CN110795729A - Industrial control network security software centralized authorization method - Google Patents
Industrial control network security software centralized authorization method Download PDFInfo
- Publication number
- CN110795729A CN110795729A CN201911085009.6A CN201911085009A CN110795729A CN 110795729 A CN110795729 A CN 110795729A CN 201911085009 A CN201911085009 A CN 201911085009A CN 110795729 A CN110795729 A CN 110795729A
- Authority
- CN
- China
- Prior art keywords
- authorization
- code
- client
- server
- activated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 129
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000003213 activating effect Effects 0.000 claims abstract description 3
- 238000009434 installation Methods 0.000 description 11
- 230000004913 activation Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a centralized authorization method for industrial control network security software, which comprises the following steps: s1, setting an authorization server at the network center, wherein the authorization server is connected with the client through a network; s2, adding an authorization code in the authorization server; s3, when the client activates the safety software, the client sends the protection password and the machine code to the authorization server; s4, the authorization server receives the protection password and the machine code and then inquires whether the machine code is activated through the database; when the machine code is inquired to be activated, informing the client that the security software is activated; when the machine code is not activated, finding an unused authorization code in the database, binding the authorization code with the machine code, and sending the authorization code to the client; s5, the client side verifies the validity of the authorization code after receiving the authorization code; and when the authorization code is legal, activating operation is carried out through the authorization code.
Description
Technical Field
The invention relates to the field of network security, in particular to a centralized authorization method for industrial control network security software.
Background
With the continuous integration of an industrial control system and the internet, the industrial control system is inevitably exposed to the threat of network security, so that the security and the stability of an industrial control network become more and more uncontrollable, and the occurrence of Lesog viruses and the like causes the security attention of people to industrial control hosts to be higher and higher. According to statistics, 70% of networking devices in the current industrial control network have security holes, and 90% of software and hardware devices accessing the internet of things in the future are expected to have potential safety hazards to a certain extent, so that the safety problem of the industrial control network is urgently solved.
The host safety software in the industrial control network is mainly used for protecting the industrial control host from being invaded by viruses and trojans, and the host safety software can be installed and operated after being authorized when being installed. At present, the authorization mode of security software is that a client side authorizes the security software, after a software installation file is copied to a machine, a usb key is firstly inserted into the machine during operation, then a license generation tool is used for generating a corresponding authorization code, and the machine code of the machine is adopted for generating the authorization code to be used as a generated seed, so that the repetition is avoided; however, the authorization method has the following disadvantages:
1. the industrial control safety software is generally deployed in an industrial field, the area of the industrial field is wide, if a plurality of hosts need to be installed and authorized, the installation and deployment are complicated, installers need to install in each area, and the time cost and the labor cost are very high;
2. the local installation can not effectively control the authorization quantity of the software, so that some software can be autonomously installed by copying an authorization code without authorization, and the network security is a great hidden danger;
3. local authorization needs a ukey tool and an activation tool, the activation mode is complicated, and the operation is very inconvenient.
Disclosure of Invention
The invention aims to provide a safe and rapid centralized authorization method for industrial control network security software, which is convenient to use and safe and rapid.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a centralized authorization method for industrial control network security software comprises the following steps:
s1, setting an authorization server at the network center, wherein the authorization server is connected with the client through a network;
s2, adding an authorization code in the authorization server;
s3, when the client activates the safety software, the client sends the protection password and the machine code to the authorization server;
s4, the authorization server receives the protection password and the machine code and then inquires whether the machine code is activated through the database; when the machine code is inquired to be activated, informing the client that the security software is activated; when the machine code is not activated, finding an unused authorization code in the database, binding the authorization code with the machine code, and sending the authorization code to the client;
s5, the client side verifies the validity of the authorization code after receiving the authorization code; and when the authorization code is legal, activating operation is carried out through the authorization code.
Further, in step S1, there are a plurality of clients, and the plurality of clients are connected to the authorization server through the router.
Further, in step S2, when the authorization codes are added in the authorization server, the number of the authorization codes is consistent with the number of the clients.
Further, in step S4, after the unused authorization code is bound to the machine code, the usage status of the authorization code is changed to a used status.
Compared with the prior art, the invention has the advantages and positive effects that:
according to the method, the authorization server is arranged on the server of the central network, the authentication code is input into the authorization server when the security software client is activated, the authorization server returns the corresponding authorization code to realize authorization activation, the operation is convenient and rapid, all software can be installed and authorized only on the server, installation personnel do not need to run through each device to activate one by one, and the installation efficiency of the network security software is greatly improved; on the other hand, the invention cancels a fussy usbkey verification process, so that the usability of the network security software installation program is improved, the situation that the usbkey is lost and cannot be activated and installed is avoided, the installation efficiency is improved, and a certain expenditure cost is reduced; and the authorization server sets the specified number of authorization codes, binds unused authorization codes and the client characteristic code when the client requests the authorization codes, and returns the authorization codes to the client.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a diagram of the connection architecture of an authorization server with a secure software client;
FIG. 2 is a block diagram of the framework of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived from the embodiments of the present invention by a person skilled in the art without any creative effort, should be included in the protection scope of the present invention.
As shown in fig. 1 and 2, aiming at the disadvantages of authorization of network security software clients and the situations of practical applications in the prior art, the invention adopts a mode of centralized authorization installation of security software, firstly, an authorization server is placed on a server of a central network, when the security software client is installed, firstly, the address of the authorization server is filled, and meanwhile, the authentication code of the authorization server is input, the authorization server returns the corresponding authorization code and authorization state, and meanwhile, the corresponding application state is recorded in a database. Therefore, the installation and authorization of all software can be completed only by using the server, and installation personnel do not need to run through the whole factory, thereby greatly improving the efficiency.
On the other hand, the authorization server prepares a fixed number of authorization codes at the beginning, binds unused authorization codes and client feature codes when a client requests the authorization server, and returns the authorization codes to the client, so that the authorization number of client software can be controlled, and centralized management is facilitated.
The operation steps of the invention are as follows:
1. installing an authorization server and preparing a corresponding authorization code, installing the authorization server at the position of a network center, enabling other secure production areas to access the authorization server, and simultaneously adding a specified number of authorization codes in a database in the authorization server, wherein the number of the authorization codes is generated according to the number of licenses; the deployment of the authorization server is substantially as shown in figure 1;
2. an authorization table is arranged in a database in the authorization server, and the structure of the authorization table is shown in table 1:
table 1: authorization table
Serial number | Authorization code | Use sign | Machine code |
As shown in fig. 2, when the client is activated, a protection password and a machine code are sent to the authorization server, the machine code is a feature code of the client, the authorization server needs to perform encryption processing when sending an authorization code to the network security software client, the protection password is an encryption password in a transmission process, the security is improved, and the authorization server can be used for legitimacy verification of the client at the same time, the authorization server firstly queries whether the machine code is activated in a database, if the machine code is activated, the client is informed that the machine code is activated, if relevant information is not queried, an unused authorization code is found in the database and is bound with the machine code (the authorization code needs to be in one-to-one correspondence with the machine code of the machine, so as to avoid repeated registration and counterfeit registration), the use status flag of the authorization code is changed to be used, the authorization code is returned to the client at the same time, after the authorization code is obtained, the client needs to locally verify, avoiding the use of illegal authorization codes for activation.
According to the method, the authorization server is arranged on the server of the central network, the authentication code is input into the authorization server when the security software client is activated, the authorization server returns the corresponding authorization code to realize authorization activation, the operation is convenient and rapid, all software can be installed and authorized only on the server, installation personnel do not need to run through each device to activate one by one, and the installation efficiency of the network security software is greatly improved; on the other hand, the invention cancels a fussy usbkey verification process, so that the usability of the network security software installation program is improved, the situation that the usbkey is lost and cannot be activated and installed is avoided, the installation efficiency is improved, and a certain expenditure cost is reduced; and the authorization server sets the specified number of authorization codes, binds unused authorization codes and the client characteristic code when the client requests the authorization codes, and returns the authorization codes to the client.
Claims (4)
1. A centralized authorization method for industrial control network security software is characterized in that: the method comprises the following steps:
s1, setting an authorization server at the network center, wherein the authorization server is connected with the client through a network;
s2, adding an authorization code in the authorization server;
s3, when the client activates the safety software, the client sends the protection password and the machine code to the authorization server;
s4, the authorization server receives the protection password and the machine code and then inquires whether the machine code is activated through the database; when the machine code is inquired to be activated, informing the client that the security software is activated; when the machine code is not activated, finding an unused authorization code in the database, binding the authorization code with the machine code, and sending the authorization code to the client;
s5, the client side verifies the validity of the authorization code after receiving the authorization code; and when the authorization code is legal, activating operation is carried out through the authorization code.
2. The industrial control network security software centralized authorization method according to claim 1, characterized in that: in the step S1, there are a plurality of clients, and the plurality of clients are connected to the authorization server through the router.
3. The industrial control network security software centralized authorization method according to claim 1, characterized in that: in step S2, when the authorization codes are added to the authorization server, the number of the authorization codes is consistent with the number of the clients.
4. The industrial control network security software centralized authorization method according to claim 1, characterized in that: in step S4, after the unused authorization code is bound to the machine code, the usage status of the authorization code is changed to a used status.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911085009.6A CN110795729A (en) | 2019-11-08 | 2019-11-08 | Industrial control network security software centralized authorization method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911085009.6A CN110795729A (en) | 2019-11-08 | 2019-11-08 | Industrial control network security software centralized authorization method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110795729A true CN110795729A (en) | 2020-02-14 |
Family
ID=69443586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911085009.6A Pending CN110795729A (en) | 2019-11-08 | 2019-11-08 | Industrial control network security software centralized authorization method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110795729A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113779511A (en) * | 2021-09-14 | 2021-12-10 | 湖南麒麟信安科技股份有限公司 | Software authorization method, device, server and readable storage medium |
CN114329563A (en) * | 2021-12-30 | 2022-04-12 | 北京人大金仓信息技术股份有限公司 | Database processing method, device, equipment and medium |
CN114465772A (en) * | 2021-12-30 | 2022-05-10 | 江苏慧眼数据科技股份有限公司 | Automation control equipment system and method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6304969B1 (en) * | 1999-03-16 | 2001-10-16 | Webiv Networks, Inc. | Verification of server authorization to provide network resources |
CN1782941A (en) * | 2004-12-04 | 2006-06-07 | 鸿富锦精密工业(深圳)有限公司 | Software authorizing and protecting device and method |
CN102468969A (en) * | 2010-10-29 | 2012-05-23 | 北大方正集团有限公司 | Method and system for controlling number of registered clients |
CN104539589A (en) * | 2014-12-10 | 2015-04-22 | 华为软件技术有限公司 | Authorization method, server and client |
CN109960900A (en) * | 2019-03-29 | 2019-07-02 | 富士施乐实业发展(中国)有限公司 | A kind of registration code generating method and system |
-
2019
- 2019-11-08 CN CN201911085009.6A patent/CN110795729A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6304969B1 (en) * | 1999-03-16 | 2001-10-16 | Webiv Networks, Inc. | Verification of server authorization to provide network resources |
CN1782941A (en) * | 2004-12-04 | 2006-06-07 | 鸿富锦精密工业(深圳)有限公司 | Software authorizing and protecting device and method |
CN102468969A (en) * | 2010-10-29 | 2012-05-23 | 北大方正集团有限公司 | Method and system for controlling number of registered clients |
CN104539589A (en) * | 2014-12-10 | 2015-04-22 | 华为软件技术有限公司 | Authorization method, server and client |
CN109960900A (en) * | 2019-03-29 | 2019-07-02 | 富士施乐实业发展(中国)有限公司 | A kind of registration code generating method and system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113779511A (en) * | 2021-09-14 | 2021-12-10 | 湖南麒麟信安科技股份有限公司 | Software authorization method, device, server and readable storage medium |
CN114329563A (en) * | 2021-12-30 | 2022-04-12 | 北京人大金仓信息技术股份有限公司 | Database processing method, device, equipment and medium |
CN114465772A (en) * | 2021-12-30 | 2022-05-10 | 江苏慧眼数据科技股份有限公司 | Automation control equipment system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3550783B1 (en) | Internet of things device burning verification method and apparatus | |
CN112417379B (en) | Cluster license management method and device, authorization server and storage medium | |
CN110795729A (en) | Industrial control network security software centralized authorization method | |
CN102780699B (en) | Protecting method and protecting system for authentication server software copyright | |
CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
CN104202338B (en) | A kind of safety access method being applicable to enterprise-level Mobile solution | |
EP1914658B1 (en) | Identity controlled data center | |
US7890746B2 (en) | Automatic authentication of backup clients | |
CN101647219B (en) | Mechanism for secure rehosting of licenses | |
CN1507203A (en) | Method and system for conducting user verification to sub position of network position | |
CN105162764A (en) | Dual authentication method, system and device for SSH safe login | |
CN103310161A (en) | Protection method and system for database system | |
CN102035838B (en) | Trust service connecting method and trust service system based on platform identity | |
CN104935572A (en) | Multilevel privilege management method and device | |
CN109243017A (en) | A kind of bluetooth method for unlocking, device and computer readable storage medium | |
CN100365974C (en) | Device and method for controlling computer access | |
CN113676334B (en) | Block chain-based distributed edge equipment identity authentication system and method | |
WO2015169003A1 (en) | Account assignment method and apparatus | |
CN104125230A (en) | Short message authentication service system and authentication method | |
CN108769004B (en) | Remote operation safety verification method for industrial internet intelligent equipment | |
CN104753886A (en) | Locking method for remote user, unlocking method and device | |
EP1668466A1 (en) | Granting an access to a computer-based object | |
JP2017152877A (en) | Electronic key re-registration system, electronic key re-registration method, and program | |
CN115484108A (en) | Distributed internet database anti-intrusion security system | |
CN115766007A (en) | System for realizing one-factory multi-place unified identity authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200214 |
|
RJ01 | Rejection of invention patent application after publication |