CN109450925A - User right verification method, device and electronic equipment for electric power secondary system O&M - Google Patents

User right verification method, device and electronic equipment for electric power secondary system O&M Download PDF

Info

Publication number
CN109450925A
CN109450925A CN201811480335.2A CN201811480335A CN109450925A CN 109450925 A CN109450925 A CN 109450925A CN 201811480335 A CN201811480335 A CN 201811480335A CN 109450925 A CN109450925 A CN 109450925A
Authority
CN
China
Prior art keywords
password
authentication
user
electric power
secondary system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811480335.2A
Other languages
Chinese (zh)
Other versions
CN109450925B (en
Inventor
张超
江晓春
蒋正威
钱建国
杜奇伟
金学奇
陶涛
吴靖
卢巍
胡晨
刘永新
江波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN201811480335.2A priority Critical patent/CN109450925B/en
Publication of CN109450925A publication Critical patent/CN109450925A/en
Application granted granted Critical
Publication of CN109450925B publication Critical patent/CN109450925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of user right verification method, device and electronic equipments for electric power secondary system O&M.This method comprises: obtaining the username and password to login user;The username and password is encrypted;Authority Verification is carried out to the username and password after encryption by password authentification ciphertext mapping table;And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.This disclosure relates to user right verification method, device and electronic equipment, can be while network system process simple and clear, it is ensured that the distribution security of authorization data is reliable in distribution network system.

Description

User right verification method, device and electronics for electric power secondary system O&M Equipment
Technical field
This disclosure relates to power distribution network field of information processing, and in particular to a kind of user's power for electric power secondary system O&M Limit verification method, device and electronic equipment.
Background technique
Electric system is made of power generation, transmission of electricity, power transformation, distribution, electrical equipment and corresponding auxiliary system.Electric system Electrical equipment once equipment, secondary device definition distinguish.Primary equipment (also referred to as main equipment) is to constitute electric system Main body, it is the equipment of direct production, conveying and distribution electric energy, comprising: generator, transformer, device for switching, power circuit, Mutual inductor, arrester etc., have the characteristics of high voltage, high current.The electricity that primary equipment is interconnected to constitute by purposes and function Road, referred to as primary circuit or primary connection or main wiring diagram.Secondary device, be primary equipment is controlled, is adjusted, is protected and The equipment of monitoring, it includes measurement meter, relay protection and automatic device, controlling electric device and DC power supply device etc., is had low The characteristics of voltage, low current.Secondary device obtains contacting for electricity by voltage transformer and current transformer and primary equipment.Two The circuit that secondary electrical equipment is interconnected to constitute, referred to as secondary circuit or secondary connection.
The primary system of electric system is made of primary equipment and its electric loop interconnected.The two of electric system Subsystem is made of secondary device and its electric loop interconnected, is to be monitored, control to (transformer and distribution station) primary system System, the system for adjusting and protecting.Telecontrol system refers to the system that the production process to wide area is monitored.Power Secondary system System O&M refers in particular to be linked into electric power secondary system (by secondary device and its mutually by dedicated O&M terminal, O&M software The electric loop of connection) equipment carry out O&M operation process.
By the practical investigation to power industry, and the research to related patents, find currently for Power Secondary system The operation management of system, at present for the distribution of authorization data, substantially or by it is all it is multi-vendor voluntarily manage and maintain, lack system One safety standards, in actual management, management cost is higher, is easy there is a problem of that data are inconsistent.
Therefore, it is necessary to a kind of new user right verification method, device and electronic equipments.
Summary of the invention
In view of this, the disclosure provide it is a kind of for the user right verification method of electric power secondary system O&M, device and Electronic equipment, can be while network system process simple and clear, it is ensured that the distribution security of authorization data in distribution network system Reliably.
According to the one side of the disclosure, a kind of user right verification method for electric power secondary system O&M is proposed, it should Method includes: the username and password obtained to login user;The username and password is encrypted;Pass through password authentification Ciphertext mapping table carries out Authority Verification to the username and password after encryption;And when Authority Verification passes through, allow The user carries out subsequent Sign-On authentication.
In a kind of exemplary embodiment of the disclosure, carrying out encryption to the username and password includes: described in acquisition Corresponding first character string of password;Obtain corresponding second character string of authentication security password of current authentication device;By described One character string and second character string are attached generation target string;And the target string is encrypted.
In a kind of exemplary embodiment of the disclosure, carrying out encryption to the target string includes: to the target Character string carries out individual event irreversible encryption.
In a kind of exemplary embodiment of the disclosure, by password authentification ciphertext mapping table to the use after encryption It includes: to correspond to current authentication device by extracting in the password authentification ciphertext mapping table that name in an account book and password, which carry out Authority Verification, Privately owned password is authenticated, third character string is generated;Obtain encrypted target string;And pass through the third character string and institute Target string is stated to be verified.
According to the one side of the disclosure, a kind of user right verification method for electric power secondary system O&M is proposed, it should Method comprises determining that the authentication security password of multiple authentication devices;Determine the privately owned password of the authentication of multiple authentication devices;It obtains more A user name and corresponding password;According to multiple authentication security passwords with multiple privately owned passwords of authentication to the multiple User name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated;And the multiple password authentification ciphertext is reflected Firing table is distributed in multiple authentication devices.
It is private according to multiple authentication security passwords and multiple authentications in a kind of exemplary embodiment of the disclosure Having password to carry out encryption to the multiple user name and password includes: based on Message Digest 5 according to multiple authentication securities Password encrypts the multiple user name and password with multiple privately owned passwords of authentication.
According to the one side of the disclosure, propose that a kind of user right for electric power secondary system O&M verifies device, it should Device includes: crypto module, for obtaining the username and password to login user;First encrypting module, for the use Name in an account book and password are encrypted;Authentication module, for passing through password authentification ciphertext mapping table to the user name after encryption Authority Verification is carried out with password;And log-in module, for when Authority Verification passes through, allowing the user to carry out subsequent step on Land verifying.
According to the one side of the disclosure, propose that a kind of user right for electric power secondary system O&M verifies device, it should Device includes: security password module, for determining the authentication security password of multiple authentication devices;Privately owned crypto module, for true The privately owned password of authentication of fixed multiple authentication devices;User password module, for obtaining multiple user names and corresponding password;Second Encrypting module, for according to multiple authentication security passwords and the privately owned passwords of multiple authentications to the multiple user name and Password is encrypted, and multiple password authentification ciphertext mapping tables are generated;And distribution module, for the multiple password authentification is close Literary mapping table is distributed in multiple authentication devices.
According to the one side of the disclosure, a kind of electronic equipment is proposed, which includes: one or more processors; Storage device, for storing one or more programs;When one or more programs are executed by one or more processors, so that one A or multiple processors realize such as methodology above.
According to user right verification method, device and the electronic equipment for electric power secondary system O&M of the disclosure, one Based on a authentication management center, multiple authentication host auxiliary, by secure cryptographic algorithm, by the authorization data at authentication management center It, can be in network system process simple and clear in such a way that encryption file carries out the distribution of authorization data after being encrypted Simultaneously, it is ensured that the distribution security of authorization data is reliable in distribution network system.
Detailed description of the invention
Fig. 1 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment The system block diagram of method and device.
Fig. 2 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment The flow chart of method.
Fig. 3 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The flow chart of method.
Fig. 4 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.
Fig. 5 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.
Fig. 6 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.
Fig. 7 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.
Fig. 8 is a kind of user right verifying dress for electric power secondary system O&M shown according to an exemplary embodiment The block diagram set.
Fig. 9 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The block diagram of device.
Figure 10 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Figure 11 is that a kind of computer readable storage medium schematic diagram is shown according to an exemplary embodiment.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.
Fig. 1 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment The system block diagram of method and device.
As shown in Figure 1, system architecture may include logging in client 100, O&M terminal 200, external network and authentication are led Machine 300, host data base 400 shift U board 500, authentication management center 600, central database 700.External network is to transport It ties up terminal 200 and authenticates and the medium of communication link is provided between host 300.External network may include various connection types, example Such as wired, wireless communication link or fiber optic cables.
User can log in client 100, and O&M terminal 200 passes through external network and authentication host 300, host data base 400 interactions, to receive or send message etc..Client 100 is logged in, various communication clients can be installed in O&M terminal 200 End application, such as shopping class application, web browser applications, searching class application, instant messaging tools, mailbox client, social activity Platform software etc..
Wherein, client 100 is logged in, the user name of authorization data, the terminal software that password is logged in can be used.Terminal Software has many forms, such as webpage version, special-purpose software etc., have it is a variety of show form and implementation, Realize that with design be not designing points of the invention, so omissions of detail explanation.
O&M terminal 200 is the terminal device that operation logs in client 100, can also run other journeys on the device Sequence, the equipment carry out login authentication by external network access authentication host, realize that with design be not that design of the invention is wanted Point, so omissions of detail explanation.
Host 300 is authenticated, is responsible for log in the login process of client and providing the service of authorization interface, authentication verification Device, the authentication service run on authentication host 300 will be by the way that according to cured service interface is configured, access logs in client 100 logging request, and authenticated.
O&M terminal 200 can be the various electronic equipments with display screen and supported web page browsing, including but unlimited In smart phone, tablet computer, pocket computer on knee and desktop computer etc..
Authentication host 300 can for example obtain the username and password to login user;Authenticating host 300 can be for example to described Username and password is encrypted;Authenticating host 300 can be for example by password authentification ciphertext mapping table to described in after encryption Username and password carries out Authority Verification;Authenticating host 300 can be for example when Authority Verification passes through, after allowing the user to carry out Continuous Sign-On authentication.
Authentication host 300 can be to provide the server of various services, such as to user using transmitted by O&M terminal 200 The server that is authenticated of logging request.Authentication host 300 can carry out the authentication request received the processing such as analyzing, and Processing result is fed back into O&M terminal 200.
Authentication management center 6000 can for example determine the authentication security password of multiple authentication devices;Authentication management center 600 It can for example determine the privately owned password of the authentication of multiple authentication devices;Authentication management center 600 can for example obtain multiple user names and right The password answered;It authentication management center 600 can be for example according to multiple authentication security passwords and multiple privately owned passwords of authentication The multiple user name and password are encrypted, multiple password authentification ciphertext mapping tables are generated;It authentication management center 600 can example Multiple password authentification ciphertext mapping tables are distributed in multiple authentication devices as will be described.
Authentication host 300 and authentication management center 600 can be the server of an entity, also may be, for example, multiple services Device composition, it should be noted that user right verification method provided by the embodiment of the present disclosure can be by authentication host 300 and mirror It weighs administrative center 600 to execute, correspondingly, user right verifying device can be set in authentication host 300 and authentication management center In 600.And it is supplied to user and proposes that the server-side of authentication request is located in O&M terminal 200.
According to the user right verification method and device for electric power secondary system O&M of the disclosure, authenticated by one Based on administrative center, the mode of multiple authentication host auxiliary, by secure cryptographic algorithm, by the authorization data at authentication management center It, can be in network system process simple and clear in such a way that encryption file carries out the distribution of authorization data after being encrypted Simultaneously, it is ensured that the distribution security of authorization data is reliable in distribution network system.
The user right verification method and device for electric power secondary system O&M of the disclosure, are not only applicable only to electricity The O&M field of power electrical secondary system, is targetedly optimized and revised in the later period, will be applied to more necks of power industry In the O&M in domain, for the safety in production of electric system be capable of providing more extensively, deeper into protective effect, possess good skill Art development prospect, industrial application prospect and market prospects.
Fig. 2 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment The flow chart of method.User right verification method can be applicable in O&M terminal 200 as described in Figure 1, user right verification method Including at least step S202 to S208.
As shown in Fig. 2, obtaining the username and password to login user in S202.By the description in Fig. 1, log in Client 100, by the login interface for calling authentication service externally to provide, after the TCP/IP connection for building on authentication service, User name Account_Cur, the password Password_Cur that operator is inputted on logging in client 100, pass through network Request is sent to authentication service.
In S204, the username and password is encrypted.It include: to obtain corresponding first character of the password String;Obtain corresponding second character string of authentication security password of current authentication device;By first character string and described second Character string is attached generation target string;And the target string is encrypted.
Fig. 4 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.In one embodiment, carrying out encryption to the target string includes: to carry out to the target string Individual event irreversible encryption.By taking the embodiment of a password verification process as an example, password 11 (" PasswordStr ") will pass through word Symbol series winding connects, the security key 12 (" SecureKey ") of additional authentication host 300, character string after being added after password 13("PasswordStrSecureKey")。
In one embodiment is looked for, can by MD5 algorithm, to character string 13 after addition (" PasswordStrSecureKey ") unidirectional irreversible operation is carried out, obtain 14 (" B2D635AE267C8DF of password authentification ciphertext E4D524AB0AAE06596")。
MD5 algorithm is secure in that, even if library attack is hit for MD5 by current mainframe computer, because of MD5 Unidirectional operation, inversely crack can only also obtain it is one of may solution, can not accurately obtain it is current it is accurately additional after Character string.And the possibility solution of acquisition is inversely cracked, and it, will be by current password verification process when being verified as password, additional peace It is verified again after full password " SecureKey ", will be unable to acquisition password authentification and pass through.Therefore this password verification process, possesses Enough safeties.
