CN111786958B - Industrial data safety protection system based on industrial internet technology - Google Patents
Industrial data safety protection system based on industrial internet technology Download PDFInfo
- Publication number
- CN111786958B CN111786958B CN202010522562.8A CN202010522562A CN111786958B CN 111786958 B CN111786958 B CN 111786958B CN 202010522562 A CN202010522562 A CN 202010522562A CN 111786958 B CN111786958 B CN 111786958B
- Authority
- CN
- China
- Prior art keywords
- computer terminal
- protection system
- pct
- security protection
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of industrial data security under industrial Internet, and discloses an industrial data security protection system of industrial Internet technology, which comprises: any cloud computing server CCS deployed in industrial Internet system i Cloud authentication server CAS running with data security protection system software and deployed in industrial Internet system V The CCS runs with data security protection system software and is used for accessing any cloud computing server in the industrial Internet system i Computer terminal PCT ui (ii) a PCT for data security protection system to computer terminal ui The user identity is subjected to security authentication, and only the computer terminal PCT ui The identity of the computer terminal is authenticated by the security of the data security protection system to allow the computer terminal to have a PCT ui CCS (computer communications System) for accessing any cloud computing server in industrial Internet system i And industrial data stored thereon. The invention solves the technical problem that the safety of industrial data flowing in the industrial Internet is difficult to be effectively protected by means of single-point and discrete data protection measures at present.
Description
Technical Field
The invention relates to the technical field of industrial data security under an industrial internet, in particular to an industrial data security protection system based on an industrial internet technology.
Background
The industrial internet realizes the interconnection and intercommunication of a whole system, a whole industrial chain and a whole life cycle. Meanwhile, the realization of interconnection breaks through the relatively closed and credible production environment of the traditional industry, so that the attack path is greatly increased. The field control layer, the centralized scheduling layer and the enterprise management layer directly carry data communication through Ethernet or even the Internet, and more production components and services are directly or indirectly connected with the Internet. An attacker can possibly attack or spread viruses on the industrial internet from a research and development end, a management end, a consumption end and a production end, which directly causes the difficulty in protecting the data of the industrial internet to be increased. The industrial internet has various data types and protection requirements, and the data flow direction and path are complex. Research and development design data, internal production management data, operation control data, enterprise external data and the like can be distributed on a large data platform, a user side, a production terminal, a design server and other facilities, and the safety of industrial data flowing in the industrial internet is difficult to effectively protect only by single-point and discrete data protection measures.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an industrial data security protection system based on an industrial internet technology, which aims to solve the technical problem that the security of industrial data flowing in an industrial internet is difficult to be effectively protected by means of single-point and discrete data protection measures at present.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an industrial data security protection system based on industrial internet technology, comprising: any cloud computing server CCS deployed in industrial Internet system i Cloud authentication server CAS running with data security protection system software and deployed in industrial Internet system V The CCS runs with data security protection system software and is used for accessing any cloud computing server CCS in the industrial Internet system i Computer terminal PCT ui ;
Computer terminal PCT ui With cloud computing server CCS i Carrying out communication connection, and carrying out CCS (communication center server) i With cloud authentication server CAS V Carrying out communication connection, cloud authentication server CAS V PCT with computer terminal ui Carrying out communication connection;
operating in a cloud authentication server CAS V PCT for computer terminal by data security protection system ui The user identity of (2) is subjected to security authentication, and the authentication method comprises the following steps:
the method comprises the following steps: computer terminal PCT ui At cloud authentication server CAS V The user registration is performed on the data security protection system, which specifically comprises the following steps:
firstly, the data security protection system pops up a registration page and a computer terminal PCT ui A dialog box for interactive communication;
computer terminal PCT in interactive communication dialog box ui Selecting a large integer N ═ PQ, where P and Q are both large prime numbers, and a ═ P-1, b ═ Q-1, and a and b are also prime numbers, for which integer N, ((N) ═ P-1) (Q-1) is known, and taking h as h
Selecting a random number k belongs to Z φ(N) ;
Computer terminal PCT ui Selecting a number X of m secrets 1 、X 2 …X m As private key PSK ui Then calculate
To obtain Y 1 、Y 2 …Y m As a public key SSK ui ;
Fourth, computer terminal PCT ui Will be N, Y i H, disclosing the data security protection system;
step two: PCT (personal computer) of data security protection system for computer terminal ui The user identity is subjected to security authentication, and the specific authentication process is as follows:
data safety protection system and computer terminal PCT on authentication page ui Performing interactive communication;
computer terminal PCT ui Selecting a random number R, calculating beta-h R*R mod N,γ=h k*k mod N, computer terminal PCT ui Sending (beta, gamma) to a data security protection system;
after receiving (beta, gamma, N), the data security protection system sets B as B 1 b 2 …b m Sending to a computer terminal PCT ui (ii) a Wherein, b i Is a randomly generated 0 or 1, i.e. b i ∈{0,1},i=1,2…m;
Computer terminal PCT ui After receiving B, pair B i And (4) carrying out verification:
suppose b i If the data does not belong to {0, 1}, the data is rejected if the data safety protection system uses a wrong protocol;
suppose b i If the number belongs to {0, 1}, the computer terminal PCT ui Computing
Wherein
Sending the delta to a data security protection system;
after receiving delta, the data safety protection system processes δ*δ =β D mod N for verification:
if the equation γ δ*δ =β D mod N is established, wherein
Receiving the authentication, starting a new round of authentication, and executing t times from the step II to the step V;
after successful authentication for t times, the data security protection system passes through a computer terminal PCT ui The identity authentication of (1).
Preferably, the cloud authentication server CAS V PCT for computer terminal by data security protection system ui The user identity is subjected to security authentication, and only the computer terminal PCT ui The identity of the computer terminal is authenticated by the security of the data security protection system to allow the computer terminal to have a PCT ui Accessing any cloud computing server CCS in industrial Internet system i And industrial data stored thereon.
Preferably, in the second step, the authentication from the second step to the fifth step is performed for t times, and if a certain round of authentication fails, the computer terminal PCT is proved ui Private key PSK is not known ui The entire authentication process is immediately ended.
Preferably, the parameter m is more than or equal to 8, and the parameter t is more than or equal to 9.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the invention aims to effectively protect the security of industrial data flowing in the industrial Internet when a computer terminal PCT ui CCS to any cloud computing server in industrial internet system i When sending the access request, the CAS runs on the cloud authentication server V The data security protection system on the computer starts to perform PCT on the computer terminal ui The user identity is subjected to security authentication;
and only a computerTerminal PCT ui The identity of the computer terminal is authenticated by the security of the data security protection system to allow the computer terminal to have a PCT ui Accessing any cloud computing server CCS in industrial Internet system i Industrial data stored thereon;
therefore, the technical effect of uniformly and centrally protecting the safety of the industrial data stored in the industrial Internet system is realized;
therefore, the problem that the safety of industrial data flowing in the industrial internet is difficult to effectively protect by means of single-point and discrete data protection measures at present is solved.
2. In the invention, other users C do not know the PCT of the computer terminal ui Private key PSK ui Guessing at all b i Has a probability of
The probability of t successive guesses being only
I.e. security of authentication protocol and 2 -m*t In proportion, the cheating success rate of 10E (-9) in reality is enough to defeat the adventure, and the identity validity and authenticity are guaranteed.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
An industrial data security protection system based on industrial internet technology, comprising: cloud computing server CCS deployed in industrial Internet system and distributed at research and development end yf And the CCS is deployed in the industrial Internet system and distributed at the production management end sg And the CCS is deployed in the industrial Internet system and distributed at the operation control end ck And the CCS is deployed in the industrial Internet system and distributed at a consumption end xf Cloud authentication server CAS running with data security protection system software and deployed in industrial Internet system V The CCS runs with data security protection system software and is used for accessing any cloud computing server CCS in the industrial Internet system i Computer terminal PCT ui ;
Computer terminal PCT ui Through network communication equipment and any cloud computing server CCS in industrial internet system i Any cloud computing server CCS in industrial internet system for communication connection i Through network communication equipment and cloud authentication server CAS V Carrying out communication connection, cloud authentication server CAS V PCT (personal computer) between data security protection system and computer terminal through network communication equipment ui Carrying out communication connection;
for effectively protecting the security of industrial data flowing in the industrial internet, when the computer terminal PCT ui CCS to any cloud computing server in industrial internet system i When sending the access request, the CAS operates on the cloud authentication server V The data security protection system on (2) starts to perform PCT on the computer terminal ui The user identity of the user is subjected to security authentication;
and only a computer terminal PCT ui Passes through the CAS operating on the cloud authentication server V The security authentication of the data security protection system allows the computer terminal PCT ui Accessing any cloud computing server CCS in industrial Internet system i Industrial data stored thereon;
therefore, the technical effect of uniformly and centrally protecting the safety of the industrial data stored in the industrial Internet system is realized;
operating in a cloud authentication server CAS V PCT for computer terminal by data security protection system ui The user identity of (2) is subjected to security authentication, and the authentication method comprises the following steps:
the method comprises the following steps: computer terminal PCT ui At cloud authentication server CAS V Data security ofThe method for registering the user on the protection system specifically comprises the following steps:
firstly, the data security protection system pops up a registration page and a computer terminal PCT ui A dialog box for interactive communication;
computer terminal PCT in interactive communication dialog box ui The integer N is chosen where P and Q are both large prime numbers, and a is P-1, b is Q-1, and a and b are also prime numbers, and for this integer N, it is known that (N) is (P-1) (Q-1), and h is taken to be
Selecting a random number k belonging to Z φ(N) ;
Computer terminal PCT ui Selecting a number X of m secrets 1 、X 2 …X m (m is more than or equal to 8) as a private key PSK ui Then calculate
To obtain Y 1 、Y 2 …Y m (m is more than or equal to 8) can be used as a public key SSK ui ;
Computer terminal PCT ui Will take value N, Y i H, disclosing the data security protection system;
step two: running on a cloud authentication server CAS V PCT for computer terminal by data security protection system ui The user identity is subjected to security authentication, and the specific authentication process is as follows:
firstly, the data security protection system pops up the PCT with the computer terminal on the authentication page ui A dialog box for interactive communication;
computer terminal PCT ui Selecting a random number R, calculating beta-h R*R mod N,λ=h k*k mod N, computer terminal PCT ui Sending (beta, gamma, N) to a data security protection system;
after receiving (beta, gamma, N), the data safety protection system sets B equal to B 1 b 2 …b m Sending to a computer terminal PCT ui (ii) a Wherein, b i Is randomly generated 0 orIs 1, i.e. b i ∈{0,1},i=1,2…m;
Fourth, computer terminal PCT ui After receiving B, pair B i And (3) carrying out verification:
suppose b i If the data does not belong to {0, 1}, the data safety protection system is rejected if the used protocol is not correct;
suppose b i If the terminal belongs to {0, 1}, then the computer terminal PCT ui Computing
Wherein
Sending the delta to a data security protection system;
after receiving delta, the data safety protection system processes gamma δ*δ =β D mod N for verification:
if the equation γ δ*δ =β D mod N holds, where
Then the authentication is accepted, a new round of authentication is started, and t (t is more than or equal to 9) times are executed from the step II to the step V;
after successful authentication t times, the computer terminal PCT is certified ui Number X knowing m secrets 1 、X 2 …X m This private key PSK ui At this time, the data security protection system passes through the computer terminal PCT ui The identity authentication of (2);
sixthly, in the authentication process of executing t (t is more than or equal to 9) times from the step two to the step five, if a certain round of authentication fails, the computer terminal PCT is proved ui Number X without knowledge of m secrets 1 、X 2 …X m This private key PSK ui The whole authentication process is finished immediately, and at the moment, the data security protection system refuses to pass through the computer terminal PCT ui The identity authentication of (2);
wherein the other users C disguise as computer terminals PCT ui Spoof data security protectionPossibility of system, user C not knowing computer terminal PCT ui Private key PSK ui I.e. secret number X i He can also take the random number R, and change beta to h R*R mod N,λ=h k*k mod N is sent to a data security protection system, the data security protection system sends B to a user C, and the user C guesses all B at the moment i Has a probability of
The probability of t consecutive guesses is only
That is, it is almost impossible for the other users C to masquerade as computer terminals PCT ui Authentication of a data security protection system is cheated;
security of the above Security authentication protocol and 2 -m*t In proportion, in reality, the success rate of 10E (-9) cheating is enough to defeat an adversary, and the identity validity and authenticity are ensured, wherein m is generally 8, and t is 9; during the mutual authentication between users, the operations are only modular operation and product operation, and the required calculation amount is 1-2 orders of magnitude smaller than the whole modular multiplication operation times required by RSA key operation.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. An industrial data security protection system based on industrial internet technology, comprising: any cloud computing server CCS deployed in industrial Internet system i Cloud authentication server CAS running with data security protection system software and deployed in industrial Internet system V The CCS runs with data security protection system software and is used for accessing any cloud computing server CCS in the industrial Internet system i Computer terminal PCT ui ;
Computer terminal PCT ui With cloud computing server CCS i Carrying out communication connection, and carrying out CCS (communication center server) i With cloud authentication server CAS V Carrying out communication connection, cloud authentication server CAS V PCT with computer terminal ui Carrying out communication connection;
operating in a cloud authentication server CAS V Data security protection system software on computer terminal PCT ui The user identity of (2) is subjected to security authentication, and the authentication method comprises the following steps:
the method comprises the following steps: computer terminal PCT ui In a cloud authentication server CAS V The user registration is performed on the data security protection system software, and specifically comprises the following steps:
popping up data security protection system software on registration page and computer terminal PCT ui A dialog box for interactive communication;
computer terminal PCT in interactive communication dialog box ui Selecting a large integer N ═ PQ, where P and Q are both large prime numbers, and a ═ P-1, b ═ Q-1, and a and b are also prime numbers, for which integer N, ((N) ═ P-1) (Q-1) is known, and taking h as h
Selecting a random number k belonging to Z φ(N) ;
Third, computer terminal PCT ui Selecting a number X of m secrets 1 、X 2 …X m As private key PSK ui Then calculate
To obtain Y 1 、Y 2 …Y m As a public key SSK ui ;
Fourth, computer terminal PCT ui Will take value N, Y i H, disclosing the data security protection system;
step two: PCT (personal computer) of data security protection system for computer terminal ui The user identity of the user is subjected to security authentication, and the specific authentication processComprises the following steps:
data safety protection system and computer terminal PCT on authentication page ui Performing interactive communication;
computer terminal PCT ui Selecting a random number R, calculating beta-h R*R mod N,γ=h k*k mod N, computer terminal PCT ui Sending (beta, gamma, N) to a data security protection system;
after receiving (beta, gamma, N), the data security protection system sets B as B 1 b 2 …b m Sending to a computer terminal PCT ui (ii) a Wherein, b i Is a randomly generated 0 or 1, i.e. b i ∈{0,1},i=1,2…m;
Fourth, computer terminal PCT ui After receiving B, pair B i And (4) carrying out verification:
suppose b i If the data does not belong to {0, 1}, the data safety protection system is rejected if the used protocol is not correct;
suppose b i If the number belongs to {0, 1}, the computer terminal PCT ui Calculating out
Wherein
Sending the delta to a data security protection system;
after receiving delta, the data safety protection system processes gamma δ*δ =β D mod N for verification:
if the equation γ δ*δ =β D mod N holds, where
Receiving the authentication, starting a new round of authentication, and executing t times from the step II to the step V;
after successful authentication for t times, the data security protection system passes through a computer terminal PCT ui The identity authentication of (1).
2. The industrial internet technology-based industrial data security protection system according to claim 1, wherein the cloud authentication server CAS V PCT (PCT) of data security protection system software to computer terminal ui The user identity is subjected to security authentication, and only the computer terminal PCT ui The identity of the computer terminal is authenticated by the security of the data security protection system to allow the computer terminal to have a PCT ui Accessing any cloud computing server CCS in industrial Internet system i And industrial data stored thereon.
3. The industrial data security protection system based on industrial internet technology as claimed in claim 2, wherein in the second step, the authentication from the second step to the fifth step is performed t times, and if one round of authentication fails, the PCT of the computer terminal is proved ui Private key PSK is not known ui The entire authentication process is immediately ended.
4. The industrial data security protection system based on the industrial internet technology as claimed in claim 3, wherein the parameter m is greater than or equal to 8, and the parameter t is greater than or equal to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010522562.8A CN111786958B (en) | 2020-06-10 | 2020-06-10 | Industrial data safety protection system based on industrial internet technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010522562.8A CN111786958B (en) | 2020-06-10 | 2020-06-10 | Industrial data safety protection system based on industrial internet technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111786958A CN111786958A (en) | 2020-10-16 |
| CN111786958B true CN111786958B (en) | 2022-08-19 |
Family
ID=72755789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010522562.8A Active CN111786958B (en) | 2020-06-10 | 2020-06-10 | Industrial data safety protection system based on industrial internet technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111786958B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112800369A (en) * | 2021-01-27 | 2021-05-14 | 海尔数字科技(青岛)有限公司 | Data access method based on industrial internet and industrial internet integrated system |
| CN113556329A (en) * | 2021-07-06 | 2021-10-26 | 广东轻工职业技术学院 | Industrial data safety protection system of industrial internet technology |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
| CN111031365A (en) * | 2020-01-13 | 2020-04-17 | 祖晓宏 | User authentication system suitable for cloud broadcast television network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101314514B1 (en) * | 2011-09-29 | 2013-11-21 | 이청종 | Cloud system enhanced security and Security management method thereby |
-
2020
- 2020-06-10 CN CN202010522562.8A patent/CN111786958B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
| CN111031365A (en) * | 2020-01-13 | 2020-04-17 | 祖晓宏 | User authentication system suitable for cloud broadcast television network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111786958A (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111786958B (en) | Industrial data safety protection system based on industrial internet technology | |
| CN107342990A (en) | A kind of attribute base net network ring signatures method of distributed authorization | |
| CN106506165B (en) | Fictitious assets anonymity sort method based on homomorphic cryptography | |
| CN111447065B (en) | Active and safe SM2 digital signature two-party generation method | |
| CN115688185B (en) | Multiparty privacy summation method, multiparty privacy summation device, electronic equipment and storage medium | |
| CN111294796A (en) | Smart phone login management system based on zero-knowledge proof | |
| CN112437049A (en) | BFT-based block chain consensus method and device | |
| CN113779606A (en) | Information verification method and system for reducing privacy disclosure risk | |
| CN111711607B (en) | Block chain-based flow type micro-service trusted loading and verifying method | |
| CN111935067A (en) | Enterprise user identity authentication system based on cloud computing technology | |
| JP2022051652A (en) | Credibility verification system for digital asset data packet | |
| CN111901118A (en) | Port enterprise security authentication system based on mobile internet | |
| CN109104410A (en) | A kind of matching process and device of information | |
| CN101582761B (en) | Identity authentication method adopting password firewall | |
| CN113704716A (en) | Application method of zero-knowledge proof in block chain data privacy calculation | |
| Karmakar et al. | A PUF and Fuzzy Extractor-Based UAV-Ground Station and UAV-UAV authentication mechanism with intelligent adaptation of secure sessions | |
| CN115314205B (en) | Collaborative signature system and method based on key segmentation | |
| CN113507366B (en) | Grid-based searchable log blind signature scheme | |
| CN109617691B (en) | Group authentication method and system using modulo operation in multi-user group authentication | |
| CN111262848A (en) | Access control system based on block chain account encryption | |
| CN111898112B (en) | Intellectual property trading platform based on block chain technology | |
| CN111915466A (en) | Intelligent community service complaint reporting platform | |
| Sudhakar et al. | Secured mutual authentication between two entities | |
| Lin | Faceless: A cross-platform private payment scheme for human-readable identifiers | |
| CN114050905B (en) | Asynchronous firmware authentication method for Internet of things group |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220729 Address after: Room 510, No. 1 Kaiyuan Street, Daqing Economic and Technological Development Zone, Jeanhu Road District, Heilongjiang Province Applicant after: ZHENGXIAN TECHNOLOGY Co.,Ltd. Address before: 721000 No. 55, renbaizhuang village, Shoushan Town, Mei County, Baoji City, Shaanxi Province Applicant before: Liu Luzhan |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |