CN110493257A - Session key management method in a kind of water conservancy industrial control system encryption equipment - Google Patents
Session key management method in a kind of water conservancy industrial control system encryption equipment Download PDFInfo
- Publication number
- CN110493257A CN110493257A CN201910841121.1A CN201910841121A CN110493257A CN 110493257 A CN110493257 A CN 110493257A CN 201910841121 A CN201910841121 A CN 201910841121A CN 110493257 A CN110493257 A CN 110493257A
- Authority
- CN
- China
- Prior art keywords
- equipment
- encryption equipment
- encryption
- session key
- fieldbus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses session key management methods in a kind of water conservancy industrial control system encryption equipment, by conversating distribution, update and the removal of key for the encryption equipment for accessing water conservancy industrial control system, the distributed credible of each node on water conservancy industrial control system fieldbus is realized.On water conservancy industrial control system fieldbus, deployment encryption equipment between the node and bus of bus is accessed for each, and the session key based on symmetric encipherment algorithm is distributed to each encryption equipment, the authentication that equipment can be realized has the advantages that access efficiency is high, time overhead is small, compatible strong relative to rivest, shamir, adelman.The present invention is without being transformed existing bus-network topological structure, resistivity with higher for man-in-the-middle attack.It can reduce in the automatic control system of water conservancy industry, the security risk generated due to fieldbus channel is invaded, provide reliable safety guarantee for critical infrastructure in national economy field.
Description
Technical field
The invention belongs to session keys in information technology field more particularly to a kind of water conservancy industrial control system encryption equipment
Management method.
Background technique
In the existing water conservancy industrial control system in China, most use site buses between host computer and slave computer
Network implementations data communication, communication protocol are mostly Modbus.The structure of Modbus application data (ADU) is in security of system
There are higher fragility for aspect: protocol Data Unit (PDU) therein lacks confidentiality with plaintext transmission;Completeness check
Mechanism is too simple, is easily tampered;There is no any repellence to Replay Attack.In order to be directed in fieldbus networks due to above-mentioned
Security risk caused by fragility, can be by disposing between automation control appliances, with fieldbus in host computer, slave computer etc.
Equipment is encrypted, realizes the safe transmission of ADU.How the key of such encryption equipment is managed, is currently one and relatively attaches most importance to
The problem of wanting.
Due to the lower traffic rate of Channel Sharing characteristic and automation control appliance of bus-network, at the scene
Individual Public Key Infrastructure (PKI) is established in bus and authentication center (CA) realizes the encryption key distribution and management of centralization, it will
The efficiency of system can be produced bigger effect, it could even be possible to causing the reduction of availability.
Therefore, how under the premise of guaranteeing system effectiveness and availability, the fieldbus letter of a set of decentralization is designed
Road encrypted device keys management method realizes convenient, efficient encryption key distribution, update and removal, improves for man-in-the-middle attack
Resistivity, prevent unwarranted illegality equipment monitor on the channel of bus, intercept at the scene, altered data monitoring and control
Information processed reduces the safety generated due to fieldbus channel is invaded in the industrial automation control system of water conservancy industry
Risk provides reliable safety guarantee for critical infrastructure in national economy field, be one have it is higher academic and
The project of application value.
Summary of the invention
Goal of the invention: in view of the above problems, the present invention proposes that session is close in a kind of water conservancy industrial control system encryption equipment
Key management method realizes the distributed cryptographic device keys management function of decentralization.
Technical solution: to achieve the purpose of the present invention, the technical scheme adopted by the invention is that: a kind of water conservancy Industry Control
Session key management method, includes the following steps: in system encryption equipment
S1: setting a certain field bus FB of water conservancy industrial control system, in the network object of control equipment and fieldbus
Access encryption equipment between interface is managed, encryption equipment is initialized, initialization procedure includes that encryption equipment session key is raw
At and encryption equipment session cipher key pre-distribution;
S2: when the address code of the control equipment DD in field bus FB changes, it is that control equipment DD is connected plus
Close equipment session key is updated, and renewal process includes generating the encryption equipment new session key, cancel former session key with
And encryption equipment session cipher key pre-distribution;
S3: when the control equipment DD in field bus FB is temporarily or permanently disconnected and other equipment in field bus FB
Logical connection, the session key in encryption equipment connected to control equipment DD carries out removal processing, removes process packet
The session key resetting of the encryption equipment is included, and the encryption equipment original cipher key is encrypted from other each in field bus FB
It is deleted in equipment.
Further, pair encryption equipment described in step S1 initializes;Method is as follows:
Using the symmetrical encryption module built in encryption equipment, a session key PK is generated, corresponding symmetric cryptography is calculated
Method includes but is not limited to DES, AES, SM1;If the address code for encrypting the control equipment of equipment connection is DADR;
Using PK, DADR as a binary group, write-in is encrypted in the memory of equipment, which includes but is not limited to
NAND Flash,eMMC;It using PK, DADR as a binary group, exports into mobile device MD, in case pre-allocation stage makes
With the form of mobile device MD includes but is not limited to mobile hard disk, USB flash disk, SD card;
After the session keys of all encryption equipment generate in completion field bus FB, each encryption equipment is executed respectively
Predistribution operation, after the completion of predistribution, initialization procedure terminates.
Further, predistribution operation is executed respectively to each encryption equipment in field bus FB;Method is as follows:
If encryption equipment connection control equipment be main equipment (Master), by field bus FB it is all connection other from
It exports to binary group PK, DADR of mobile device MD in the encryption equipment of equipment (Slave), is respectively written into and is connect with main equipment
In the memory of the encryption equipment;
If the control equipment for encrypting equipment connection is from equipment (Slave), by uniquely connection master sets in field bus FB
It is exported in the encryption equipment of standby (Master) to binary group PK, DADR of mobile device MD, what write-in was connect with from equipment should add
In the memory of close equipment.
Further, described in step S2 when the address code of the control equipment DD in field bus FB changes, control is set
The encryption equipment session key that standby DD is connected is updated;If the raw address code for controlling equipment DD is DADR, for its connection
Encryption equipment, update method is as follows:
S2.1: using the symmetrical encryption module built in the encryption equipment, a session for regenerating the encryption equipment is close
Key PK_NEW, corresponding symmetric encipherment algorithm include but is not limited to DES, AES, SM1;If the new address code of control equipment DD is
DADR_NEW;
It using PK_NEW, DADR_NEW as a binary group, is written in the memory of the encryption equipment, and covers the encryption
Former binary group PK, DADR of equipment;Using PK_NEW, DADR_NEW as a binary group, export to mobile device MD, and cover
Former binary group PK, DADR of the stored encryption equipment in MD, in case pre-allocation stage uses, the form packet of mobile device MD
Include but be not limited to mobile hard disk, USB flash disk, SD card;
S2.2: after the new session key generation for completing the encryption equipment, other each encryption in field bus FB is set
Back-up Zhi Hang not cancel encryption equipment original session key operation, if depositing in the memory of other encryption equipment in field bus FB
In former binary group PK, DADR for the encryption equipment having been written into, which is deleted;
S2.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, to the encryption equipment
Execute predistribution operation;
If the changed control equipment DD of the address code that the encryption equipment is connected be main equipment (Master), by this plus
Close equipment is exported to binary group PK_NEW, DADR_NEW of mobile device MD, be respectively written into field bus FB it is all connection its
He is from the memory of the encryption equipment of equipment (Slave);
If the changed control equipment DD of the address code that the encryption equipment is connected be from equipment (Slave), by this plus
Close equipment is exported to binary group PK_NEW, DADR_NEW of mobile device MD, is written and is uniquely connected main set in field bus FB
In the memory of the encryption equipment of standby (Master);
After the completion of S2.4: step S2.3 executes predistribution, renewal process terminates.
Further, described in step S3 when the control equipment DD in field bus FB temporarily or permanently disconnect it is total with scene
The logical connection of other equipment on line FB removes the session key in encryption equipment that control equipment DD is connected;
If the raw address code of control equipment DD is DADR, for encryption equipment connected to it, removing method is as follows:
S3.1: if there is binary group PK, DADR having been written into the memory of the encryption equipment, which being deleted,
The memory of the encryption equipment is reset into reset condition;
S3.2: after the completion of the encryption equipment replacement, other each encryption equipment in field bus FB is executed respectively and is removed
Sell encryption equipment original session key operation;If there is the original for the encryption equipment having been written into the memory of other encryption equipment
Binary group PK, DADR deletes the binary group;
S3.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, removal process terminates.
The utility model has the advantages that compared with prior art, technical solution of the present invention has technical effect beneficial below:.
The present invention passes through the method that symmetric session keys are distributed offline, update and removed, and realizes fieldbus channel and adds
The distributed management of close device keys decentralization.In the fieldbus networks of existing water conservancy industrial control system, without building
Found individual Public Key Infrastructure (Public Key Infrastructure) and authentication center (Certificate
Authority), the authentication of control equipment can be realized, there is stronger equipment compatibility.The present invention is compatible existing total
Linear topology network can effectively prevent unwarranted illegal without being transformed to fieldbus physical layer and link layer
Equipment is implemented on the channel of bus the man-in-the-middle attacks such as monitor, intercept, distorting at the scene.Compared with asymmetrical encryption approach, this
Symmetric encryption scheme of the invention employed in session key has the characteristics that access efficiency is high, time overhead is few, thus is setting
Competitive advantage with higher in standby cost and node processing time delay, can reduce under the premise of saving computing resource in water conservancy
The security risk of fieldbus channel in the industrial control system of industry mentions critical infrastructure in national economy field
For reliable safety guarantee.
Detailed description of the invention
Fig. 1 is the method for the present invention hierarchical chart;
Fig. 2 is initialization flowchart of the present invention;
Fig. 3 is that the present invention updates flow chart;
Fig. 4 is that the present invention removes flow chart.
Specific embodiment
Further description of the technical solution of the present invention with reference to the accompanying drawings and examples.
If in certain water conservancy industrial control system, in a field bus FB, being respectively present control equipment D1, D2, D3, wherein
D1 is host computer, is set as master mode, address 0x01;D2, D3 are slave computer, are set as slave mode, address is respectively
0x02,0x03.Control equipment D1, D2, D3 are connected directly to field bus FB, do not dispose any add between field bus FB
Close equipment.
Session key management method in a kind of encryption equipment of water conservancy industrial control system described in the present embodiment, such as Fig. 1 institute
Show, comprising the following steps:
S1: by new encryption equipment ND1, ND2, ND3 respectively be deployed to control equipment D1, D2, D3 and field bus FB it
Between, following operation successively is executed to ND1, ND2, ND3:
Using the symmetrical encryption module built in ND1, a session key PK1 is generated, corresponding symmetric encipherment algorithm is
SM1.The address code DADR1 of the control equipment D1 of ND1 connection is 0x01, and using PK1, DADR1 as a binary group, ND1 is written
Memory in, the memory be NAND Flash.Using PK1, DADR1 as a binary group, export into mobile device MD,
The form of mobile device MD is USB flash disk.
Using the symmetrical encryption module built in ND2, a session key PK2 is generated, corresponding symmetric encipherment algorithm is
SM1.The address code DADR2 of the control equipment D2 of ND2 connection is 0x02, and using PK2, DADR2 as a binary group, ND2 is written
Memory in, the memory be NAND Flash.Using PK2, DADR2 as a binary group, export into mobile device MD.
Using the symmetrical encryption module built in ND3, a session key PK3 is generated, corresponding symmetric encipherment algorithm is
SM1.The address code DADR3 of the control equipment D3 of ND3 connection is 0x03, and using PK3, DADR3 as a binary group, ND3 is written
Memory in, the memory be NAND Flash.Using PK3, DADR3 as a binary group, export into mobile device MD.
The control equipment D1 of ND1 connection is main equipment (Master), connects other from equipment for all in field bus FB
(Slave) it is exported in encryption equipment ND2, ND3 of D2, D3 to binary group PK2, DADR2 and PK3, the DADR3 of mobile device MD,
It is respectively written into the memory of ND1.
The control equipment D2 of ND2 connection is that main equipment will be uniquely connected in field bus FB from equipment (Slave)
(Master) it exports in the encryption equipment ND1 of D1 to binary group PK1, DADR1 of mobile device MD, is written in the memory of ND2.
The control equipment D3 of ND3 connection is that main equipment will be uniquely connected in field bus FB from equipment (Slave)
(Master) it exports in the encryption equipment ND1 of D1 to binary group PK1, DADR1 of mobile device MD, is written in the memory of ND3.
At this point, initialization procedure terminates, the session key of oneself is written in the memory of ND1, ND2, ND3.Wherein,
Address and the session key of ND2, ND3 are written in the memory of ND1, be written in the memory of ND2, ND3 the address of ND1 with
Session key.Therefore, ND1 can carry out data communication with ND2, ND3 respectively, due to lacking the session of other side between ND2 and ND3
Key can not carry out data communication, realize and be isolated from the communication data of equipment room.Initialization process is as shown in Figure 2.
S2: as the control equipment D2 in field bus FB because failure needs replacing, the address code of the new equipment D2 after replacement
Become 0x04 from 0x02, for the ND2 being deployed between D2 and FB, successively execute following operation:
Using the symmetrical encryption module built in ND2, a session key PK4 is regenerated, corresponding symmetric cryptography is calculated
Method is SM1.The new address code DADR4 of the new equipment D2 of ND2 connection is 0x04, using PK4, DADR4 as a binary group, write-in
In the memory of ND2, and cover former binary group PK2, DADR2.Using PK4, DADR4 as a binary group, exports to movement and set
Standby MD, and cover stored original binary group PK2, DADR2 in MD.
Then, former binary group PK2, DADR2 that ND2 is successively searched in the memory of ND1, ND3, due to the storage of ND1
The binary group is had been written into device, therefore needs to be implemented revocation ND2 original cipher key operation, and the binary group in ND1 memory is deleted
It removes.
Finally, executing predistribution operation.Since control equipment D2 is that will export from equipment (Slave) to mobile device MD
Binary group PK4, DADR4, be written in field bus FB and uniquely connect the encryption equipment ND1 of main equipment (Master) D1 and deposit
In reservoir.
At this point, renewal process terminates.The PK2 of original equipment D2 is removed from the memory of encryption equipment ND2, even if will
Original equipment D2 can not also be communicated by encryption equipment ND2 connection field bus FB with main equipment D1.New equipment D2 can be just
Often communicated with main equipment D1.More new technological process is as shown in Figure 3.
S3: when the control equipment D3 in field bus FB scraps, need permanently to disconnect with the logical connection of D1, D2,
For the encryption equipment ND3 being deployed between D3 and FB, following operation is successively executed:
Due to there is binary group PK3, DADR3 having been written into the memory of ND3, first the binary group is deleted, then will
The memory of ND3 resets to the state before initialization procedure.
In the memory for the encryption equipment ND1 being connect with main equipment D1 exist have been written into ND3 former binary group PK3,
DADR3 deletes the binary group.
At this point, the process of removal terminates.PK3 is not present in ND1, ND2, ND3, it is logical that D3 can not carry out any data with D1
Letter.At this point, even if the D3 after scrapping is obtained by malicious attacker, it can not be in field bus FB after access encryption equipment ND3
D1, D2 attacked.When if desired connecting with encryption equipment ND3 by new control equipment and access field bus FB, then need
Again encryption equipment ND1, ND2, ND3 are initialized.It is as shown in Figure 4 to remove process.
Embodiment is merely illustrative of the invention's technical idea, and this does not limit the scope of protection of the present invention, it is all according to
Technical idea proposed by the present invention, any changes made on the basis of the technical scheme are fallen within the scope of the present invention.
Claims (7)
1. session key management method in a kind of water conservancy industrial control system encryption equipment, it is characterised in that: this method includes such as
Lower step:
S1: for a fieldbus of water conservancy industrial control system, in the network physical interface of control equipment and fieldbus
Between access encryption equipment, to encryption equipment initialize;Initialization procedure includes that encryption equipment session key generates and adds
Close equipment session cipher key pre-distribution;
S2: when the address code of the control equipment on water conservancy industrial control system fieldbus changes, to the control equipment institute
The encryption equipment session key of connection is updated processing;Renewal process includes generating the encryption equipment new session key, revocation
Former session key and encryption equipment session cipher key pre-distribution;
S3: when the control equipment on water conservancy industrial control system fieldbus temporarily or permanently disconnect with fieldbus on its
The logical connection of his equipment, the session key in encryption equipment connected to the control equipment carry out removal processing;It removed
Journey includes the session key resetting of the encryption equipment, and by the encryption equipment original session key from fieldbus other are each
It is deleted in platform encryption equipment.
2. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 1, special
Sign is: pair encryption equipment described in step S1 initializes;Method is as follows:
Using the symmetrical encryption module built in encryption equipment, a session key PK is generated;If the control of encryption equipment connection is set
Standby address code is DADR;
Using PK, DADR as a binary group, write-in is encrypted in the memory of equipment;Using PK, DADR as a binary group, lead
Out into mobile device MD;
After the session keys of all encryption equipment generate on completion fieldbus, predistribution is executed respectively to each encryption equipment
Operation, after the completion of predistribution, initialization procedure terminates.
3. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2, special
Sign is: executing predistribution operation respectively to each encryption equipment, the method is as follows:
If the control equipment of encryption equipment connection is main equipment (Master), other are connected from equipment by all on fieldbus
(Slave) it exports in encryption equipment to binary group PK, DADR of mobile device MD, is respectively written into this connecting with main equipment and adds
In the memory of close equipment;
If the control equipment of encryption equipment connection is that will uniquely connect main equipment on fieldbus from equipment (Slave)
(Master) it is exported in encryption equipment to binary group PK, DADR of mobile device MD, the encryption connecting with from equipment is written
In the memory of equipment.
4. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 3, special
Sign is: when the address code of the control equipment on fieldbus changes described in step S2, it is that control equipment is connected plus
Close device keys are updated;If the raw address code for controlling equipment is DADR, for the encryption equipment of its connection, update method is such as
Under:
S2.1: using the symmetrical encryption module built in the encryption equipment, a session key PK_ of the encryption equipment is regenerated
NEW;If the new address code for controlling equipment is DADR_NEW;
It using PK_NEW, DADR_NEW as a binary group, is written in the memory of the encryption equipment, and covers the encryption equipment
Former binary group PK, DADR;Using PK_NEW, DADR_NEW as a binary group, export to mobile device MD, and cover in MD
Former binary group PK, DADR of the stored encryption equipment;
S2.2: after the new session key generation for completing the encryption equipment, to other each encryption equipment difference on fieldbus
It executes and cancels encryption equipment original session key operation, had been written into if existing in the memory of other encryption equipment on fieldbus
The encryption equipment former binary group PK, DADR, which is deleted;
S2.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, which is executed
Predistribution operation;
If the changed control equipment of the address code that the encryption equipment is connected is main equipment (Master), by the encryption equipment
Export to binary group PK_NEW, DADR_NEW of mobile device MD, be respectively written on fieldbus all connections other from equipment
(Slave) in the memory of encryption equipment;
If the changed control equipment of the address code that the encryption equipment is connected is from equipment (Slave), by the encryption equipment
It exports to binary group PK_NEW, DADR_NEW of mobile device MD, is written on fieldbus and uniquely connects main equipment
(Master) in the memory of encryption equipment;
After the completion of S2.4: step S2.3 executes predistribution, renewal process terminates.
5. session key manager in a kind of encryption equipment of the water conservancy industrial control system according to Claims 2 or 3 or 4
Method, it is characterised in that: described in step S3 when the control equipment on fieldbus temporarily or permanently disconnect with fieldbus on
The logical connection of other equipment, the session key in encryption equipment connected to the control equipment carry out removal processing;If should
The raw address code for controlling equipment is DADR, and for encryption equipment connected to it, removing method is as follows:
S3.1: if there is binary group PK, DADR having been written into the memory of the encryption equipment, which is deleted, by this
The memory of encryption equipment resets to reset condition;
S3.2: after the completion of the encryption equipment replacement, executing revocation respectively to other each encryption equipment on fieldbus should add
Close equipment original session key operation;If there is the former binary group for the encryption equipment having been written into the memory of other encryption equipment
PK, DADR delete the binary group;
S3.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, removal process terminates.
6. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2 or 4,
It is characterized in that: using the symmetrical encryption module built in encryption equipment, generating a session key PK, corresponding symmetric cryptography is calculated
Method includes but is not limited to DES, AES, SM1.
7. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2 or 4,
Be characterized in that: the memory for encrypting equipment includes but is not limited to NAND Flash, eMMC;The form of mobile device MD includes but not
It is limited to mobile hard disk, USB flash disk, SD card.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910841121.1A CN110493257A (en) | 2019-09-06 | 2019-09-06 | Session key management method in a kind of water conservancy industrial control system encryption equipment |
PCT/CN2020/085870 WO2021042735A1 (en) | 2019-09-06 | 2020-04-21 | Session key management method in encryption device of water conservancy industrial control system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910841121.1A CN110493257A (en) | 2019-09-06 | 2019-09-06 | Session key management method in a kind of water conservancy industrial control system encryption equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110493257A true CN110493257A (en) | 2019-11-22 |
Family
ID=68555555
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910841121.1A Pending CN110493257A (en) | 2019-09-06 | 2019-09-06 | Session key management method in a kind of water conservancy industrial control system encryption equipment |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110493257A (en) |
WO (1) | WO2021042735A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988288A (en) * | 2020-08-04 | 2020-11-24 | 网络通信与安全紫金山实验室 | Key exchange method, system, equipment and storage medium based on network time delay |
WO2021042735A1 (en) * | 2019-09-06 | 2021-03-11 | 江苏省水文水资源勘测局 | Session key management method in encryption device of water conservancy industrial control system |
CN113014385A (en) * | 2021-03-25 | 2021-06-22 | 黑龙江大学 | Double-port hardware network data encryption system and method |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110401528A (en) * | 2019-07-16 | 2019-11-01 | 河海大学 | A kind of fieldbus single channel encryption device keys management method |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104767618B (en) * | 2015-04-03 | 2018-02-09 | 清华大学 | A kind of CAN authentication method and system based on broadcast |
EP3182674B1 (en) * | 2015-12-14 | 2019-03-13 | Deutsche Telekom AG | System for secure communication in robot-retrofitting |
CN106790053B (en) * | 2016-12-20 | 2019-08-27 | 江苏大学 | A kind of method of ECU secure communication in CAN bus |
CN106899404B (en) * | 2017-02-15 | 2020-06-02 | 同济大学 | Vehicle-mounted CAN FD bus communication system and method based on pre-shared key |
CN108390754B (en) * | 2018-01-24 | 2020-12-04 | 上海航天芯锐电子科技有限公司 | Scrambling method of chip internal bus scrambling device based on variable parameters |
CN110493257A (en) * | 2019-09-06 | 2019-11-22 | 江苏省水文水资源勘测局 | Session key management method in a kind of water conservancy industrial control system encryption equipment |
-
2019
- 2019-09-06 CN CN201910841121.1A patent/CN110493257A/en active Pending
-
2020
- 2020-04-21 WO PCT/CN2020/085870 patent/WO2021042735A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110401528A (en) * | 2019-07-16 | 2019-11-01 | 河海大学 | A kind of fieldbus single channel encryption device keys management method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021042735A1 (en) * | 2019-09-06 | 2021-03-11 | 江苏省水文水资源勘测局 | Session key management method in encryption device of water conservancy industrial control system |
CN111988288A (en) * | 2020-08-04 | 2020-11-24 | 网络通信与安全紫金山实验室 | Key exchange method, system, equipment and storage medium based on network time delay |
CN113014385A (en) * | 2021-03-25 | 2021-06-22 | 黑龙江大学 | Double-port hardware network data encryption system and method |
CN113014385B (en) * | 2021-03-25 | 2023-09-01 | 黑龙江大学 | Double-network-port hardware network data encryption system |
Also Published As
Publication number | Publication date |
---|---|
WO2021042735A1 (en) | 2021-03-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109412794B (en) | Quantum key automatic charging method and system suitable for power business | |
CN110493257A (en) | Session key management method in a kind of water conservancy industrial control system encryption equipment | |
CN109190384B (en) | Multi-center block chain fusing protection system and method | |
CN111245597B (en) | Key management method, system and equipment | |
WO2021008181A1 (en) | Key management method for fieldbus channel encryption device | |
WO2020192285A1 (en) | Key management method, security chip, service server and information system | |
CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
JP2011223544A (en) | Powerful hybrid key management method and session key generation method for scada system | |
CN105610837B (en) | For identity authentication method and system between SCADA system main website and slave station | |
CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
CN205584238U (en) | Network data encryption equipment | |
CN102710638A (en) | Device and method for isolating data by adopting non-network manner | |
CN208015762U (en) | Support transmission encryption device, system and the decryption device of industry control agreement | |
CN114866778B (en) | Monitoring video safety system | |
Ahmadi et al. | A 3-level re-encryption model to ensure data protection in cloud computing environments | |
CN106411559A (en) | Low voltage transformer area anti-electricity-stealing diagnosis system | |
CN115776375A (en) | Face information identification encryption authentication and data security transmission method based on Shamir threshold | |
CN115694922A (en) | File transmission encryption method and equipment under domestic CPU and OS | |
CN110463157A (en) | For distributing the System and method for of SPI value | |
CN109688584B (en) | Data security storage system and method suitable for resource-limited network node | |
CN114500020A (en) | Network security management method based on big data | |
CN109379335B (en) | Equipment checking method, system and storage medium | |
CN108154037A (en) | Data transmission method and device between process | |
CN103647654B (en) | A kind of power distribution terminal key management method based on trust computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191122 |