Meanwhile by this password verification process, different authentication hosts is distributed as long as its security key has difference Data will be only used for specified authentication host, others authentication hosts on, even if knowing the algorithm of password verification process, Also the user name used on other authentication hosts, password can not inversely be extrapolated by the distribution of document of other authentication hosts.
Fig. 5, Fig. 6 are a kind of user rights for electric power secondary system O&M shown according to another exemplary embodiment The schematic diagram of verification method.It is user name, close by taking one group of user name, password, password authentification ciphertext as an example shown in Fig. 6 such as Fig. 5 The record of code and password authentification ciphertext mapping table are as follows:
User name: root, password: PassOfRoot,
Password authentification ciphertext: " 8AA21CB8234A5AD0ABA418CB2FAC7404 " };
User name: Admin, password: PassOfAdmin,
Password authentification ciphertext: " 012BA9BC200FE804CFAC8CD96A9C8B11 " };
User name: guest, password: PassOfguest,
Password authentification ciphertext: " F3196D2574F884DEF0D7D8F9E3897209 " };
User name: user1, password: PassOfUser1,
Password authentification ciphertext: " 1146A8121086AA10A2418E2E9404D62B " };
User name: user2, password: PassOfUser2,
Password authentification ciphertext: " EB83D5E6988073BC13C7D2AD156CF332 " }).
User name root, corresponding original password are PassOfRoot,
After the addition of security key 12 (" SecureKey "), character string 13 after being added (" PassOfRootSecureKey "), after MD5 operation, password authentification ciphertext 14 are as follows: (" 8AA21CB8234A5AD0ABA 418CB2FAC7404");Others and so on.
In S206, permission is carried out to the username and password after encryption by password authentification ciphertext mapping table and is tested Card.
In one embodiment, the username and password after encryption is carried out by password authentification ciphertext mapping table Authority Verification includes: the privately owned password of authentication for corresponding to current authentication device by extracting in the password authentification ciphertext mapping table, Generate third character string;Obtain encrypted target string;And pass through the third character string and the target string It is verified.
After authentication service receives the data of the logging request, user name Account_Cur, password are extracted Password_Cur;Then from the user name and password authentification ciphertext mapping table 40 of the host data base 400 of authentication host 300 In, inquire authentication information record identical with current user name.
In S208, when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.If can not find phase Authentication information with user name records, and current logging request will obtain the response of login failure;If finding same subscriber name Authentication information records (user name: Account_Cur, password authentification ciphertext: Password_Crypt_Auth), will be according to password Verifying process is verified, and after being verified, otherwise the response that current logging request logins successfully acquisition will be logged in The response of failure.
Fig. 3 is a kind of user right authentication for electric power secondary system O&M shown according to an exemplary embodiment The flow chart of method.User right verification method can be applicable in authentication host 300 as described in Figure 1, user right verification method Including at least step S302 to S310.
As shown in figure 3, determining the authentication security password of multiple authentication devices in S302.Current authentication host 300, will Security key 12 with authentication management center 600, the common current authentication host 300 of agreement is " SecureKey ".
In S304, the privately owned password of the authentication of multiple authentication devices is determined.Different authentication hosts 300 should arrange each From privately owned security key 12.Password authentification cryptogram computation process, by combining cipher 11, authenticate host 300 security key 12, Password authentification ciphertext 14 is obtained by calculating.
In S306, multiple user names and corresponding password are obtained.
In S308, according to multiple authentication security passwords and multiple privately owned passwords of authentication to the multiple user Name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated.It include: based on Message Digest 5 according to multiple described Authentication security password encrypts the multiple user name and password with multiple privately owned passwords of authentication.
To user name Account_Cur, the password Password_Cur of one group of requirement verifying, verification process is as follows:
A) it from the user name of the host data base 400 of authentication host 300 and password authentification ciphertext mapping table 40, inquires The wherein authentication information record identical with user name Account_Cur of field user name 21, if can not find record, current authentication Do not pass through;
B) from matched authentication information record, field password authentification ciphertext 23 therein is extracted, is saved in character string change It measures in Password_Crypt_Auth.
C) to password Password_Cur, by password authentification cryptogram computation process, in conjunction with the peace of current authentication host 300 Full key 12 is carried out calculating acquisition password authentification ciphertext 14, is saved in string variable Password_Crypt_Cur.
D) character string ratio is carried out to two string variables Password_Crypt_Cur, Password_Crypt_Auth Compared with being verified, otherwise verify and do not pass through if the character string saved in two variables is identical.
Administrative staff are on authentication management center 600, to user name 21, the password 22, password authentification ciphertext for allowing login 23 are managed, and are saved in user name, password and password authentification ciphertext mapping table.
A) corresponding to each user name 21 according to the security key 12 (" SecureKey ") arranged with authentication host 300 Password 22, by password authentification cryptogram computation process, by combining cipher 11 (i.e. the password 22 of user 21), authentication host 300 Security key 12, obtain password authentification ciphertext 14 by calculating, and by user name 21, (the i.e. password authentification ciphertext meter of password 22 Password 11 during calculation), password authentification ciphertext 23 (the password authentification ciphertext 14 i.e. in password authentification cryptogram computation process), protect It is stored in user name, password and password authentification ciphertext mapping table.
B) new user name 21, password 22 are created if necessary, and after being calculated according to the above process, respective field is saved in User name, password and password authentification ciphertext mapping table.
If needing to modify its password 22 c) to existing user name 21, according to the password 22 of new settings, counted again After calculation, the result after calculating is updated and arrives the corresponding record of user name 21.For example, user name 21 is recorded as information for root Record 201, the information that is recorded as that user name 21 is Admin record 202, and so on.
If d) to delete existing user name 21, directly mapped in user name, password and password authentification ciphertext Table deletes corresponding record.
E) regulatory management center 600 needs the authentication information to more authentication hosts 300 to be managed, then by basis The difference of each authentication host 300 and the difference of its security key 12, can correspond to each authentication host 300 and generate corresponding use Name in an account book, password and password authentification ciphertext mapping table.Extending user name, password and password authentification ciphertext mapping table can also be passed through The field of password authentification ciphertext increases the field of an authentication host.It is designed and implementation, and specialized database is designed For personnel, research and development engineer, there are many extension implementation, realize that with design be not designing points of the invention, so saving Slightly specification specified.
Fig. 7 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The schematic diagram of method.As shown in fig. 7, authentication information is distributed to specified authentication at authentication management center 600 by administrative staff It is (user name 21, close to extract two of them field from corresponding user name, password and password authentification ciphertext mapping table for host 300 Code verifying ciphertext 23), generate user name and password authentification ciphertext mapped file 30.
A) user name 21 of every record of corresponding user name, password and password authentification ciphertext mapping table, password authentification is close Text 23, using ": " as blank character, is spliced, and a line character string is formed;
B) in such a way that every record a line records, user name and password authentification ciphertext mapped file 30 are sequentially written in In.
C) { user name: root, password: PassOfRoot, password authentification ciphertext: " 8AA21 is recorded with a wherein information CB8234A5AD0ABA418CB2FAC7404 " } for, it is corresponding in the user name and password authentification ciphertext mapped file 30 of generation Character-serial be " root:8AA21CB8234A5AD0ABA418CB2FAC7404 ";Other and so on.
In S310, the multiple password authentification ciphertext mapping table is distributed in multiple authentication devices.Administrative staff can By shifting USB flash disk 500, user name and password authentification ciphertext mapped file 30 are copied in transfer USB flash disk 500, then copied to It authenticates in host 300.
Host 300 is authenticated, new user name and password authentification ciphertext mapped file 30 are being obtained, authentication before will be believed Breath record is removed comprehensively, then will be in new information record write-in host data base 400.
The user name and password authentification ciphertext mapping table 40 of host data base 400 mainly include two fields: user name 21, password authentification ciphertext 23.
User name and password authentification ciphertext mapped file 30 are read line by line, and with ": ", obtain previous word respectively The character string of section and the character string of the latter field, are identified as user name 21, password authentification ciphertext 23, and be saved in user name And in password authentification ciphertext mapping table 40.
By the above process, after the distribution for completing authorization data, authentication host 300 can be obtained authentication management center 600 Latest edition accurate authorization data, and other authentication hosts or external staff can not crack the authentication currently distributed Information possesses enough security intensities.
According to the user right verification method for electric power secondary system O&M of the disclosure, using in an authentication management Based on the heart, multiple authentication host auxiliary, by secure cryptographic algorithm, after the authorization data at authentication management center is encrypted, The distribution of authorization data is carried out by encryption file, and ensures that the authorization data between each authentication host passes through dedicated safety Password is protected, so that it is guaranteed that the distribution safe enough of entire authorization data is reliable, while the process of whole system is again enough Simple and clear.Management of this system particularly suitable for the authentication information in electric power secondary system O&M field, low in cost, portion Administration is easy, and is very suitable to the guard system construction demand of electric power secondary system, for electric power secondary system O&M, the present invention is A kind of solution of high performance-price ratio.
The user right verification method for electric power secondary system O&M of the disclosure, implementation cost is low, and technical difficulty is small, And it is safe and reliable, it has sufficiently ensured the secure distribution of authentication information, has avoided the accidental exposure because during data transport, Data forgery can be sufficiently taken precautions against, to establish safe and reliable authentication information distribution system, helps electric power secondary system fortune The standard convention system of authentication information distribution is established in dimension field.
It will be appreciated by those skilled in the art that realizing that all or part of the steps of above-described embodiment is implemented as being executed by CPU Computer program.When the computer program is executed by CPU, above-mentioned function defined by the above method that the disclosure provides is executed Energy.The program can store in a kind of computer readable storage medium, which can be read-only memory, magnetic Disk or CD etc..
Following is embodiment of the present disclosure, can be used for executing embodiments of the present disclosure.It is real for disclosure device Undisclosed details in example is applied, embodiments of the present disclosure is please referred to.
Fig. 8 is a kind of user right verifying dress for electric power secondary system O&M shown according to an exemplary embodiment The block diagram set.As shown in figure 8, user right verifying device includes: crypto module 802, the first encrypting module 804, authentication module 806 and log-in module 808.
Crypto module 802 is used to obtain the username and password to login user;Client 100 is logged in, is reflected by calling Operator is being logged in client after the TCP/IP connection for building on authentication service by the login interface that power service externally provides User name Account_Cur, the password Password_Cur inputted on end 100, is sent to authentication service by network request;
First encrypting module 804 is for encrypting the username and password;It include: that the acquisition password is corresponding First character string;Obtain corresponding second character string of authentication security password of current authentication device;By first character string with Second character string is attached generation target string;And the target string is encrypted.
Authentication module 806 is used to carry out the username and password after encryption by password authentification ciphertext mapping table Authority Verification;Correspond to the privately owned password of authentication of current authentication device by extracting in the password authentification ciphertext mapping table, generates Third character string;Obtain encrypted target string;And it is carried out by the third character string and the target string Verifying.
Log-in module 808 is used for when Authority Verification passes through, and the user is allowed to carry out subsequent Sign-On authentication.If looked for Authentication information less than same subscriber name records, and current logging request will obtain the response of login failure;If finding identical use The authentication information of name in an account book records (user name: Account_Cur, password authentification ciphertext: Password_Crypt_Auth), will be by It is verified according to password authentification process, after being verified, otherwise the response that current logging request logins successfully acquisition will obtain Obtain the response of login failure.
Fig. 9 is that a kind of user right for electric power secondary system O&M shown according to another exemplary embodiment is verified The block diagram of device.As shown in figure 9, user right verifying device includes: security password module 902, privately owned crypto module 904 is used Family crypto module 906, the second encrypting module 908 and distribution module 910.
Security password module 902 is used to determine the authentication security password of multiple authentication devices;Current authentication host 300, will Security key 12 with authentication management center 600, the common current authentication host 300 of agreement is " SecureKey ".
Privately owned crypto module 904 is for determining the privately owned password of the authentication of multiple authentication devices;Different authentication hosts 300, It should arrange respectively privately owned security key 12.Password authentification cryptogram computation process by combining cipher 11, authenticates host 300 Security key 12 obtains password authentification ciphertext 14 by calculating.
User password module 906 is for obtaining multiple user names and corresponding password.
Second encrypting module 908 is used for according to multiple authentication security passwords and multiple privately owned passwords of authentication to institute It states multiple user names and password is encrypted, generate multiple password authentification ciphertext mapping tables;It include: based on Message Digest 5 root The multiple user name and password are encrypted according to multiple authentication security passwords and multiple privately owned passwords of authentication.
Distribution module 910 is for the multiple password authentification ciphertext mapping table to be distributed in multiple authentication devices.Management Personnel can be copied user name and password authentification ciphertext mapped file 30 in transfer USB flash disk 500 to, then by shifting USB flash disk 500 It copies in authentication host 300.
Device is verified according to the user right for electric power secondary system O&M of the disclosure, using in an authentication management Based on the heart, multiple authentication host auxiliary, by secure cryptographic algorithm, after the authorization data at authentication management center is encrypted, The distribution of authorization data is carried out by encryption file, and ensures that the authorization data between each authentication host passes through dedicated safety Password is protected, so that it is guaranteed that the distribution safe enough of entire authorization data is reliable, while the process of whole system is again enough Simple and clear.Management of this system particularly suitable for the authentication information in electric power secondary system O&M field, low in cost, portion Administration is easy, and is very suitable to the guard system construction demand of electric power secondary system, for electric power secondary system O&M, the present invention is A kind of solution of high performance-price ratio.
Figure 10 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
The electronic equipment 1000 of this embodiment according to the disclosure is described referring to Figure 10.The electricity that Figure 10 is shown Sub- equipment 1000 is only an example, should not function to the embodiment of the present disclosure and use scope bring any restrictions.
As shown in Figure 10, electronic equipment 1000 is showed in the form of universal computing device.The component of electronic equipment 1000 can To include but is not limited to: at least one processing unit 1010, at least one storage unit 1020, connection different system components (packet Include storage unit 220 and processing unit 1010) bus 1030, display unit 1040 etc..
Wherein, the storage unit is stored with program code, and said program code can be held by the processing unit 1010 Row, so that the processing unit 1010 executes described in this specification above-mentioned electronic prescription circulation processing method part according to this The step of disclosing various illustrative embodiments.For example, the processing unit 1010 can be executed such as Fig. 3, walked shown in Fig. 4 Suddenly.
The storage unit 1020 may include the readable medium of volatile memory cell form, such as random access memory Unit (RAM) 10201 and/or cache memory unit 10202 can further include read-only memory unit (ROM) 10203。
The storage unit 1020 can also include with one group of (at least one) program module 10205 program/it is practical Tool 10204, such program module 10205 includes but is not limited to: operating system, one or more application program, other It may include the realization of network environment in program module and program data, each of these examples or certain combination.
Bus 1030 can be to indicate one of a few class bus structures or a variety of, including storage unit bus or storage Cell controller, peripheral bus, graphics acceleration port, processing unit use any bus structures in a variety of bus structures Local bus.
Electronic equipment 1000 can also (such as keyboard, sensing equipment, bluetooth be set with one or more external equipments 1000 ' It is standby etc.) communication, the equipment interacted with the electronic equipment 1000 can be also enabled a user to one or more to be communicated, and/or with Enable the electronic equipment 1000 with it is one or more of the other calculating equipment communicated any equipment (such as router, adjust Modulator-demodulator etc.) communication.This communication can be carried out by input/output (I/O) interface 1050.Also, electronic equipment 1000 can also by network adapter 1060 and one or more network (such as local area network (LAN), wide area network (WAN) and/ Or public network, such as internet) communication.Network adapter 1060 can pass through the other of bus 1030 and electronic equipment 1000 Module communication.It should be understood that although not shown in the drawings, other hardware and/or software mould can be used in conjunction with electronic equipment 1000 Block, including but not limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape Driver and data backup storage system etc..
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the disclosure The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server or network equipment etc.) executes the above method according to disclosure embodiment.
Figure 11 schematically shows a kind of computer readable storage medium schematic diagram in disclosure exemplary embodiment.
With reference to shown in Figure 11, the program product for realizing the above method according to embodiment of the present disclosure is described 1100, can using portable compact disc read only memory (CD-ROM) and including program code, and can in terminal device, Such as it is run on PC.However, the program product of the disclosure is without being limited thereto, in this document, readable storage medium storing program for executing can be with To be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or It is in connection.
Described program product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but be not limited to electricity, magnetic, optical, electromagnetic, infrared ray or System, device or the device of semiconductor, or any above combination.The more specific example of readable storage medium storing program for executing is (non exhaustive List) include: electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only Memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
The computer readable storage medium may include in a base band or the data as the propagation of carrier wave a part are believed Number, wherein carrying readable program code.The data-signal of this propagation can take various forms, including but not limited to electromagnetism Signal, optical signal or above-mentioned any appropriate combination.Readable storage medium storing program for executing can also be any other than readable storage medium storing program for executing Readable medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Person's program in connection.The program code for including on readable storage medium storing program for executing can transmit with any suitable medium, packet Include but be not limited to wireless, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with any combination of one or more programming languages come write for execute the disclosure operation program Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind, including local area network (LAN) or wide area network (WAN), it is connected to user calculating equipment, or, it may be connected to external computing device (such as utilize ISP To be connected by internet).
Above-mentioned computer-readable medium carries one or more program, when said one or multiple programs are by one When the equipment executes, so that the computer-readable medium implements function such as: obtaining the username and password to login user;It is right The username and password is encrypted;By password authentification ciphertext mapping table to the username and password after encryption into Row Authority Verification;And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.
It will be appreciated by those skilled in the art that above-mentioned each module can be distributed in device according to the description of embodiment, it can also Uniquely it is different from one or more devices of the present embodiment with carrying out corresponding change.The module of above-described embodiment can be merged into One module, can also be further split into multiple submodule.
By the description of above embodiment, those skilled in the art is it can be readily appreciated that example embodiment described herein It can also be realized in such a way that software is in conjunction with necessary hardware by software realization.Therefore, implemented according to the disclosure The technical solution of example can be embodied in the form of software products, which can store in a non-volatile memories In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) or on network, including some instructions are so that a calculating equipment (can To be personal computer, server, mobile terminal or network equipment etc.) it executes according to the method for the embodiment of the present disclosure.

Claims (9)

1. being used for the user right verification method of electric power secondary system O&M characterized by comprising
Obtain the username and password to login user;
The username and password is encrypted;
Authority Verification is carried out to the username and password after encryption by password authentification ciphertext mapping table;
And when Authority Verification passes through, the user is allowed to carry out subsequent Sign-On authentication.
2. the user right verification method according to claim 1 for electric power secondary system O&M, which is characterized in that right The username and password carries out encryption
Obtain corresponding first character string of the password;
Obtain corresponding second character string of authentication security password of current authentication device;
First character string and second character string are attached generation target string;
And the target string is encrypted.
3. the user right verification method according to claim 2 for electric power secondary system O&M, which is characterized in that right The target string carries out encryption
Individual event irreversible encryption is carried out to the target string.
4. the user right verification method according to claim 2 for electric power secondary system O&M, which is characterized in that logical Cross password authentification ciphertext mapping table includes: to the username and password progress Authority Verification after encryption
Correspond to the privately owned password of authentication of current authentication device by extracting in the password authentification ciphertext mapping table, generates third word Symbol string;
Obtain encrypted target string;
And it is verified by the third character string with the target string.
5. being used for the user right verification method of electric power secondary system O&M characterized by comprising
Determine the authentication security password of multiple authentication devices;
Determine the privately owned password of the authentication of multiple authentication devices;
Obtain multiple user names and corresponding password;
The multiple user name and password are carried out according to multiple authentication security passwords and multiple privately owned passwords of authentication Encryption, generates multiple password authentification ciphertext mapping tables;
And the multiple password authentification ciphertext mapping table is distributed in multiple authentication devices.
6. the user right verification method according to claim 5 for electric power secondary system O&M, which is characterized in that root Encrypted packet is carried out to the multiple user name and password according to multiple authentication security passwords and multiple authentication privately owned passwords It includes:
Based on Message Digest 5 according to multiple authentication security passwords with the privately owned passwords of multiple authentications to the multiple User name and password are encrypted.
7. the user right for electric power secondary system O&M verifies device characterized by comprising
Crypto module, for obtaining the username and password to login user;
First encrypting module, for being encrypted to the username and password;
Authentication module is tested for carrying out permission to the username and password after encryption by password authentification ciphertext mapping table Card;
And log-in module, for when Authority Verification passes through, allowing the user to carry out subsequent Sign-On authentication.
8. the user right for electric power secondary system O&M verifies device characterized by comprising
Security password module, for determining the authentication security password of multiple authentication devices;
Privately owned crypto module, the privately owned password of authentication for determining multiple authentication devices;
User password module, for obtaining multiple user names and corresponding password;
Second encrypting module is used for according to multiple authentication security passwords with multiple privately owned passwords of authentication to the multiple User name and password are encrypted, and multiple password authentification ciphertext mapping tables are generated;
And distribution module, for the multiple password authentification ciphertext mapping table to be distributed in multiple authentication devices.
9. electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors, so that one or more of processors are real The now method as described in any in claim 1-5 or 5-6.
CN201811480335.2A 2018-12-05 2018-12-05 User authority verification method and device for operation and maintenance of power secondary system and electronic equipment Active CN109450925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811480335.2A CN109450925B (en) 2018-12-05 2018-12-05 User authority verification method and device for operation and maintenance of power secondary system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811480335.2A CN109450925B (en) 2018-12-05 2018-12-05 User authority verification method and device for operation and maintenance of power secondary system and electronic equipment

Publications (2)

Publication Number Publication Date
CN109450925A true CN109450925A (en) 2019-03-08
CN109450925B CN109450925B (en) 2021-09-28

Family

ID=65556306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811480335.2A Active CN109450925B (en) 2018-12-05 2018-12-05 User authority verification method and device for operation and maintenance of power secondary system and electronic equipment

Country Status (1)

Country Link
CN (1) CN109450925B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110912932A (en) * 2019-12-16 2020-03-24 珠海市鸿瑞信息技术股份有限公司 Power secondary system information safety operation and maintenance supervision platform
CN111105799A (en) * 2019-12-09 2020-05-05 国网浙江省电力有限公司杭州供电公司 Offline voice recognition device and method based on pronunciation quantification and electric power special word bank
CN114169013A (en) * 2021-12-06 2022-03-11 镁佳(北京)科技有限公司 User registration and verification method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102780698A (en) * 2012-07-24 2012-11-14 南京邮电大学 User terminal safety communication method in platform of Internet of Things
CN103248485A (en) * 2013-04-24 2013-08-14 中国南方电网有限责任公司 Security label-based power secondary system access control method and system
CN103685149A (en) * 2012-09-03 2014-03-26 中兴通讯股份有限公司 Server login password processing method and device
CN104219228A (en) * 2014-08-18 2014-12-17 四川长虹电器股份有限公司 User registration and user identification method and user registration and user identification system
CN106161031A (en) * 2015-04-23 2016-11-23 腾讯科技(深圳)有限公司 Server password generates method, verification method and device
CN106973043A (en) * 2017-03-14 2017-07-21 广州视源电子科技股份有限公司 A kind of password validation system and method for password authentication
CN107911343A (en) * 2017-10-27 2018-04-13 深圳英飞拓科技股份有限公司 The password storage verification method and device of safety
CN108632241A (en) * 2018-03-07 2018-10-09 湖南小步科技有限公司 A kind of multi-application system unified login method and apparatus

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102780698A (en) * 2012-07-24 2012-11-14 南京邮电大学 User terminal safety communication method in platform of Internet of Things
CN103685149A (en) * 2012-09-03 2014-03-26 中兴通讯股份有限公司 Server login password processing method and device
CN103248485A (en) * 2013-04-24 2013-08-14 中国南方电网有限责任公司 Security label-based power secondary system access control method and system
CN104219228A (en) * 2014-08-18 2014-12-17 四川长虹电器股份有限公司 User registration and user identification method and user registration and user identification system
CN106161031A (en) * 2015-04-23 2016-11-23 腾讯科技(深圳)有限公司 Server password generates method, verification method and device
CN106973043A (en) * 2017-03-14 2017-07-21 广州视源电子科技股份有限公司 A kind of password validation system and method for password authentication
CN107911343A (en) * 2017-10-27 2018-04-13 深圳英飞拓科技股份有限公司 The password storage verification method and device of safety
CN108632241A (en) * 2018-03-07 2018-10-09 湖南小步科技有限公司 A kind of multi-application system unified login method and apparatus

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111105799A (en) * 2019-12-09 2020-05-05 国网浙江省电力有限公司杭州供电公司 Offline voice recognition device and method based on pronunciation quantification and electric power special word bank
CN111105799B (en) * 2019-12-09 2023-07-07 国网浙江省电力有限公司杭州供电公司 Off-line voice recognition device and method based on pronunciation quantization and electric power special word stock
CN110912932A (en) * 2019-12-16 2020-03-24 珠海市鸿瑞信息技术股份有限公司 Power secondary system information safety operation and maintenance supervision platform
CN110912932B (en) * 2019-12-16 2022-02-15 珠海市鸿瑞信息技术股份有限公司 Power secondary system information safety operation and maintenance supervision platform
CN114169013A (en) * 2021-12-06 2022-03-11 镁佳(北京)科技有限公司 User registration and verification method and system
CN114169013B (en) * 2021-12-06 2022-07-01 镁佳(北京)科技有限公司 User registration and verification method and system

Also Published As

Publication number Publication date
CN109450925B (en) 2021-09-28

Similar Documents

Publication Publication Date Title
Anakath et al. Privacy preserving multi factor authentication using trust management
CN109194673A (en) Authentication method, system, equipment and storage medium based on authorized user message
US9673979B1 (en) Hierarchical, deterministic, one-time login tokens
CN103259663A (en) User unified authentication method in cloud computing environment
US20140282840A1 (en) Managing data handling policies
US10270757B2 (en) Managing exchanges of sensitive data
CN104580250A (en) System and method for authenticating credible identities on basis of safety chips
CN100397814C (en) Uniform identication method and system based on network
US10990692B2 (en) Managing data handling policies
CN109450925A (en) User right verification method, device and electronic equipment for electric power secondary system O&M
CN106603488A (en) Safety system based on power grid statistical data searching method
JP7223067B2 (en) Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests
CN106796630A (en) User authentication
EP3552131A1 (en) Password security
CN109040055A (en) The method for realizing Web secure access using domestic password
CN104993926A (en) Hierarchical key management system and method based on cloud computing in intelligent grid
CN102571874B (en) On-line audit method and device in distributed system
CN109587100A (en) A kind of cloud computing platform user authentication process method and system
CN109716725A (en) No cryptographic consumer logs in and certification
CN113872992B (en) Method for realizing remote Web access strong security authentication in BMC system
CN114143312A (en) Block chain-based edge computing terminal authentication method, system and equipment
CN206878870U (en) A kind of safe single-sign-on accesses system
CN108599932A (en) A kind of identity identifying method for electric system
CN110022207A (en) Key management and the method and apparatus for handling data
Bo et al. Usable security mechanisms in smart building

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant