required to carry a large number of drawing data of field equipment, and the drawing data is reported through a management system after the inspector records problems on site and returns to an office. It is inefficient. With the development of the intelligent power grid service and the maturity of the mobile interconnection technology, the flow and the convenience of the power inspection service are greatly improved, and an inspector can directly access an inspection service system by using an application program on a mobile terminal, inquire equipment drawing data on line, download a work task and return an inspection result.
The use of the mobile terminal improves the service convenience and increases the safety risk, the original closed service system can be directly accessed through a mobile network, and the service data is stored on the mobile terminal. And once the terminal is lost, the loss and leakage of sensitive data can be caused. Therefore, the power enterprises put forward safety management requirements on the use of the mobile terminals, including strong management and control requirements on the equipment, supervision and audit requirements on the business execution process, and the like. The requirements need to be implemented on the mobile terminal by technical means, the mobile terminal and the application program need to be subjected to security modification, and the terminal and the service application come from a plurality of manufacturers, but most manufacturers lack the accumulation of information security technology and are difficult to independently complete the security modification.
In the technical aspect, the general safety protection technology for the mobile terminal in the industry is mainly developed based on basic management and control interfaces provided by iOS and Android mobile operating systems, mainly faces to general mobile terminal equipment, and can realize functions of physical interface management such as audio and video, APP application installation and unloading, authority control and the like.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a security development middleware and a management and control method for a mobile power inspection terminal.
In order to achieve the purpose of the invention, the invention adopts the following technical scheme:
a safety development middleware for a mobile electric power inspection terminal comprises a safety parameter acquisition unit, a safety strategy management unit and a basic safety service unit; the three units adopt a standard TCP/IP protocol for communication; the safety parameter acquisition unit is used for acquiring basic information of the hardware of the inspection terminal and the running environment of the hardware; the safety strategy management unit is used for communicating with a superior inspection terminal management center to acquire a safety control strategy; the basic security service unit is used for shielding the difference between the hardware of the inspection terminal with different models and the difference between the operating systems of different versions of the inspection terminal, and providing basic security service.
Preferably, the acquisition information of the safety parameter acquisition unit includes GPS global positioning information, current time information, and routing inspection terminal hardware identification code information.
Preferably, the basic security service unit comprises a password module, a behavior audit module and a behavior control module; the cryptographic module is used for calling and switching different cryptographic algorithms; the behavior auditing module is used for sensing and recording the behavior of the mobile power inspection terminal and matching the information acquired by the safety parameter acquisition unit with the execution condition of the safety control strategy; the behavior control module is used for executing the safety control strategy.
Preferably, the safety control method for the power mobile inspection terminal comprises the following steps:
(1) collecting basic information of routing inspection terminal hardware and an operation environment thereof;
(2) communicating with a superior inspection terminal management center to obtain a security control strategy;
(3) and providing basic security service according to the security control strategy.
Preferably, in the step (1), the basic information includes GPS global positioning information, current time information, and inspection terminal hardware identification code C information.
Preferably, the hardware identification code C of the inspection terminal is generated through an RFID reader hardware number C1 and a secure TF card hardware number C2, and the formula is C ═ HASH (C1 ×. C2); the RFID reader is used for reading state parameters in an RFID label embedded in the detected equipment, and the safety TF card is used for providing a hardware cryptographic algorithm for the routing inspection terminal hardware.
Preferably, the step (2) comprises the steps of:
step 2-1, periodically sending a policy synchronization message M1, wherein the message M1 comprises an inspection terminal hardware identification code C and a policy group fingerprint code, and is encrypted by using a public key of a superior inspection terminal management center;
step 2-2, the superior inspection terminal management center uses a private key to decrypt the message M1, obtains an inspection terminal hardware identification code, and searches a policy database to obtain a policy group P;
step 2-3, the superior inspection terminal management center compares the fingerprint of the policy group P with the policy group fingerprint code in the message M1, and if the fingerprint of the policy group P is consistent with the policy group fingerprint code in the message M1, the process is ended; otherwise, executing step 2-4;
2-4, using a private key of the superior inspection terminal management center to perform digital signature, wherein a policy group P and the signature jointly form a message M2;
step 2-5, using the public key of the superior inspection terminal management center to verify a policy group message M2; if the verification is successful, updating the strategy group, otherwise, ending the process.
Preferably, the step (3) comprises the following steps:
3-1, sensing and recording the behavior of the electric power mobile inspection terminal;
and 3-2, matching the acquired basic information with the execution condition of the safety control strategy, and executing the safety control strategy if the basic information conforms to the safety control strategy.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a safety development middleware for a mobile power inspection terminal, provides a unified safety development middleware for shielding bottom hardware and system differences, and solves the problems of long safety improvement development period and repeated development of upper application.
The invention can complete strategy updating at most one question and one answer in the synchronization process of the terminal control strategy, and utilizes public and private key cryptography to ensure the confidentiality and the integrity of the message and give consideration to the efficiency and the safety of strategy synchronization.
Drawings
FIG. 1 is a structural diagram of a security development middleware for a mobile power inspection terminal according to the present invention
FIG. 2 is a flowchart of a security control method for a mobile power inspection terminal according to the present invention
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The invention provides a safety development middleware for an electric power mobile inspection terminal, which is applicable to different mobile terminal hardware platforms and mobile terminal operating systems, solves the problem of safety control of the electric power inspection terminal, can enable the electric power inspection terminal to have the capabilities of receiving remote management, monitoring and control of a superior management center by using the middleware, and can effectively improve the safety control capability of the inspection terminal.
As shown in fig. 1, a security development middleware for a mobile power inspection terminal includes a security parameter acquisition unit, a security policy management unit, and a basic security service unit, where the three units communicate with each other by using a standard TCP/IP protocol, the security parameter acquisition unit provides acquired terminal basic information to the security policy management unit and the basic security service unit, the security policy management unit provides a security control policy to the basic security service unit, and the basic security service unit is a policy executor.
The safety parameter acquisition unit is used for acquiring basic information of the power inspection terminal and the operating environment thereof and providing judgment conditions for subsequent safety monitoring and auditing;
the information acquired by the safety parameter acquisition unit comprises Global Positioning System (GPS) global positioning information, current time information and routing inspection terminal hardware identification code information;
the hardware identification code C of the inspection terminal is generated through an RFID reader hardware number C1 and a safety TF card hardware number C2, and C is HASH (C1 is C2);
the RFID reader is special hardware of the power inspection terminal and is used for reading state parameters in an RFID tag embedded in the detected equipment; the safety TF card is special hardware of the power inspection terminal and provides a hardware cryptographic algorithm for the inspection terminal;
the safety strategy management unit is used for communicating with a superior inspection terminal management center to acquire a safety control strategy; the security control policy is composed of two parts, namely a policy execution condition and a control instruction, wherein the typical policy execution condition is as follows: when the inspection terminal is in non-working time or the terminal deviates from an inspection route, typical control instructions are as follows: and automatically locking the terminal and forbidding the user operation.
The basic security service unit is used for shielding the difference between the hardware of the inspection terminal with different types and the difference between the operating systems of different versions of the inspection terminal, providing basic security service, mainly comprises a password module, completes the execution of the strategy according to the triggering condition of the terminal management and control strategy, and mainly comprises a behavior audit module and a behavior control module;
the cryptographic module can transparently realize the calling and switching of different cryptographic algorithms according to different management requirements, the cryptographic algorithms comprise SM1, SM2 and SM3 series cryptographic algorithms in the secure TF card, general RSA, AES and SHA-1 cryptographic algorithms, and the upper layer module does not need to care about the switching;
the behavior auditing module is used for sensing and recording terminal behaviors, matching the space and time information provided by the security parameter acquisition unit with the execution conditions of the security control strategy, and triggering the behavior control module if the security parameter acquisition unit conforms to the security control strategy;
the behavior control module is used for executing the strategy, and executing the corresponding control instruction after the execution condition of the safety control strategy is met.
As shown in fig. 2, a safety control method for a mobile electric inspection terminal includes the following steps:
(1) collecting basic information of routing inspection terminal hardware and an operation environment thereof;
the basic information comprises GPS global positioning information, current time information and routing inspection terminal hardware identification code information.
The hardware identification code C of the inspection terminal is generated through an RFID reader hardware number C1 and a safety TF card hardware number C2, and the formula is C ═ HASH (C1 ^ C2); the RFID reader is used for reading state parameters in an RFID label embedded in the detected equipment, and the safety TF card is used for providing a hardware cryptographic algorithm for the routing inspection terminal hardware.
(2) Communicating with a superior inspection terminal management center to obtain a security control strategy;
step 2-1, periodically sending a policy synchronization message M1, wherein the message M1 comprises an inspection terminal hardware identification code C and a policy group fingerprint code, and is encrypted by using a public key of a superior inspection terminal management center;
step 2-2, the superior inspection terminal management center uses a private key to decrypt the message M1, obtains an inspection terminal hardware identification code, and searches a policy database to obtain a policy group P;
step 2-3, the superior inspection terminal management center compares the fingerprint of the policy group P with the policy group fingerprint code in the message M1, and if the fingerprint of the policy group P is consistent with the policy group fingerprint code in the message M1, the process is ended; otherwise, executing step 2-4;
2-4, using a private key of the superior inspection terminal management center to perform digital signature, wherein a policy group P and the signature jointly form a message M2;
step 2-5, using the public key of the superior inspection terminal management center to verify a policy group message M2; if the verification is successful, updating the strategy group, otherwise, ending the process.
(3) And providing basic security service according to the security control strategy.
3-1, sensing and recording the behavior of the electric power mobile inspection terminal;
and 3-2, matching the acquired basic information with the execution condition of the safety control strategy, and executing the safety control strategy if the basic information conforms to the safety control strategy.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (5)
1. A safety development middleware for a mobile electric power inspection terminal is characterized by comprising a safety parameter acquisition unit, a safety strategy management unit and a basic safety service unit; the three units adopt a standard TCP/IP protocol for communication; the safety parameter acquisition unit is used for acquiring basic information of the hardware of the inspection terminal and the running environment of the hardware; the safety strategy management unit is used for communicating with a superior inspection terminal management center to acquire a safety control strategy; the basic security service unit is used for shielding the difference between the hardware of the inspection terminal with different types and the difference between the operating systems of different versions of the inspection terminal and providing basic security service;
the safety management and control method for the safety development middleware of the electric power mobile inspection terminal comprises the following steps:
(1) collecting basic information of routing inspection terminal hardware and an operation environment thereof;
(2) communicating with a superior inspection terminal management center to obtain a security control strategy;
(3) providing basic security service according to the security control strategy;
in the step (1), the basic information comprises GPS global positioning information, current time information and inspection terminal hardware identification code C information;
the hardware identification code C of the inspection terminal is generated through an RFID reader hardware number C1 and a safety TF card hardware number C2, and the formula is C ═ HASH (C1 ^ C2); the RFID reader is used for reading state parameters in an RFID label embedded in the detected equipment, and the safety TF card is used for providing a hardware cryptographic algorithm for the routing inspection terminal hardware.
2. The security development middleware of claim 1, wherein the collected information of the security parameter collecting unit includes GPS global positioning information, current time information, and patrol terminal hardware identification code information.
3. The security development middleware of claim 1 wherein the basic security service unit comprises a cryptographic module, a behavior audit module and a behavior control module; the cryptographic module is used for calling and switching different cryptographic algorithms; the behavior auditing module is used for sensing and recording the behavior of the mobile power inspection terminal and matching the information acquired by the safety parameter acquisition unit with the execution condition of the safety control strategy; the behavior control module is used for executing the safety control strategy.
4. The secure development middleware of claim 1 wherein the step (2) comprises the steps of:
step 2-1, periodically sending a policy synchronization message M1, wherein the message M1 comprises an inspection terminal hardware identification code C and a policy group fingerprint code, and is encrypted by using a public key of a superior inspection terminal management center;
step 2-2, the superior inspection terminal management center uses a private key to decrypt the message M1, obtains an inspection terminal hardware identification code, and searches a policy database to obtain a policy group P;
step 2-3, the superior inspection terminal management center compares the fingerprint of the policy group P with the policy group fingerprint code in the message M1, and if the fingerprint of the policy group P is consistent with the policy group fingerprint code in the message M1, the process is ended; otherwise, executing step 2-4;
2-4, using a private key of the superior inspection terminal management center to perform digital signature, wherein a policy group P and the signature jointly form a message M2;
step 2-5, using the public key of the superior inspection terminal management center to verify a policy group message M2; if the verification is successful, updating the strategy group, otherwise, ending the process.
5. The secure development middleware of claim 1 wherein the step (3) comprises the steps of:
3-1, sensing and recording the behavior of the electric power mobile inspection terminal;
and 3-2, matching the acquired basic information with the execution condition of the safety control strategy, and executing the safety control strategy if the basic information conforms to the safety control strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510815209.8A CN106789842B (en) | 2015-11-23 | 2015-11-23 | Security development middleware and management and control method for mobile power inspection terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510815209.8A CN106789842B (en) | 2015-11-23 | 2015-11-23 | Security development middleware and management and control method for mobile power inspection terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106789842A CN106789842A (en) | 2017-05-31 |
| CN106789842B true CN106789842B (en) | 2019-12-24 |
Family
ID=58886269
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510815209.8A Active CN106789842B (en) | 2015-11-23 | 2015-11-23 | Security development middleware and management and control method for mobile power inspection terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789842B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180459A (en) * | 2017-05-16 | 2017-09-19 | 四川金信石信息技术有限公司 | A kind of data acquisition of electric power mobile job platform and monitoring method |
| CN107133676A (en) * | 2017-05-16 | 2017-09-05 | 四川金信石信息技术有限公司 | A kind of power equipment method for inspecting based on mobile terminal |
| CN108196496A (en) * | 2018-01-15 | 2018-06-22 | 国网江西省电力有限公司 | Infrared measurement of temperature remote management and control system |
| CN110909830A (en) * | 2019-11-12 | 2020-03-24 | 国网天津市电力公司 | Transformer substation secondary equipment information maintenance system based on RFID |
| CN111562536B (en) * | 2020-04-09 | 2022-06-24 | 国网青海省电力公司营销服务中心 | Multi-target detection and safety data transmission method for gateway electric energy meter |
| CN111988328A (en) * | 2020-08-26 | 2020-11-24 | 中国电力科学研究院有限公司 | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104157021A (en) * | 2014-08-12 | 2014-11-19 | 广州中国科学院沈阳自动化研究所分所 | Intelligent inspection system and intelligent inspection method |
-
2015
- 2015-11-23 CN CN201510815209.8A patent/CN106789842B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104157021A (en) * | 2014-08-12 | 2014-11-19 | 广州中国科学院沈阳自动化研究所分所 | Intelligent inspection system and intelligent inspection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106789842A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789842B (en) | Security development middleware and management and control method for mobile power inspection terminal | |
| AlDairi | Cyber security attacks on smart cities and associated mobile technologies | |
| CN107682337B (en) | Vehicle data processing method and system | |
| CN102624699B (en) | Method and system for protecting data | |
| US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
| CN202795383U (en) | Device and system for protecting data | |
| US8707430B2 (en) | Tampering monitoring system, management apparatus, and management method | |
| US20120185936A1 (en) | Systems and Methods for Detecting Fraud Associated with Systems Application Processing | |
| CN104811428A (en) | Method, device and system for verifying client identity by social relation data | |
| JP2014528195A (en) | Device-to-device security authentication apparatus and method based on PUF in thing intelligent communication | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| CN112134956A (en) | Distributed Internet of things instruction management method and system based on block chain | |
| CN113254947B (en) | Vehicle data protection method, system, equipment and storage medium | |
| CN114448727B (en) | Information processing method and system based on industrial internet identification analysis system | |
| CN111882233A (en) | Storage risk early warning method, system and device based on block chain and storage medium | |
| AU2020104272A4 (en) | Blockchain-based industrial internet data security monitoring method and system | |
| CN103168458A (en) | Method for managing keys in a manipulation-proof manner | |
| CN112527912A (en) | Data processing method and device based on block chain network and computer equipment | |
| CN104881667A (en) | Characteristic information extraction method and apparatus | |
| CN103347248B (en) | A kind of based on identity identifying method trans-regional on handheld terminal | |
| CN107231245B (en) | Method and device for reporting monitoring log, and method and device for processing monitoring log | |
| CN117407852A (en) | Communication method, device and equipment for recorder and acquisition equipment and storage medium | |
| Feng et al. | Autonomous Vehicles' Forensics in Smart Cities | |
| US9952575B2 (en) | Energy management systems and methods | |
| CN113014545B (en) | Data processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |