CN111007783A - Safety management and control system and method - Google Patents
Safety management and control system and method Download PDFInfo
- Publication number
- CN111007783A CN111007783A CN201911383624.5A CN201911383624A CN111007783A CN 111007783 A CN111007783 A CN 111007783A CN 201911383624 A CN201911383624 A CN 201911383624A CN 111007783 A CN111007783 A CN 111007783A
- Authority
- CN
- China
- Prior art keywords
- external equipment
- unit
- module
- control
- accessed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0428—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24024—Safety, surveillance
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses a safety management and control system and a method, comprising a connecting module, an identification module, an external equipment classification module and a control module; the invention selects the control mode by setting the control module, controls the accessed external equipment, distinguishes the general class of the accessed external equipment by the external equipment classification module, distinguishes the similar external equipment of the same general class, distinguishes individuals of the similar external equipment, identifies the accessed external equipment by the identification module, judges whether the external equipment is allowed to be accessed into the system or not, and accesses the external equipment into the safety control system by the connection module if the external equipment is allowed.
Description
Technical Field
The invention relates to the technical field of system security, in particular to a safety control system and a method.
Background
The safety control system is a system providing a highly reliable safety protection means, can avoid the unsafe state of related equipment to the maximum extent, prevent the occurrence of malignant accidents or reduce the loss as much as possible after the accidents occur, protect production devices and the most important personal safety, is widely used in the modern chemical production process, and has more and more important function in industrial production.
The external device is a generic name of input and output devices (including external memory) in a computer system. The functions of transmitting, transferring and storing data and information are important components in computer systems. Peripheral devices are attached or auxiliary devices that are connected to a computer, enabling expansion of the computer system.
However, the safety management and control system in the prior art is relatively general in the management and control granularity of the external device, and has the technical problem of relatively poor management and control effect.
Disclosure of Invention
The invention provides a safety management and control system and a method, and solves the technical problem that the safety management and control system in the prior art has poor management and control effect due to relatively general management and control granularity of external equipment.
The invention provides a safety management and control system which comprises a connecting module, an identification module, an external equipment classification module and a control module;
the connection module is used for connecting external equipment;
the identification module is used for identifying equipment accessed into the safety system, allowing or forbidding external equipment to be accessed into the safety management and control system, and sending external equipment information allowing the external equipment to be accessed into the safety management and control system to the external equipment classification module;
the external equipment classification module is used for distinguishing a general class of external equipment allowed to be accessed, distinguishing similar external equipment under the same general class, distinguishing different individuals of the similar external equipment and sending distinguishing information to the control module;
the control module is used for manually controlling the external equipment allowed to be accessed and automatically controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
Preferably, the identification module includes an identification unit and a management and control unit;
the identification unit is used for identifying the accessed external equipment and sending identification information to the control unit;
the management and control unit is used for allowing or forbidding the external equipment to be accessed into the safety management and control system according to the identification information of the identification unit and sending the external equipment information allowing the external equipment to be accessed into the safety management and control system to the external equipment classification module.
Preferably, the external device classification module comprises a general classification unit, a similar classification unit and an individual classification unit;
the general class distinguishing unit is used for distinguishing general classes of the external equipment which is allowed to be accessed;
the similar distinguishing unit is used for distinguishing similar external equipment under the same general class;
the individual distinguishing unit is used for distinguishing different individuals of the same type of external equipment and sending distinguishing information to the control module for distinguishing control.
Preferably, the control module comprises a manual control unit and an automatic control unit;
the manual control unit is used for realizing manual control of the external equipment allowed to be accessed;
the automatic control unit is used for automatically detecting and controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
Preferably, the security management and control system further comprises a communication encryption module, and the communication encryption module is used for encrypting and decrypting communication information and data accessed to the external device in the using process.
Preferably, the communication encryption module comprises a communication encryption unit and a communication decryption unit;
the communication encryption unit is used for encrypting communication information and data sent by the external equipment allowed to be accessed;
the communication decryption unit is used for decrypting the encrypted information data.
Preferably, the safety management and control system further comprises a directional audit module, and the directional audit module is used for recording operation footprints of related operations of the safety management and control system, configuring audit rules, and centrally auditing and uniformly reporting core files.
Preferably, the directional auditing module comprises an operation footprint recording unit, a rule configuration unit, a centralized auditing unit and a reporting unit;
the footprint recording unit is used for recording the operation footprint of the related operation of the safety management and control system;
the rule configuration unit is used for configuring an audit rule of the safety management and control system;
the directional audit module is used for carrying out audit work according to the configuration rule of the rule configuration unit;
the centralized auditing unit is used for auditing the current system log and service of the safety management and control system according to a set rule;
the reporting unit is used for reporting the audited content in a unified way.
Preferably, the elements recorded by the footprint recording unit comprise event names which can be audited, the success or failure status of the events and safety information, and the centralized auditing unit auditing process comprises system starting or closing auditing, process starting or stopping auditing and core file auditing.
A safety control method is based on the safety control system and comprises the following steps:
selecting a control mode of a safety management and control system;
connecting the external equipment to the safety management and control system;
identifying external equipment connected to the safety management and control system, and judging whether the external equipment is allowed or forbidden to be accessed into the safety management and control system;
the method comprises the steps of distinguishing a general class of external equipment which is allowed to be accessed into a safety management and control system, distinguishing similar external equipment under the same general class in a memorable way, and distinguishing different individuals of the similar external equipment; the accessed external equipment is allowed to be controlled;
and performing directional audit on the operation of the safety management and control system, and reporting an audit result.
According to the technical scheme, the invention has the following advantages:
the control mode is selected through the control module, the accessed external equipment is controlled, the accessed external equipment is classified through the external equipment classification module, the same type of external equipment in the same general class is classified, individuals of the same type of external equipment are classified, the accessed external equipment is identified through the identification module, the release or the forbidding of the external equipment is realized, the external equipment is accessed into the system through the connection module, and the control granularity of the embodiment of the invention is thinner and the control effect is better;
another embodiment provided by the present invention has the following advantages:
the embodiment of the invention encrypts the communication information and data accessed to the external equipment in the using process through the communication encryption module, and can decrypt the encrypted information data, so that the consistency of data input and output is ensured, the safety of the system is effectively improved, and the general classes of software and hardware supported by the system are more, so that the compatibility of the system is stronger, and the system has good cross-platform performance; moreover, the invention records the operation footprint of the system related operation through the directional audit module, provides timely warning information when the user violates the system safety rule, and can configure the audit rule, carry out centralized audit on the core file and report the core file uniformly.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a system framework diagram of a safety management system and a method according to an embodiment of the present invention.
Fig. 2 is a system framework diagram of a safety management system and method according to an embodiment of the present invention.
Fig. 3 is a system internal framework diagram of a safety management system and method according to an embodiment of the present invention.
Fig. 4 is a flowchart of a method of a safety management system and a method thereof according to an embodiment of the present invention.
The reference signs are: the system comprises a control module 1, an external equipment classifying module 2, an identification module 3, a connection module 4, a communication encryption module 5, a directional audit module 6, a manual control unit 7, an automatic control unit 8, a general class distinguishing unit 9, a similar class distinguishing unit 10, an individual distinguishing unit 11, an identification unit 12, a management and control unit 13, a connection port 14, a communication encryption unit 15, a communication decryption unit 16, an operation footprint recording unit 17, a rule configuration unit 18, a reporting unit 19 and a centralized audit unit 20.
Detailed Description
The embodiment of the invention provides a safety management and control system and a method, which are used for solving the technical problems that the safety management and control system in the prior art has more general management and control granularity for external equipment and has poorer management and control effect.
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a system framework diagram of a safety management system and a method according to an embodiment of the present invention.
The invention provides a safety management and control system, which comprises a connecting module 4, an identification module 3, an external equipment classification module 2 and a control module 1;
the connection module 4 is used for connecting external equipment to the safety management and control system, a connection port 14 is arranged on the connection module 4, and the external equipment is connected with the connection module 4 through the connection port 14.
The identification module 3 identifies the equipment accessed into the safety system, allows or forbids the external equipment to be accessed into the safety management and control system, and sends the information of the external equipment allowed to be accessed into the safety management and control system to the external equipment classification module 2;
the external equipment classification module 2 is used for distinguishing a general class of external equipment allowed to be accessed, distinguishing similar external equipment under the same general class, distinguishing different individuals of the similar external equipment and sending distinguishing information to the control module;
the control module 1 is used for manually controlling the external equipment allowed to be accessed and automatically controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
As a preferred embodiment, the identification module 3 includes an identification unit 12 and a management and control unit 13;
the identification unit 12 is configured to identify an accessed external device, and transmit identification information to the management and control unit 13;
the management and control unit 13 is configured to allow or prohibit the external device to access the security management and control system according to the identification information of the identification unit, and send external device information that allows the external device to access the security management and control system to the external device classification module 2.
Further, the working principle of the safety management and control system is explained as follows:
when the system runs, the control module 1 is used for selecting the control mode, controlling the accessed external equipment, distinguishing general classes of the accessed external equipment through the external equipment classification module 2, distinguishing similar external equipment of the same general class, distinguishing individuals of the similar external equipment, identifying the accessed external equipment through the identification module 3 to release or disable the external equipment, and accessing the external equipment into the system through the connection module 4, so that the control granularity of the system is thinner and the real-time performance is better.
As a preferred embodiment, the external device classifying module 2 includes a general classifying unit 9, a same-class classifying unit 10, and an individual classifying unit 11;
the general class distinguishing unit 9 is configured to distinguish a general class of an external device that is allowed to access;
the similar distinguishing unit 10 is used for distinguishing similar external devices under the same general class;
the individual distinguishing unit 11 is configured to distinguish different individuals of the same type of external device, and send distinguishing information to the control module 1 for distinguishing control.
The external device classification module 2 is specifically configured to perform general class classification on the external devices that are accessed by the connection module 4 and successfully released by the identification module 3 through the general class classification unit 9, to perform classification on the same type of external devices under the same general class through the similar classification unit 10, to perform classification on different individuals of the similar type of external devices through the individual classification unit 11, and to transmit classification information to the control module 1 for classification management and control.
As a preferred embodiment, the control module 1 comprises a manual control unit 7 and an automatic control unit 8;
the manual control unit 7 is used for realizing manual control of the external equipment allowed to be accessed;
the automatic control unit 8 is used for automatically detecting and controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
A manual control mode is selected through a manual control unit 7, a safety manager manually controls the required control equipment through a centralized control interface, the control operation is effective in real time, automatic control is realized through an automatic control unit 8, the safety manager pre-configures class strategies and individuals of the equipment to be controlled according to actual control requirements, and a main program of an external equipment control platform automatically monitors and controls the equipment to be controlled in real time according to a configuration library;
as a preferred embodiment, the security management and control system further includes a communication encryption module 5, where the communication encryption module 5 is configured to encrypt communication information and data sent by an access external device, and decrypt the encrypted information data.
As a preferred embodiment, the communication encryption module 5 includes a communication encryption unit 15 and a communication decryption unit 16;
the communication encryption unit 15 is used for encrypting communication information and data transmitted by accessing external equipment;
the communication decrypting unit 16 decrypts the encrypted information data.
The specific implementation mode is as follows: control module 1 is carrying out the in-process of management and control to external equipment, and communication encryption module 5 encrypts the communication information and the data of access external equipment through communication encryption unit 15, decrypts the information data through communication decryption unit 16 after encrypting, keeps unanimous when guaranteeing data input output, effectively improves the security of system to the software and hardware platform general class of the support of system is more, makes the compatibility of system stronger, has good cross platform nature.
As a preferred embodiment, the security management and control system further comprises a directed audit module 6, wherein the directed audit module 6 is configured to record an operation footprint of a related operation of the security management and control system, provide timely warning information when a user violates a system security rule, configure an audit rule, perform centralized audit on core files, and report the core files uniformly.
As a preferred embodiment, the targeted auditing module 6 includes an operation footprint recording unit 17, a rule configuration unit 18, a centralized auditing unit 20 and a reporting unit 19;
the footprint recording unit 17 is used for recording the operation footprint of the related operation of the safety management and control system;
the rule configuration unit 18 is used for configuring an audit rule of the safety management and control system;
the directional auditing module 6 performs auditing work according to the configuration rule of the rule configuration unit 18;
the centralized auditing unit 20 is used for auditing the current system log and service of the safety management and control system according to a set rule;
the reporting unit 19 reports the audited content uniformly.
The directional audit module 6 is specifically configured to record an operation footprint of a system related operation through an operation footprint recording unit 17, configure an audit rule in the security management and control system through a rule configuration unit 18, enable the directional audit module 6 to perform audit work according to the configuration rule, audit current system logs and services of the security management and control system according to a set rule through a centralized audit unit 20, and uniformly report audited contents through a reporting unit 19, wherein the directional audit module 6 includes system start or stop audit, process start or stop audit, and core file audit in an audit process.
The implementation mode is specifically as follows: the method comprises the steps of carrying out system starting or closing audit and process starting or stopping audit, configuring audit rules in a safety management and control system through a rule configuration unit 18, providing configuration files at a management end by default for configuration, facilitating audit related configuration of a user, enabling a directional audit module 6 to carry out audit work according to the configuration rules, recording operation footprints of system related operations through an operation footprint recording unit 17, auditing core files, auditing current system logs and services of the safety management and control system according to established rules through a centralized audit unit 20, uniformly reporting audited contents through a reporting unit 19, providing timely warning information when the user violates the system safety rules, further improving the system safety, and being wide in audit range and good in readability.
As a preferred embodiment, the elements recorded by the footprint recording unit include the name of an event which can be audited, the success or failure status of the event and security information, and the auditing process of the centralized auditing unit 20 includes system start or stop auditing, process start or stop auditing and core file auditing.
Example 2
As shown in fig. 4, a safety control method based on the above safety control system includes the following steps:
selecting a control mode of a safety management and control system;
connecting the external equipment to the safety management and control system;
identifying external equipment connected to the safety management and control system, and judging whether the external equipment is allowed or forbidden to be accessed into the safety management and control system;
the method comprises the steps of distinguishing a general class of external equipment which is allowed to be accessed into a safety management and control system, distinguishing similar external equipment under the same general class in a memorable way, and distinguishing different individuals of the similar external equipment; the accessed external equipment is allowed to be controlled;
and performing directional audit on the operation of the safety management and control system, and reporting an audit result.
Example 3
As shown in fig. 2 and 3, a safety management and control system with an equipment management and control function includes a control module 1, wherein a connection end of the control module 1 is provided with an external equipment classification module 2, a connection end of the external equipment classification module 2 is provided with an identification module 3, a connection end of the identification module 3 is provided with a connection module 4, the control module 1 includes a manual control unit 7 and an automatic control unit 8, the external equipment classification module 2 includes a general class distinguishing unit 9, a similar class distinguishing unit 10 and an individual distinguishing unit 11, the identification module 3 includes an identification unit 12 and a management and control unit 13, and the connection module 4 includes a connection port 14;
the control module 1 is used for selecting a pipe control mode and controlling the accessed external equipment;
the external equipment classification module 2 is used for distinguishing general classes of the accessed external equipment, distinguishing similar external equipment of the same general class and then distinguishing individuals of the similar external equipment;
the identification module 3 is used for identifying the accessed external equipment to realize the release or the forbidding of the external equipment;
the connection module 4 is used for connecting an external device into a system;
the control module 1 is specifically used for selecting a manual control mode through a manual control unit 7, a safety administrator manually controls the required control equipment through a centralized control interface, the control operation is effective in real time, automatic control is realized through an automatic control unit 8, the safety administrator pre-configures class strategies and individuals of the required control equipment according to actual control requirements, and a main program of an external equipment control platform automatically monitors and controls the equipment to be controlled in real time according to a configuration library;
the external device classification module 2 is specifically configured to perform general class classification on the external devices that are accessed by the connection module 4 and successfully released by the identification module 3 through the general class classification unit 9, to perform classification on the same type of external devices under the same general class through the similar classification unit 10, to perform classification on different individuals of the similar type of external devices through the individual classification unit 11, and to transmit classification information to the control module 1 for classification control;
the identification module 3 is specifically used for identifying the equipment accessed by the connection module 4 through the identification unit 12, then transmitting the identification information to the management and control unit 13, then releasing or forbidding the accessed external equipment through the management and control unit 13, and transmitting the released access data to the external equipment classification module 2;
the connection module 4 is specifically configured to access an external device to the system through the connection port 14, and transmit access data to the identification module 4.
The implementation mode is specifically as follows: when the system is used, a control mode of the system is selected firstly, manual control is carried out through a manual control unit 7 in a control module 1, a safety administrator carries out manual control on equipment to be controlled through a centralized control interface, the equipment is effective in real time after control operation, automatic control is realized through an automatic control unit 8, the safety administrator pre-configures class strategies and individuals of the equipment to be controlled according to actual control requirements, and a main program of an external equipment control platform automatically monitors and controls the equipment to be controlled in real time according to a configuration library; then, an external device is accessed into the system through a connection port 14 in the connection module 4, and the access data of the external device is transmitted to the identification module 3, the identification module 3 receives the access data, identifies the access device data through the identification unit 12, transmits the identification information to the control unit 13, then releases or disables the accessed external device through the control unit 13, and transmits the released access data to the external device classification module 2, the external device classification module 2 performs general class classification, such as USB/Ethernet, on the external device which is accessed by the connection module 4 and successfully released by the identification module 3 through the general class classification unit 9, and performs the similar device under the same general class through the similar classification unit 10, such as a storage class/printer under the USB general class, and performs the classification on different individuals of the similar device through the individual classification unit 11, for example, a certain single usb disk/printer, and transmits the distinguishing information to the control module 1 for distinguishing management and control, so that the management and control granularity of the invention is thinner and the real-time performance is better.
According to the safety management and control system with the device management and control function shown in fig. 2, the safety management and control system further comprises a communication encryption module 5, the communication encryption module 5 is arranged at the connecting end of the control module 1, and the communication encryption module 5 comprises a communication encryption unit 15 and a communication decryption unit 16;
the communication encryption module 5 is used for accessing communication information and data in the using process of the external device for encryption and decrypting the encrypted information data;
the communication encryption module 5 is specifically configured to encrypt communication information and data in the use process of accessing an external device through the communication encryption unit 15, and decrypt the encrypted information data through the communication decryption unit 16;
the system CPU is set to be a CPU above Intel i3, the system memory is not lower than 2G, the system resolution is not lower than 1024 x 768, the offline management and control and storage capacity of the system is not lower than 10000 sets of substation monitoring systems, and the system support software and hardware platforms comprise Intel x86_64, AMD64, megacore, godson, Redhat, Centos, Ubuntu and Freebsd.
The implementation mode is specifically as follows: when the system is used, in the process of controlling the external equipment by the control module 1, the communication encryption module 5 encrypts the communication information and data accessed to the external equipment through the communication encryption unit 15, and decrypts the encrypted information data through the communication decryption unit 16, so that the consistency of data input and output is ensured, the safety of the system is effectively improved, and the system has more general types of software and hardware platforms, so that the compatibility of the system is stronger and the cross-platform performance is good.
According to the safety management and control system with the equipment management and control function shown in fig. 2, the safety management and control system further comprises a directional audit module 6, the directional audit module 6 is arranged at the connecting end of the control module 1, and the directional audit module 6 comprises an operation footprint recording unit 17, a rule configuration unit 18, a reporting unit 19 and a centralized audit unit 20;
the directional audit module 6 is used for recording operation footprints of related operations of the system, providing timely warning information when a user violates a system safety rule, configuring audit rules, carrying out centralized audit on core files and reporting the core files uniformly;
the directed audit module 6 is specifically configured to record an operation footprint of a system related operation through an operation footprint recording unit 17, where recorded elements include an event name that can be audited, a success or failure state of an event, and security information, configure an audit rule in a system to be evaluated through a rule configuration unit 18, enable the directed audit module 6 to perform audit work according to the configuration rule, audit current system logs and services of the system to be evaluated according to a set rule through a centralized audit unit 20, and uniformly report audited contents through a reporting unit 19, and the directed audit module 6 includes system start or stop audit, process start or stop audit, and core file audit in an audit process.
The implementation mode is specifically as follows: when the invention is used, the invention can carry out system start or close audit and process start or stop audit, firstly, the audit rule in the system to be evaluated is configured through the rule configuration unit 18, the configuration file is provided at the management end by default to be convenient for the user to carry out the audit related configuration, so that the directed audit module 6 carries out the audit work according to the configuration rule, then the operation footprint of the related operation of the system is recorded through the operation footprint recording unit 17, the recorded elements comprise the name of the event which can be audited, the success or failure state of the event and the safety information, and the core file can be audited, simultaneously, the current system log and the service of the system to be evaluated can be audited according to the established rule through the centralized audit unit 20, the audited content can be reported uniformly through the reporting unit 19, and timely warning information can be provided when the user violates the system safety rule, the system safety is further improved, the auditing range is wide, and the readability is good.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A safety management and control system is characterized by comprising a connection module, an identification module, an external equipment classification module and a control module;
the connection module is used for connecting external equipment;
the identification module is used for identifying equipment accessed into the safety system, allowing or forbidding external equipment to be accessed into the safety management and control system, and sending external equipment information allowing the external equipment to be accessed into the safety management and control system to the external equipment classification module;
the external equipment classification module is used for distinguishing a general class of external equipment allowed to be accessed, distinguishing similar external equipment under the same general class, distinguishing different individuals of the similar external equipment and sending distinguishing information to the control module;
the control module is used for manually controlling the external equipment allowed to be accessed and automatically controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
2. The safety management and control system according to claim 1, wherein the identification module comprises an identification unit and a management and control unit;
the identification unit is used for identifying the accessed external equipment and sending identification information to the control unit;
the management and control unit is used for allowing or forbidding the external equipment to be accessed into the safety management and control system according to the identification information of the identification unit and sending the external equipment information allowing the external equipment to be accessed into the safety management and control system to the external equipment classification module.
3. The safety management and control system of claim 2, wherein the external device classification module comprises a general classification unit, a similar classification unit and an individual classification unit;
the general class distinguishing unit is used for distinguishing general classes of the external equipment which is allowed to be accessed;
the similar distinguishing unit is used for distinguishing similar external equipment under the same general class;
the individual distinguishing unit is used for distinguishing different individuals of the same type of external equipment and sending distinguishing information to the control module for distinguishing control.
4. The safety management and control system of claim 3, wherein the control module comprises a manual control unit and an automatic control unit;
the manual control unit is used for realizing manual control of the external equipment allowed to be accessed;
the automatic control unit is used for automatically detecting and controlling the external equipment allowed to be accessed in real time according to the pre-configuration.
5. The system according to claim 1, further comprising a communication encryption module for encrypting and decrypting communication information and data accessed to the external device during use.
6. The system according to claim 5, wherein the communication encryption module comprises a communication encryption unit and a communication decryption unit;
the communication encryption unit is used for encrypting communication information and data sent by the external equipment allowed to be accessed;
the communication decryption unit is used for decrypting the encrypted information data.
7. The safety management and control system according to claim 6, further comprising a directional audit module, wherein the directional audit module is used for recording operation footprints of related operations of the safety management and control system, configuring audit rules, and centrally auditing core files and reporting the core files in a unified manner.
8. The system of claim 7, wherein the targeted audit module comprises an operation footprint recording unit, a rule configuration unit, a centralized audit unit and a reporting unit;
the footprint recording unit is used for recording the operation footprint of the related operation of the safety management and control system;
the rule configuration unit is used for configuring an audit rule of the safety management and control system;
the directional audit module is used for carrying out audit work according to the configuration rule of the rule configuration unit;
the centralized auditing unit is used for auditing the current system log and service of the safety management and control system according to a set rule;
the reporting unit is used for reporting the audited content in a unified way.
9. The system according to claim 8, wherein the elements recorded by the footprint record unit comprise event names which can be audited, the success or failure status of the events and security information, and the centralized audit unit audit process comprises system start or stop audit, process start or stop audit and core file audit.
10. A safety control method based on the safety control system of claim 9, comprising the steps of:
selecting a control mode of a safety management and control system;
connecting the external equipment to the safety management and control system;
identifying external equipment connected to the safety management and control system, and judging whether the external equipment is allowed or forbidden to be accessed into the safety management and control system;
the method comprises the steps of distinguishing a general class of external equipment which is allowed to be accessed into a safety management and control system, distinguishing similar external equipment under the same general class in a memorable way, and distinguishing different individuals of the similar external equipment; the accessed external equipment is allowed to be controlled;
and performing directional audit on the operation of the safety management and control system, and reporting an audit result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911383624.5A CN111007783A (en) | 2019-12-28 | 2019-12-28 | Safety management and control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911383624.5A CN111007783A (en) | 2019-12-28 | 2019-12-28 | Safety management and control system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111007783A true CN111007783A (en) | 2020-04-14 |
Family
ID=70119490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911383624.5A Pending CN111007783A (en) | 2019-12-28 | 2019-12-28 | Safety management and control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111007783A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512360A (en) * | 2002-12-31 | 2004-07-14 | 台均实业有限公司 | Safety authentication method for movable storage device and read and write identification device |
| CN102760104A (en) * | 2012-06-25 | 2012-10-31 | 成都卫士通信息产业股份有限公司 | USB (Universal Serial Bus) equipment control method |
| CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
| CN105718825A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Method and device for detecting malicious USB equipment |
| CN107222477A (en) * | 2017-05-27 | 2017-09-29 | 国网山东省电力公司 | A kind of equipment access identification Verification System and method |
| CN108881105A (en) * | 2017-05-08 | 2018-11-23 | 中车株洲电力机车研究所有限公司 | A kind of method and system of connection setup |
| CN108920305A (en) * | 2018-06-20 | 2018-11-30 | 中广核工程有限公司 | A kind of USB device access risk checking method and device based on distribution book keeping operation |
| CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
| CN109359489A (en) * | 2018-10-20 | 2019-02-19 | 国网安徽省电力有限公司蚌埠供电公司 | A kind of detection of computer USB device access and method for early warning |
| CN109543475A (en) * | 2018-10-29 | 2019-03-29 | 北京博衍思创信息科技有限公司 | A kind of circumscribed terminal protection equipment and guard system |
| CN109905292A (en) * | 2019-03-12 | 2019-06-18 | 北京奇虎科技有限公司 | A kind of terminal device recognition methods, system and storage medium |
-
2019
- 2019-12-28 CN CN201911383624.5A patent/CN111007783A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512360A (en) * | 2002-12-31 | 2004-07-14 | 台均实业有限公司 | Safety authentication method for movable storage device and read and write identification device |
| CN102760104A (en) * | 2012-06-25 | 2012-10-31 | 成都卫士通信息产业股份有限公司 | USB (Universal Serial Bus) equipment control method |
| CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
| CN105718825A (en) * | 2015-11-16 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Method and device for detecting malicious USB equipment |
| CN108881105A (en) * | 2017-05-08 | 2018-11-23 | 中车株洲电力机车研究所有限公司 | A kind of method and system of connection setup |
| CN107222477A (en) * | 2017-05-27 | 2017-09-29 | 国网山东省电力公司 | A kind of equipment access identification Verification System and method |
| CN108920305A (en) * | 2018-06-20 | 2018-11-30 | 中广核工程有限公司 | A kind of USB device access risk checking method and device based on distribution book keeping operation |
| CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
| CN109359489A (en) * | 2018-10-20 | 2019-02-19 | 国网安徽省电力有限公司蚌埠供电公司 | A kind of detection of computer USB device access and method for early warning |
| CN109543475A (en) * | 2018-10-29 | 2019-03-29 | 北京博衍思创信息科技有限公司 | A kind of circumscribed terminal protection equipment and guard system |
| CN109905292A (en) * | 2019-03-12 | 2019-06-18 | 北京奇虎科技有限公司 | A kind of terminal device recognition methods, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2345977B1 (en) | Client computer for protecting confidential file, server computer therefor, method therefor, and computer program | |
| CN101430752B (en) | Sensitive data switching control module and method for computer and movable memory device | |
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| CN105978871A (en) | Communication protection device for numerical control system | |
| CN104581008B (en) | A kind of video monitoring system information security protection system and method | |
| EP1590916A2 (en) | Adaptive transparent encryption | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN102110201B (en) | System for monitoring and auditing compact disc burning | |
| CN110011848A (en) | A kind of mobile O&M auditing system | |
| CN103973715B (en) | Cloud computing security system and method | |
| CN114844673B (en) | Data security management method | |
| CN204465588U (en) | A kind of host monitor based on server architecture and auditing system | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN102143168A (en) | Linux platform-based server safety performance real-time monitoring method and system | |
| CN108390857A (en) | A kind of method and apparatus of high sensitive network to low sensitive network export | |
| CN106203130B (en) | A kind of transparent encipher-decipher method based on Intelligent Dynamic driving layer | |
| CN204680024U (en) | Computer security based on dynamic human face recognition technology is taken precautions against and early warning system | |
| CN103824014A (en) | Isolation certificating and monitoring method of USB (universal serial bus) port within local area network | |
| CN112671719A (en) | Network security isolation method and device based on data stripping and construction method thereof | |
| CN112307441A (en) | Computer software protection system | |
| CN111007783A (en) | Safety management and control system and method | |
| Papa et al. | Availability based risk analysis for SCADA embedded computer systems | |
| CN105162803A (en) | Safe information output method and safe information output system of secret-relating network | |
| CN106131809B (en) | Mobile terminal flow monitoring method | |
| CN105335661B (en) | USB device monitoring method and device based on USB interface granularity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 501-503, annex building, Huaye building, No.1-3 Chuimao new street, Xihua Road, Yuexiu District, Guangzhou City, Guangdong Province 510000 Applicant after: China Southern Power Grid Power Technology Co.,Ltd. Address before: Room 501-503, annex building, Huaye building, No.1-3 Chuimao new street, Xihua Road, Yuexiu District, Guangzhou City, Guangdong Province 510000 Applicant before: GUANGDONG ELECTRIC POWER SCIENCE RESEARCH INSTITUTE ENERGY TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200414 |
|
| RJ01 | Rejection of invention patent application after publication |