CN109450925A - User right verification method, device and electronic equipment for electric power secondary system O&M - Google Patents
User right verification method, device and electronic equipment for electric power secondary system O&M Download PDFInfo
- Publication number
- CN109450925A CN109450925A CN201811480335.2A CN201811480335A CN109450925A CN 109450925 A CN109450925 A CN 109450925A CN 201811480335 A CN201811480335 A CN 201811480335A CN 109450925 A CN109450925 A CN 109450925A
- Authority
- CN
- China
- Prior art keywords
- password
- authentication
- user
- electric power
- secondary system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of user right verification method, device and electronic equipments for electric power secondary system O&M.This method comprises: obtaining the username and password to login user;The username and password is encrypted;Authority Verification is carried out to the username and password after encryption by password authentification ciphertext mapping table;And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.This disclosure relates to user right verification method, device and electronic equipment, can be while network system process simple and clear, it is ensured that the distribution security of authorization data is reliable in distribution network system.
Description
Technical field
This disclosure relates to power distribution network field of information processing, and in particular to a kind of user's power for electric power secondary system O&M
Limit verification method, device and electronic equipment.
Background technique
Electric system is made of power generation, transmission of electricity, power transformation, distribution, electrical equipment and corresponding auxiliary system.Electric system
Electrical equipment once equipment, secondary device definition distinguish.Primary equipment (also referred to as main equipment) is to constitute electric system
Main body, it is the equipment of direct production, conveying and distribution electric energy, comprising: generator, transformer, device for switching, power circuit,
Mutual inductor, arrester etc., have the characteristics of high voltage, high current.The electricity that primary equipment is interconnected to constitute by purposes and function
Road, referred to as primary circuit or primary connection or main wiring diagram.Secondary device, be primary equipment is controlled, is adjusted, is protected and
The equipment of monitoring, it includes measurement meter, relay protection and automatic device, controlling electric device and DC power supply device etc., is had low
The characteristics of voltage, low current.Secondary device obtains contacting for electricity by voltage transformer and current transformer and primary equipment.Two
The circuit that secondary electrical equipment is interconnected to constitute, referred to as secondary circuit or secondary connection.
The primary system of electric system is made of primary equipment and its electric loop interconnected.The two of electric system
Subsystem is made of secondary device and its electric loop interconnected, is to be monitored, control to (transformer and distribution station) primary system
System, the system for adjusting and protecting.Telecontrol system refers to the system that the production process to wide area is monitored.Power Secondary system
System O&M refers in particular to be linked into electric power secondary system (by secondary device and its mutually by dedicated O&M terminal, O&M software
The electric loop of connection) equipment carry out O&M operation process.
By the practical investigation to power industry, and the research to related patents, find currently for Power Secondary system
The operation management of system, at present for the distribution of authorization data, substantially or by it is all it is multi-vendor voluntarily manage and maintain, lack system
One safety standards, in actual management, management cost is higher, is easy there is a problem of that data are inconsistent.
Therefore, it is necessary to a kind of new user right verification method, device and electronic equipments.
Summary of the invention
In view of this, the disclosure provide it is a kind of for the user right verification method of electric power secondary system O&M, device and
Electronic equipment, can be while network system process simple and clear, it is ensured that the distribution security of authorization data in distribution network system
Reliably.
According to the one side of the disclosure, a kind of user right verification method for electric power secondary system O&M is proposed, it should
Method includes: the username and password obtained to login user;The username and password is encrypted;Pass through password authentification
Ciphertext mapping table carries out Authority Verification to the username and password after encryption;And when Authority Verification passes through, allow
The user carries out subsequent Sign-On authentication.
In a kind of exemplary embodiment of the disclosure, carrying out encryption to the username and password includes: described in acquisition
Corresponding first character string of password;Obtain corresponding second character string of authentication security password of current authentication device;By described
One character string and second character string are attached generation target string;And the target string is encrypted.
In a kind of exemplary embodiment of the disclosure, carrying out encryption to the target string includes: to the target
Character string carries out individual event irreversible encryption.
In a kind of exemplary embodiment of the disclosure, by password authentification ciphertext mapping table to the use after encryption
It includes: to correspond to current authentication device by extracting in the password authentification ciphertext mapping table that name in an account book and password, which carry out Authority Verification,
Privately owned password is authenticated, third character string is generated;Obtain encrypted target string;And pass through the third character string and institute
Target string is stated to be verified.
According to the one side of the disclosure, a kind of user right verification method for electric power secondary system O&M is proposed, it should
Method comprises determining that the authentication security password of multiple authentication devices;Determine the privately owned password of the authentication of multiple authentication devices;It obtains more
A user name and corresponding password;According to multiple authentication security passwords with multiple privately owned passwords of authentication to the multiple
User name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated;And the multiple password authentification ciphertext is reflected
Firing table is distributed in multiple authentication devices.
It is private according to multiple authentication security passwords and multiple authentications in a kind of exemplary embodiment of the disclosure
Having password to carry out encryption to the multiple user name and password includes: based on Message Digest 5 according to multiple authentication securities
Password encrypts the multiple user name and password with multiple privately owned passwords of authentication.
According to the one side of the disclosure, propose that a kind of user right for electric power secondary system O&M verifies device, it should
Device includes: crypto module, for obtaining the username and password to login user;First encrypting module, for the use
Name in an account book and password are encrypted;Authentication module, for passing through password authentification ciphertext mapping table to the user name after encryption
Authority Verification is carried out with password;And log-in module, for when Authority Verification passes through, allowing the user to carry out subsequent step on
Land verifying.
According to the one side of the disclosure, propose that a kind of user right for electric power secondary system O&M verifies device, it should
Device includes: security password module, for determining the authentication security password of multiple authentication devices;Privately owned crypto module, for true
The privately owned password of authentication of fixed multiple authentication devices;User password module, for obtaining multiple user names and corresponding password;Second
Encrypting module, for according to multiple authentication security passwords and the privately owned passwords of multiple authentications to the multiple user name and
Password is encrypted, and multiple password authentification ciphertext mapping tables are generated;And distribution module, for the multiple password authentification is close
Literary mapping table is distributed in multiple authentication devices.
According to the one side of the disclosure, a kind of electronic equipment is proposed, which includes: one or more processors;
Storage device, for storing one or more programs;When one or more programs are executed by one or more processors, so that one
A or multiple processors realize such as methodology above.
According to user right verification method, device and the electronic equipment for electric power secondary system O&M of the disclosure, one
Based on a authentication management center, multiple authentication host auxiliary, by secure cryptographic algorithm, by the authorization data at authentication management center
It, can be in network system process simple and clear in such a way that encryption file carries out the distribution of authorization data after being encrypted
Simultaneously, it is ensured that the distribution security of authorization data is reliable in distribution network system.
Detailed description of the invention
Fig. 1 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment
The system block diagram of method and device.
Fig. 2 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment
The flow chart of method.
Fig. 3 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The flow chart of method.
Fig. 4 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.
Fig. 5 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.
Fig. 6 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.
Fig. 7 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.
Fig. 8 is a kind of user right verifying dress for electric power secondary system O&M shown according to an exemplary embodiment
The block diagram set.
Fig. 9 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The block diagram of device.
Figure 10 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Figure 11 is that a kind of computer readable storage medium schematic diagram is shown according to an exemplary embodiment.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.
Fig. 1 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment
The system block diagram of method and device.
As shown in Figure 1, system architecture may include logging in client 100, O&M terminal 200, external network and authentication are led
Machine 300, host data base 400 shift U board 500, authentication management center 600, central database 700.External network is to transport
It ties up terminal 200 and authenticates and the medium of communication link is provided between host 300.External network may include various connection types, example
Such as wired, wireless communication link or fiber optic cables.
User can log in client 100, and O&M terminal 200 passes through external network and authentication host 300, host data base
400 interactions, to receive or send message etc..Client 100 is logged in, various communication clients can be installed in O&M terminal 200
End application, such as shopping class application, web browser applications, searching class application, instant messaging tools, mailbox client, social activity
Platform software etc..
Wherein, client 100 is logged in, the user name of authorization data, the terminal software that password is logged in can be used.Terminal
Software has many forms, such as webpage version, special-purpose software etc., have it is a variety of show form and implementation,
Realize that with design be not designing points of the invention, so omissions of detail explanation.
O&M terminal 200 is the terminal device that operation logs in client 100, can also run other journeys on the device
Sequence, the equipment carry out login authentication by external network access authentication host, realize that with design be not that design of the invention is wanted
Point, so omissions of detail explanation.
Host 300 is authenticated, is responsible for log in the login process of client and providing the service of authorization interface, authentication verification
Device, the authentication service run on authentication host 300 will be by the way that according to cured service interface is configured, access logs in client
100 logging request, and authenticated.
O&M terminal 200 can be the various electronic equipments with display screen and supported web page browsing, including but unlimited
In smart phone, tablet computer, pocket computer on knee and desktop computer etc..
Authentication host 300 can for example obtain the username and password to login user;Authenticating host 300 can be for example to described
Username and password is encrypted;Authenticating host 300 can be for example by password authentification ciphertext mapping table to described in after encryption
Username and password carries out Authority Verification;Authenticating host 300 can be for example when Authority Verification passes through, after allowing the user to carry out
Continuous Sign-On authentication.
Authentication host 300 can be to provide the server of various services, such as to user using transmitted by O&M terminal 200
The server that is authenticated of logging request.Authentication host 300 can carry out the authentication request received the processing such as analyzing, and
Processing result is fed back into O&M terminal 200.
Authentication management center 6000 can for example determine the authentication security password of multiple authentication devices;Authentication management center 600
It can for example determine the privately owned password of the authentication of multiple authentication devices;Authentication management center 600 can for example obtain multiple user names and right
The password answered;It authentication management center 600 can be for example according to multiple authentication security passwords and multiple privately owned passwords of authentication
The multiple user name and password are encrypted, multiple password authentification ciphertext mapping tables are generated;It authentication management center 600 can example
Multiple password authentification ciphertext mapping tables are distributed in multiple authentication devices as will be described.
Authentication host 300 and authentication management center 600 can be the server of an entity, also may be, for example, multiple services
Device composition, it should be noted that user right verification method provided by the embodiment of the present disclosure can be by authentication host 300 and mirror
It weighs administrative center 600 to execute, correspondingly, user right verifying device can be set in authentication host 300 and authentication management center
In 600.And it is supplied to user and proposes that the server-side of authentication request is located in O&M terminal 200.
According to the user right verification method and device for electric power secondary system O&M of the disclosure, authenticated by one
Based on administrative center, the mode of multiple authentication host auxiliary, by secure cryptographic algorithm, by the authorization data at authentication management center
It, can be in network system process simple and clear in such a way that encryption file carries out the distribution of authorization data after being encrypted
Simultaneously, it is ensured that the distribution security of authorization data is reliable in distribution network system.
The user right verification method and device for electric power secondary system O&M of the disclosure, are not only applicable only to electricity
The O&M field of power electrical secondary system, is targetedly optimized and revised in the later period, will be applied to more necks of power industry
In the O&M in domain, for the safety in production of electric system be capable of providing more extensively, deeper into protective effect, possess good skill
Art development prospect, industrial application prospect and market prospects.
Fig. 2 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment
The flow chart of method.User right verification method can be applicable in O&M terminal 200 as described in Figure 1, user right verification method
Including at least step S202 to S208.
As shown in Fig. 2, obtaining the username and password to login user in S202.By the description in Fig. 1, log in
Client 100, by the login interface for calling authentication service externally to provide, after the TCP/IP connection for building on authentication service,
User name Account_Cur, the password Password_Cur that operator is inputted on logging in client 100, pass through network
Request is sent to authentication service.
In S204, the username and password is encrypted.It include: to obtain corresponding first character of the password
String;Obtain corresponding second character string of authentication security password of current authentication device;By first character string and described second
Character string is attached generation target string;And the target string is encrypted.
Fig. 4 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.In one embodiment, carrying out encryption to the target string includes: to carry out to the target string
Individual event irreversible encryption.By taking the embodiment of a password verification process as an example, password 11 (" PasswordStr ") will pass through word
Symbol series winding connects, the security key 12 (" SecureKey ") of additional authentication host 300, character string after being added after password
13("PasswordStrSecureKey")。
In one embodiment is looked for, can by MD5 algorithm, to character string 13 after addition ("
PasswordStrSecureKey ") unidirectional irreversible operation is carried out, obtain 14 (" B2D635AE267C8DF of password authentification ciphertext
E4D524AB0AAE06596")。
MD5 algorithm is secure in that, even if library attack is hit for MD5 by current mainframe computer, because of MD5
Unidirectional operation, inversely crack can only also obtain it is one of may solution, can not accurately obtain it is current it is accurately additional after
Character string.And the possibility solution of acquisition is inversely cracked, and it, will be by current password verification process when being verified as password, additional peace
It is verified again after full password " SecureKey ", will be unable to acquisition password authentification and pass through.Therefore this password verification process, possesses
Enough safeties.
Meanwhile by this password verification process, different authentication hosts is distributed as long as its security key has difference
Data will be only used for specified authentication host, others authentication hosts on, even if knowing the algorithm of password verification process,
Also the user name used on other authentication hosts, password can not inversely be extrapolated by the distribution of document of other authentication hosts.
Fig. 5, Fig. 6 are a kind of user rights for electric power secondary system O&M shown according to another exemplary embodiment
The schematic diagram of verification method.It is user name, close by taking one group of user name, password, password authentification ciphertext as an example shown in Fig. 6 such as Fig. 5
The record of code and password authentification ciphertext mapping table are as follows:
User name: root, password: PassOfRoot,
Password authentification ciphertext: " 8AA21CB8234A5AD0ABA418CB2FAC7404 " };
User name: Admin, password: PassOfAdmin,
Password authentification ciphertext: " 012BA9BC200FE804CFAC8CD96A9C8B11 " };
User name: guest, password: PassOfguest,
Password authentification ciphertext: " F3196D2574F884DEF0D7D8F9E3897209 " };
User name: user1, password: PassOfUser1,
Password authentification ciphertext: " 1146A8121086AA10A2418E2E9404D62B " };
User name: user2, password: PassOfUser2,
Password authentification ciphertext: " EB83D5E6988073BC13C7D2AD156CF332 " }).
User name root, corresponding original password are PassOfRoot,
After the addition of security key 12 (" SecureKey "), character string 13 after being added ("
PassOfRootSecureKey "), after MD5 operation, password authentification ciphertext 14 are as follows: (" 8AA21CB8234A5AD0ABA
418CB2FAC7404");Others and so on.
In S206, permission is carried out to the username and password after encryption by password authentification ciphertext mapping table and is tested
Card.
In one embodiment, the username and password after encryption is carried out by password authentification ciphertext mapping table
Authority Verification includes: the privately owned password of authentication for corresponding to current authentication device by extracting in the password authentification ciphertext mapping table,
Generate third character string;Obtain encrypted target string;And pass through the third character string and the target string
It is verified.
After authentication service receives the data of the logging request, user name Account_Cur, password are extracted
Password_Cur;Then from the user name and password authentification ciphertext mapping table 40 of the host data base 400 of authentication host 300
In, inquire authentication information record identical with current user name.
In S208, when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.If can not find phase
Authentication information with user name records, and current logging request will obtain the response of login failure;If finding same subscriber name
Authentication information records (user name: Account_Cur, password authentification ciphertext: Password_Crypt_Auth), will be according to password
Verifying process is verified, and after being verified, otherwise the response that current logging request logins successfully acquisition will be logged in
The response of failure.
Fig. 3 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment
The flow chart of method.User right verification method can be applicable in authentication host 300 as described in Figure 1, user right verification method
Including at least step S302 to S310.
As shown in figure 3, determining the authentication security password of multiple authentication devices in S302.Current authentication host 300, will
Security key 12 with authentication management center 600, the common current authentication host 300 of agreement is " SecureKey ".
In S304, the privately owned password of the authentication of multiple authentication devices is determined.Different authentication hosts 300 should arrange each
From privately owned security key 12.Password authentification cryptogram computation process, by combining cipher 11, authenticate host 300 security key 12,
Password authentification ciphertext 14 is obtained by calculating.
In S306, multiple user names and corresponding password are obtained.
In S308, according to multiple authentication security passwords and multiple privately owned passwords of authentication to the multiple user
Name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated.It include: based on Message Digest 5 according to multiple described
Authentication security password encrypts the multiple user name and password with multiple privately owned passwords of authentication.
To user name Account_Cur, the password Password_Cur of one group of requirement verifying, verification process is as follows:
A) it from the user name of the host data base 400 of authentication host 300 and password authentification ciphertext mapping table 40, inquires
The wherein authentication information record identical with user name Account_Cur of field user name 21, if can not find record, current authentication
Do not pass through;
B) from matched authentication information record, field password authentification ciphertext 23 therein is extracted, is saved in character string change
It measures in Password_Crypt_Auth.
C) to password Password_Cur, by password authentification cryptogram computation process, in conjunction with the peace of current authentication host 300
Full key 12 is carried out calculating acquisition password authentification ciphertext 14, is saved in string variable Password_Crypt_Cur.
D) character string ratio is carried out to two string variables Password_Crypt_Cur, Password_Crypt_Auth
Compared with being verified, otherwise verify and do not pass through if the character string saved in two variables is identical.
Administrative staff are on authentication management center 600, to user name 21, the password 22, password authentification ciphertext for allowing login
23 are managed, and are saved in user name, password and password authentification ciphertext mapping table.
A) corresponding to each user name 21 according to the security key 12 (" SecureKey ") arranged with authentication host 300
Password 22, by password authentification cryptogram computation process, by combining cipher 11 (i.e. the password 22 of user 21), authentication host 300
Security key 12, obtain password authentification ciphertext 14 by calculating, and by user name 21, (the i.e. password authentification ciphertext meter of password 22
Password 11 during calculation), password authentification ciphertext 23 (the password authentification ciphertext 14 i.e. in password authentification cryptogram computation process), protect
It is stored in user name, password and password authentification ciphertext mapping table.
B) new user name 21, password 22 are created if necessary, and after being calculated according to the above process, respective field is saved in
User name, password and password authentification ciphertext mapping table.
If needing to modify its password 22 c) to existing user name 21, according to the password 22 of new settings, counted again
After calculation, the result after calculating is updated and arrives the corresponding record of user name 21.For example, user name 21 is recorded as information for root
Record 201, the information that is recorded as that user name 21 is Admin record 202, and so on.
If d) to delete existing user name 21, directly mapped in user name, password and password authentification ciphertext
Table deletes corresponding record.
E) regulatory management center 600 needs the authentication information to more authentication hosts 300 to be managed, then by basis
The difference of each authentication host 300 and the difference of its security key 12, can correspond to each authentication host 300 and generate corresponding use
Name in an account book, password and password authentification ciphertext mapping table.Extending user name, password and password authentification ciphertext mapping table can also be passed through
The field of password authentification ciphertext increases the field of an authentication host.It is designed and implementation, and specialized database is designed
For personnel, research and development engineer, there are many extension implementation, realize that with design be not designing points of the invention, so saving
Slightly specification specified.
Fig. 7 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The schematic diagram of method.As shown in fig. 7, authentication information is distributed to specified authentication at authentication management center 600 by administrative staff
It is (user name 21, close to extract two of them field from corresponding user name, password and password authentification ciphertext mapping table for host 300
Code verifying ciphertext 23), generate user name and password authentification ciphertext mapped file 30.
A) user name 21 of every record of corresponding user name, password and password authentification ciphertext mapping table, password authentification is close
Text 23, using ": " as blank character, is spliced, and a line character string is formed;
B) in such a way that every record a line records, user name and password authentification ciphertext mapped file 30 are sequentially written in
In.
C) { user name: root, password: PassOfRoot, password authentification ciphertext: " 8AA21 is recorded with a wherein information
CB8234A5AD0ABA418CB2FAC7404 " } for, it is corresponding in the user name and password authentification ciphertext mapped file 30 of generation
Character-serial be " root:8AA21CB8234A5AD0ABA418CB2FAC7404 ";Other and so on.
In S310, the multiple password authentification ciphertext mapping table is distributed in multiple authentication devices.Administrative staff can
By shifting USB flash disk 500, user name and password authentification ciphertext mapped file 30 are copied in transfer USB flash disk 500, then copied to
It authenticates in host 300.
Host 300 is authenticated, new user name and password authentification ciphertext mapped file 30 are being obtained, authentication before will be believed
Breath record is removed comprehensively, then will be in new information record write-in host data base 400.
The user name and password authentification ciphertext mapping table 40 of host data base 400 mainly include two fields: user name
21, password authentification ciphertext 23.
User name and password authentification ciphertext mapped file 30 are read line by line, and with ": ", obtain previous word respectively
The character string of section and the character string of the latter field, are identified as user name 21, password authentification ciphertext 23, and be saved in user name
And in password authentification ciphertext mapping table 40.
By the above process, after the distribution for completing authorization data, authentication host 300 can be obtained authentication management center 600
Latest edition accurate authorization data, and other authentication hosts or external staff can not crack the authentication currently distributed
Information possesses enough security intensities.
According to the user right verification method for electric power secondary system O&M of the disclosure, using in an authentication management
Based on the heart, multiple authentication host auxiliary, by secure cryptographic algorithm, after the authorization data at authentication management center is encrypted,
The distribution of authorization data is carried out by encryption file, and ensures that the authorization data between each authentication host passes through dedicated safety
Password is protected, so that it is guaranteed that the distribution safe enough of entire authorization data is reliable, while the process of whole system is again enough
Simple and clear.Management of this system particularly suitable for the authentication information in electric power secondary system O&M field, low in cost, portion
Administration is easy, and is very suitable to the guard system construction demand of electric power secondary system, for electric power secondary system O&M, the present invention is
A kind of solution of high performance-price ratio.
The user right verification method for electric power secondary system O&M of the disclosure, implementation cost is low, and technical difficulty is small,
And it is safe and reliable, it has sufficiently ensured the secure distribution of authentication information, has avoided the accidental exposure because during data transport,
Data forgery can be sufficiently taken precautions against, to establish safe and reliable authentication information distribution system, helps electric power secondary system fortune
The standard convention system of authentication information distribution is established in dimension field.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as being executed by CPU
Computer program.When the computer program is executed by CPU, above-mentioned function defined by the above method that the disclosure provides is executed
Energy.The program can store in a kind of computer readable storage medium, which can be read-only memory, magnetic
Disk or CD etc..
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device
Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.
Fig. 8 is a kind of user right verifying dress for electric power secondary system O&M shown according to an exemplary embodiment
The block diagram set.As shown in figure 8, user right verifying device includes: crypto module 802, the first encrypting module 804, authentication module
806 and log-in module 808.
Crypto module 802 is used to obtain the username and password to login user;Client 100 is logged in, is reflected by calling
Operator is being logged in client after the TCP/IP connection for building on authentication service by the login interface that power service externally provides
User name Account_Cur, the password Password_Cur inputted on end 100, is sent to authentication service by network request;
First encrypting module 804 is for encrypting the username and password;It include: that the acquisition password is corresponding
First character string;Obtain corresponding second character string of authentication security password of current authentication device;By first character string with
Second character string is attached generation target string;And the target string is encrypted.
Authentication module 806 is used to carry out the username and password after encryption by password authentification ciphertext mapping table
Authority Verification;Correspond to the privately owned password of authentication of current authentication device by extracting in the password authentification ciphertext mapping table, generates
Third character string;Obtain encrypted target string;And it is carried out by the third character string and the target string
Verifying.
Log-in module 808 is used for when Authority Verification passes through, and the user is allowed to carry out subsequent Sign-On authentication.If looked for
Authentication information less than same subscriber name records, and current logging request will obtain the response of login failure;If finding identical use
The authentication information of name in an account book records (user name: Account_Cur, password authentification ciphertext: Password_Crypt_Auth), will be by
It is verified according to password authentification process, after being verified, otherwise the response that current logging request logins successfully acquisition will obtain
Obtain the response of login failure.
Fig. 9 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified
The block diagram of device.As shown in figure 9, user right verifying device includes: security password module 902, privately owned crypto module 904 is used
Family crypto module 906, the second encrypting module 908 and distribution module 910.
Security password module 902 is used to determine the authentication security password of multiple authentication devices;Current authentication host 300, will
Security key 12 with authentication management center 600, the common current authentication host 300 of agreement is " SecureKey ".
Privately owned crypto module 904 is for determining the privately owned password of the authentication of multiple authentication devices;Different authentication hosts 300,
It should arrange respectively privately owned security key 12.Password authentification cryptogram computation process by combining cipher 11, authenticates host 300
Security key 12 obtains password authentification ciphertext 14 by calculating.
User password module 906 is for obtaining multiple user names and corresponding password.
Second encrypting module 908 is used for according to multiple authentication security passwords and multiple privately owned passwords of authentication to institute
It states multiple user names and password is encrypted, generate multiple password authentification ciphertext mapping tables;It include: based on Message Digest 5 root
The multiple user name and password are encrypted according to multiple authentication security passwords and multiple privately owned passwords of authentication.
Distribution module 910 is for the multiple password authentification ciphertext mapping table to be distributed in multiple authentication devices.Management
Personnel can be copied user name and password authentification ciphertext mapped file 30 in transfer USB flash disk 500 to, then by shifting USB flash disk 500
It copies in authentication host 300.
Device is verified according to the user right for electric power secondary system O&M of the disclosure, using in an authentication management
Based on the heart, multiple authentication host auxiliary, by secure cryptographic algorithm, after the authorization data at authentication management center is encrypted,
The distribution of authorization data is carried out by encryption file, and ensures that the authorization data between each authentication host passes through dedicated safety
Password is protected, so that it is guaranteed that the distribution safe enough of entire authorization data is reliable, while the process of whole system is again enough
Simple and clear.Management of this system particularly suitable for the authentication information in electric power secondary system O&M field, low in cost, portion
Administration is easy, and is very suitable to the guard system construction demand of electric power secondary system, for electric power secondary system O&M, the present invention is
A kind of solution of high performance-price ratio.
Figure 10 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
The electronic equipment 1000 of this embodiment according to the disclosure is described referring to Figure 10.The electricity that Figure 10 is shown
Sub- equipment 1000 is only an example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in Figure 10, electronic equipment 1000 is showed in the form of universal computing device.The component of electronic equipment 1000 can
To include but is not limited to: at least one processing unit 1010, at least one storage unit 1020, connection different system components (packet
Include storage unit 220 and processing unit 1010) bus 1030, display unit 1040 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 1010
Row, so that the processing unit 1010 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this
The step of disclosing various illustrative embodiments.For example, the processing unit 1010 can be executed such as Fig. 3, walked shown in Fig. 4
Suddenly.
The storage unit 1020 may include the readable medium of volatile memory cell form, such as random access memory
Unit (RAM) 10201 and/or cache memory unit 10202 can further include read-only memory unit (ROM)
10203。
The storage unit 1020 can also include with one group of (at least one) program module 10205 program/it is practical
Tool 10204, such program module 10205 includes but is not limited to: operating system, one or more application program, other
It may include the realization of network environment in program module and program data, each of these examples or certain combination.
Bus 1030 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage
Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures
Local bus.
Electronic equipment 1000 can also (such as keyboard, sensing equipment, bluetooth be set with one or more external equipments 1000 '
It is standby etc.) communication, the equipment interacted with the electronic equipment 1000 can be also enabled a user to one or more to be communicated, and/or with
Enable the electronic equipment 1000 with it is one or more of the other calculating equipment communicated any equipment (such as router, adjust
Modulator-demodulator etc.) communication.This communication can be carried out by input/output (I/O) interface 1050.Also, electronic equipment
1000 can also by network adapter 1060 and one or more network (such as local area network (LAN), wide area network (WAN) and/
Or public network, such as internet) communication.Network adapter 1060 can pass through the other of bus 1030 and electronic equipment 1000
Module communication.It should be understood that although not shown in the drawings, other hardware and/or software mould can be used in conjunction with electronic equipment 1000
Block, including but not limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape
Driver and data backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure
The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one
Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server or network equipment etc.) executes the above method according to disclosure embodiment.
Figure 11 schematically shows a kind of computer readable storage medium schematic diagram in disclosure exemplary embodiment.
With reference to shown in Figure 11, the program product for realizing the above method according to embodiment of the present disclosure is described
1100, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device,
Such as it is run on PC.However, the program product of the disclosure is without being limited thereto, in this document, readable storage medium storing program for executing can be with
To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or
It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or
System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive
List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only
Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory
(CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed
Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism
Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing
Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or
Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet
Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the disclosure operation program
Code, described program design language include object oriented program language-Java, C++ etc., further include conventional
Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user
It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating
Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far
Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network
(WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP
To be connected by internet).
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by one
When the equipment executes, so that the computer-readable medium implements function such as: obtaining the username and password to login user;It is right
The username and password is encrypted;By password authentification ciphertext mapping table to the username and password after encryption into
Row Authority Verification;And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.
It will be appreciated by those skilled in the art that above-mentioned each module can be distributed in device according to the description of embodiment, it can also
Uniquely it is different from one or more devices of the present embodiment with carrying out corresponding change.The module of above-described embodiment can be merged into
One module, can also be further split into multiple submodule.
By the description of above embodiment, those skilled in the art is it can be readily appreciated that example embodiment described herein
It can also be realized in such a way that software is in conjunction with necessary hardware by software realization.Therefore, implemented according to the disclosure
The technical solution of example can be embodied in the form of software products, which can store in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that a calculating equipment (can
To be personal computer, server, mobile terminal or network equipment etc.) it executes according to the method for the embodiment of the present disclosure.
Claims (9)
1. being used for the user right verification method of electric power secondary system O&M characterized by comprising
Obtain the username and password to login user;
The username and password is encrypted;
Authority Verification is carried out to the username and password after encryption by password authentification ciphertext mapping table;
And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.
2. the user right verification method according to claim 1 for electric power secondary system O&M, which is characterized in that right
The username and password carries out encryption
Obtain corresponding first character string of the password;
Obtain corresponding second character string of authentication security password of current authentication device;
First character string and second character string are attached generation target string;
And the target string is encrypted.
3. the user right verification method according to claim 2 for electric power secondary system O&M, which is characterized in that right
The target string carries out encryption
Individual event irreversible encryption is carried out to the target string.
4. the user right verification method according to claim 2 for electric power secondary system O&M, which is characterized in that logical
Cross password authentification ciphertext mapping table includes: to the username and password progress Authority Verification after encryption
Correspond to the privately owned password of authentication of current authentication device by extracting in the password authentification ciphertext mapping table, generates third word
Symbol string;
Obtain encrypted target string;
And it is verified by the third character string with the target string.
5. being used for the user right verification method of electric power secondary system O&M characterized by comprising
Determine the authentication security password of multiple authentication devices;
Determine the privately owned password of the authentication of multiple authentication devices;
Obtain multiple user names and corresponding password;
The multiple user name and password are carried out according to multiple authentication security passwords and multiple privately owned passwords of authentication
Encryption, generates multiple password authentification ciphertext mapping tables;
And the multiple password authentification ciphertext mapping table is distributed in multiple authentication devices.
6. the user right verification method according to claim 5 for electric power secondary system O&M, which is characterized in that root
Encrypted packet is carried out to the multiple user name and password according to multiple authentication security passwords and multiple authentication privately owned passwords
It includes:
Based on Message Digest 5 according to multiple authentication security passwords with the privately owned passwords of multiple authentications to the multiple
User name and password are encrypted.
7. the user right for electric power secondary system O&M verifies device characterized by comprising
Crypto module, for obtaining the username and password to login user;
First encrypting module, for being encrypted to the username and password;
Authentication module is tested for carrying out permission to the username and password after encryption by password authentification ciphertext mapping table
Card;
And log-in module, for when Authority Verification passes through, allowing the user to carry out subsequent Sign-On authentication.
8. the user right for electric power secondary system O&M verifies device characterized by comprising
Security password module, for determining the authentication security password of multiple authentication devices;
Privately owned crypto module, the privately owned password of authentication for determining multiple authentication devices;
User password module, for obtaining multiple user names and corresponding password;
Second encrypting module is used for according to multiple authentication security passwords with multiple privately owned passwords of authentication to the multiple
User name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated;
And distribution module, for the multiple password authentification ciphertext mapping table to be distributed in multiple authentication devices.
9. electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real
The now method as described in any in claim 1-5 or 5-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811480335.2A CN109450925B (en) | 2018-12-05 | 2018-12-05 | User authority verification method and device for operation and maintenance of power secondary system and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811480335.2A CN109450925B (en) | 2018-12-05 | 2018-12-05 | User authority verification method and device for operation and maintenance of power secondary system and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109450925A true CN109450925A (en) | 2019-03-08 |
CN109450925B CN109450925B (en) | 2021-09-28 |
Family
ID=65556306
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811480335.2A Active CN109450925B (en) | 2018-12-05 | 2018-12-05 | User authority verification method and device for operation and maintenance of power secondary system and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450925B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110912932A (en) * | 2019-12-16 | 2020-03-24 | 珠海市鸿瑞信息技术股份有限公司 | Power secondary system information safety operation and maintenance supervision platform |
CN111105799A (en) * | 2019-12-09 | 2020-05-05 | 国网浙江省电力有限公司杭州供电公司 | Offline voice recognition device and method based on pronunciation quantification and electric power special word bank |
CN114169013A (en) * | 2021-12-06 | 2022-03-11 | 镁佳(北京)科技有限公司 | User registration and verification method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780698A (en) * | 2012-07-24 | 2012-11-14 | 南京邮电大学 | User terminal safety communication method in platform of Internet of Things |
CN103248485A (en) * | 2013-04-24 | 2013-08-14 | 中国南方电网有限责任公司 | Security label-based power secondary system access control method and system |
CN103685149A (en) * | 2012-09-03 | 2014-03-26 | 中兴通讯股份有限公司 | Server login password processing method and device |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
CN106161031A (en) * | 2015-04-23 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Server password generates method, verification method and device |
CN106973043A (en) * | 2017-03-14 | 2017-07-21 | 广州视源电子科技股份有限公司 | A kind of password validation system and method for password authentication |
CN107911343A (en) * | 2017-10-27 | 2018-04-13 | 深圳英飞拓科技股份有限公司 | The password storage verification method and device of safety |
CN108632241A (en) * | 2018-03-07 | 2018-10-09 | 湖南小步科技有限公司 | A kind of multi-application system unified login method and apparatus |
-
2018
- 2018-12-05 CN CN201811480335.2A patent/CN109450925B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102780698A (en) * | 2012-07-24 | 2012-11-14 | 南京邮电大学 | User terminal safety communication method in platform of Internet of Things |
CN103685149A (en) * | 2012-09-03 | 2014-03-26 | 中兴通讯股份有限公司 | Server login password processing method and device |
CN103248485A (en) * | 2013-04-24 | 2013-08-14 | 中国南方电网有限责任公司 | Security label-based power secondary system access control method and system |
CN104219228A (en) * | 2014-08-18 | 2014-12-17 | 四川长虹电器股份有限公司 | User registration and user identification method and user registration and user identification system |
CN106161031A (en) * | 2015-04-23 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Server password generates method, verification method and device |
CN106973043A (en) * | 2017-03-14 | 2017-07-21 | 广州视源电子科技股份有限公司 | A kind of password validation system and method for password authentication |
CN107911343A (en) * | 2017-10-27 | 2018-04-13 | 深圳英飞拓科技股份有限公司 | The password storage verification method and device of safety |
CN108632241A (en) * | 2018-03-07 | 2018-10-09 | 湖南小步科技有限公司 | A kind of multi-application system unified login method and apparatus |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111105799A (en) * | 2019-12-09 | 2020-05-05 | 国网浙江省电力有限公司杭州供电公司 | Offline voice recognition device and method based on pronunciation quantification and electric power special word bank |
CN111105799B (en) * | 2019-12-09 | 2023-07-07 | 国网浙江省电力有限公司杭州供电公司 | Off-line voice recognition device and method based on pronunciation quantization and electric power special word stock |
CN110912932A (en) * | 2019-12-16 | 2020-03-24 | 珠海市鸿瑞信息技术股份有限公司 | Power secondary system information safety operation and maintenance supervision platform |
CN110912932B (en) * | 2019-12-16 | 2022-02-15 | 珠海市鸿瑞信息技术股份有限公司 | Power secondary system information safety operation and maintenance supervision platform |
CN114169013A (en) * | 2021-12-06 | 2022-03-11 | 镁佳(北京)科技有限公司 | User registration and verification method and system |
CN114169013B (en) * | 2021-12-06 | 2022-07-01 | 镁佳(北京)科技有限公司 | User registration and verification method and system |
Also Published As
Publication number | Publication date |
---|---|
CN109450925B (en) | 2021-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Anakath et al. | Privacy preserving multi factor authentication using trust management | |
CN109194673A (en) | Authentication method, system, equipment and storage medium based on authorized user message | |
US9673979B1 (en) | Hierarchical, deterministic, one-time login tokens | |
CN103259663A (en) | User unified authentication method in cloud computing environment | |
US20140282840A1 (en) | Managing data handling policies | |
US10270757B2 (en) | Managing exchanges of sensitive data | |
CN104580250A (en) | System and method for authenticating credible identities on basis of safety chips | |
CN100397814C (en) | Uniform identication method and system based on network | |
US10990692B2 (en) | Managing data handling policies | |
CN109450925A (en) | User right verification method, device and electronic equipment for electric power secondary system O&M | |
CN106603488A (en) | Safety system based on power grid statistical data searching method | |
JP7223067B2 (en) | Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests | |
CN106796630A (en) | User authentication | |
EP3552131A1 (en) | Password security | |
CN109040055A (en) | The method for realizing Web secure access using domestic password | |
CN104993926A (en) | Hierarchical key management system and method based on cloud computing in intelligent grid | |
CN102571874B (en) | On-line audit method and device in distributed system | |
CN109587100A (en) | A kind of cloud computing platform user authentication process method and system | |
CN109716725A (en) | No cryptographic consumer logs in and certification | |
CN113872992B (en) | Method for realizing remote Web access strong security authentication in BMC system | |
CN114143312A (en) | Block chain-based edge computing terminal authentication method, system and equipment | |
CN206878870U (en) | A kind of safe single-sign-on accesses system | |
CN108599932A (en) | A kind of identity identifying method for electric system | |
CN110022207A (en) | Key management and the method and apparatus for handling data | |
Bo et al. | Usable security mechanisms in smart building |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |