CN111818053B - Numerical control machine tool safety system with identity authentication and safety communication gateway and method - Google Patents

Numerical control machine tool safety system with identity authentication and safety communication gateway and method Download PDF

Info

Publication number
CN111818053B
CN111818053B CN202010657207.1A CN202010657207A CN111818053B CN 111818053 B CN111818053 B CN 111818053B CN 202010657207 A CN202010657207 A CN 202010657207A CN 111818053 B CN111818053 B CN 111818053B
Authority
CN
China
Prior art keywords
information
user
numerical control
machine tool
communication gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010657207.1A
Other languages
Chinese (zh)
Other versions
CN111818053A (en
Inventor
汤学明
覃盛
路松峰
崔永泉
骆婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202010657207.1A priority Critical patent/CN111818053B/en
Publication of CN111818053A publication Critical patent/CN111818053A/en
Application granted granted Critical
Publication of CN111818053B publication Critical patent/CN111818053B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Numerical Control (AREA)

Abstract

The invention belongs to the technical field of network security, and discloses a numerical control machine security system with identity authentication and a secure communication gateway and a method thereof, wherein the numerical control machine security control method with the identity authentication and the secure communication gateway comprises the steps of realizing the secure access of a numerical control machine and the information acquisition of a user to the numerical control machine by configuring a numerical control machine adapter, a secure gateway and an agent; the gateway part divides the equipment and the users according to user groups, changes the access authority of the user-equipment, and the users acquire the information of the specific machine tool equipment under the authorization of the administrator. The numerical control machine tool safety technology with the identity authentication and the safety communication gateway provides an idea of accessing the numerical control machine tool into a management system, and by distinguishing a system administrator and a group administrator and separating equipment grouping from in-group management work, the equipment connection and management efficiency of the numerical control machine tool can be effectively improved, and the cluster management cost of the numerical control machine tool is reduced.

Description

Numerical control machine tool safety system with identity authentication and safety communication gateway and method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a numerical control machine security system with identity authentication and a secure communication gateway and a method thereof.
Background
At present, in a workshop, in order to realize control and management of numerical control machines, a traditional numerical control system is used, in the traditional numerical control system, a proprietary communication protocol is used for one-to-one communication between each numerical control machine and a manipulator, managers need to manage a plurality of machine tools respectively, and incompatible conditions exist among devices.
In the existing numerical control system, a manager has low data acquisition efficiency on the numerical control machine, the distribution and recovery of user permission are difficult to carry out, users cannot be grouped, remote numerical control machine data access is difficult to realize, and the numerical control system has the problem of high applicability in the management of one-to-many numerical control machines.
The reasons for this problem are: data acquisition of the numerical control machine tool needs to be carried out one-to-one, the acquired data needs to be copied in a hard disk mode, the data cannot be copied or lost in the transmission process, and users with different authorities can access the authorities; in addition, because of numerous communication protocols, remote access to machine tool information is difficult to realize, and information safety risks exist; in terms of user management, the management of users is inconvenient, and the granting authority and the recovery authority both depend on a mode of configuring numerical control equipment in a one-to-one mode and are difficult to implement in an actual environment.
Through the above analysis, the problems and defects of the prior art are as follows: the information access of the existing numerical control machine tool system is not limited by authentication, and the user has the authentication problem on the data access; information leakage or information interception and duplication are easily caused in the data transmission process, and the communication safety problem exists; the user management is difficult, the user authority cannot be uniformly issued and recovered, and the access control problem exists; the remote management system is difficult to establish, and the problem of private communication protocol communication needs to be solved.
The difficulty in solving the above problems and defects is:
authentication issues and communication security issues: in the prior art, data transmission depends on a hard disk for physical transmission, the content of the hard disk is stored in an unencrypted or encrypted mode, anyone can copy and look up the content in the unencrypted mode, and the authentication of the user identity is difficult to provide on the premise of encryption, namely the authentication problem is difficult to realize;
personnel management and access control issues: in the prior art, access control is realized by configuring a manager of each numerical control machine tool, and the configuration mode determines that a manager needs to perform a large amount of operations in user management, so that authorities are difficult to organize and distribute in a better organization structure logic organization and the authorities are difficult to recover;
remote management problem: the communication protocol used for the communication between the numerical control machine tool and the numerical control system is a private protocol, and the heterogeneous structure of multiple protocols of multiple devices makes the remote management scheme difficult to realize.
The significance of solving the problems and the defects is as follows:
in the management of the numerical control machine tool, a system administrator hopes to group machine tool users, appoints a second-level administrator in a group, and distributes authority details in the group by the group administrator, so that the management cost of a large number of operators of the numerical control machine tool can be effectively reduced, and the production efficiency is effectively improved;
in the access of the numerical control machine tool, an operator has the requirement of remotely accessing numerical control machine tool data, gateway access, namely the realization of a remote unified access mode, is carried out on the numerical control machine tool, the management of a plurality of machine tools can be simultaneously carried out, in the process, the collection convenience of the data of the plurality of machine tools is also improved, and the data analysis becomes possible.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a numerical control machine safety system with identity authentication and a safety communication gateway and a method thereof.
The invention is realized in this way, a numerical control machine security method with identity authentication and security communication gateway, comprising:
the method comprises the steps that a numerical control machine tool adapter, a safety gateway and an agent are configured to obtain the safety access of the numerical control machine tool and the information of a user on the numerical control machine tool; the security gateway divides the equipment and the user side according to the user group, changes the access authority of the user-equipment, and acquires the information of the specific machine tool equipment under the authorization condition of the system administrator side.
Further, the numerical control machine tool safety control method with the identity authentication and safety communication gateway comprises the following steps:
firstly, initializing and presetting an authentication information database in a gateway by a system, and establishing a system administrator end for changing database information;
secondly, a system administrator end creates user group information, a group administrator and group user information, imports numerical control machine tool equipment information and group administrator information, and initially sets user-machine tool access authority;
step three, configuring a user side for connecting gateway message service, setting an authentication mode, and issuing a certificate for safe communication;
deploying adapters for realizing access strategies of different security levels on the numerical control machine tool, wherein the adapters write authentication information accessed to the security gateway through configuration files;
step five, configuring an agent at a user side, wherein the agent writes authentication information required by access gateway connection;
step six, judging whether the authentication information written in the step four and the step five meets the requirements, if so, acquiring corresponding access authority by the user side;
and step seven, the user side accesses the information of the numerical control machine tool through the safety connection with the gateway based on the access authority acquired in the step six, the gateway limits the access according to the group where the user side is located, and the adapter provides corresponding information according to the authority level of the user side.
Further, the entity of the authentication information exists in the gateway, and comprises user authentication information and user group information;
the user authentication information comprises a user ID, a login password and other related information;
the user group information comprises group member information, group equipment information and member-to-equipment authority information.
Further, the method for controlling the safety of the numerical control machine tool with the identity authentication and the safety communication gateway further comprises the following steps:
the gateway judges whether the authentication information of the user side and the adapter is the access authentication information set in the system initialization process, and if so, the communication process is encrypted through the certificate, so that the safe communication is realized.
Another object of the present invention is to provide a security control system for a numerical control machine having an identity authentication and security communication gateway, comprising:
the authentication information setting module is used for presetting an authentication information database in the gateway;
the role creating module is used for creating a system administrator terminal for changing the database information;
the information creating module is used for creating user group information, group administrators and group user information;
the user configuration module is used for configuring a user side for connecting the gateway message service;
the adapter configuration module is used for deploying the adapter on the numerical control machine tool, performing connection configuration and writing authentication information accessed to the security gateway into the adapter through a configuration file;
the proxy configuration module is used for configuring a proxy for ensuring an authentication process and a safe communication process at a user side and writing authentication information required by gateway connection into the proxy;
the authentication setting module is used for initially setting the user-machine tool access authority based on the equipment information and the group administrator information of the numerical control machine; the system is used for setting a user authentication mode and issuing a certificate for secure communication;
the permission modification module is used for modifying the permission level of the corresponding role based on the permission setting;
the authentication information database is used for storing authentication information;
the authentication module is used for authenticating the adapter authentication information, the user authentication information and the user group information, and corresponding access authority is given if the authentication is passed;
the safety access module is used for accessing the information of the numerical control machine tool through the safety connection with the gateway based on the acquired access authority, the gateway limits the access according to the group where the user is located, and the adapter provides corresponding information according to the authority level of the user;
and the encryption module is used for encrypting the communication process through the certificate to realize safe communication.
Further, the safety control system of the numerical control machine tool with the identity authentication and safety communication gateway comprises the following roles:
the user side is used for carrying out safe communication with the security gateway through the agent and accessing information provided by the equipment in the group under a given authority according to the authority;
the numerical control machine tool is used for carrying out safety communication with the safety gateway through the adapter to realize access strategies with different safety levels; and is used for providing corresponding information according to the user authority level.
The security gateway is used for verifying the user identity by utilizing the internal message queue in cooperation with the identity authentication data and limiting access according to the group where the user is located;
and the administrator terminal comprises a system administrator and a group administrator and is used for managing the identity authentication data in the gateway.
Further, the security gateway includes: an authentication data unit and a message queue unit;
the authentication data unit is used for recording the related data of identity authentication;
and the message queue unit is used for transferring and distributing messages on the basis of the secure communication.
Further, the administrator side includes:
the system administrator terminal is used for creating a user group, creating user group members, creating a group administrator and distributing the equipment to the user group;
and the group administrator terminal is used for changing the permission level of the users in the group to the devices in the group.
Another object of the present invention is to provide a computer program product stored on a computer readable medium, comprising a computer readable program for providing a user input interface to implement the method for controlling security of a cnc machine with identity authentication and secure communication gateway when executed on an electronic device.
Another object of the present invention is to provide a computer-readable storage medium storing instructions which, when executed on a computer, cause the computer to perform the method for controlling security of a nc machine tool having an identity authentication and a secure communication gateway.
By combining all the technical schemes, the invention has the advantages and positive effects that:
the invention provides a safer and more convenient technical idea for the gateway access of the numerical control machine tool, and has good safety performance and application prospect. The invention provides a security gateway technology which can effectively access numerical control machine equipment, can provide communication security and can provide grouping and authority management.
The numerical control machine tool safety technology with the identity authentication and the safety communication gateway provides an idea of accessing the numerical control machine tool into a management system, and the equipment grouping and the in-group management work are separated by distinguishing a system administrator and a group administrator, so that the equipment connection and management efficiency of the numerical control machine tool can be effectively improved, and the management cost of a numerical control machine tool cluster is reduced.
The numerical control machine tool safety technology with the identity authentication and the safety communication gateway provides safety for the communication process, extracts the traditional numerical control machine tool connection management from various private communication protocols, ensures the communication safety between the adapter and the gateway, and obtains different access rights by accessing the gateway through a specific safety certificate by a user.
The technical effect or experimental effect of comparison comprises the following steps:
based on the above description of the present invention, the present invention is compared with the prior art to form the following table 1, so as to visually show the technical effects achieved by the technical solution
Figure BDA0002577190600000061
TABLE 1
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a security control method of a numerically-controlled machine tool with an identity authentication and secure communication gateway according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for controlling security of a numerically-controlled machine tool having an identity authentication and secure communication gateway according to an embodiment of the present invention.
FIG. 3 is a schematic structural diagram of a security system of a numerically-controlled machine tool with an identity authentication and security communication gateway according to an embodiment of the present invention;
in the figure: 1. an authentication information setting module; 2. a role creation module; 3. an information creation module; 4. a user configuration module; 5. an adapter configuration module; 6. an agent configuration module; 7. an authentication setting module; 8. an authority modification module; 9. an authentication information database; 10. an authentication module; 11. a secure access module; 12. and an encryption module.
Fig. 4 is a schematic role diagram of a security control system of a numerically-controlled machine tool having an identity authentication and a secure communication gateway according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a process for a user of an existing VPN facility to access a machine tool in an environment provided by an embodiment of the present invention.
Fig. 6 is a schematic diagram of a process of managing and assigning rights to persons using a hierarchical management concept of an administrator and a group administrator according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides a security system and method for a numerically controlled machine tool with identity authentication and secure communication gateway, and the present invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, a method for controlling security of a numerically-controlled machine tool having an identity authentication and a secure communication gateway according to an embodiment of the present invention includes:
the safety access of the numerical control machine tool and the information acquisition of a user to the numerical control machine tool are realized by configuring a numerical control machine tool adapter, a safety gateway and an agent; the gateway part divides the equipment and the user terminal according to user groups, changes the access authority of the user-equipment, and acquires the information of the specific machine tool equipment under the authorization of an administrator.
As shown in fig. 2, the method for controlling the security of the nc machine tool having the identity authentication and the secure communication gateway provided in the embodiment of the present invention includes the following steps:
s101, the system initializes and presets an authentication information database in the gateway, and a system administrator terminal capable of changing the database information is established.
S102, a system administrator end creates user group information, a group administrator and group user information, imports numerical control machine tool equipment information and group administrator information, and initially sets user-machine tool access authority;
s103, configuring a user side for connecting the gateway message service, setting an authentication mode, and issuing a certificate for safety communication.
S104, an adapter for realizing access strategies of different security levels is deployed on the numerical control machine tool, and the adapter writes authentication information accessed to the security gateway through the configuration file.
And S105, configuring an agent at the user side, wherein the agent writes authentication information required by the access gateway connection.
And S106, judging whether the authentication information written in the step S104 and the step S105 meets the requirements, if so, acquiring corresponding access rights by the user side.
And S107, the user side accesses the information of the numerical control machine tool through the safety connection with the gateway based on the access authority acquired in the step S106, the gateway limits the access according to the group where the user side is located, and the adapter provides corresponding information according to the user authority level.
The entity of the authentication information provided by the embodiment of the invention exists in the gateway and comprises user authentication information and user group information;
the user authentication information comprises a user ID, a login password and other related information;
the user group information comprises group member information, group equipment information and member-to-equipment authority information.
The method for controlling the safety of the numerical control machine tool with the identity authentication and the safety communication gateway provided by the embodiment of the invention further comprises the following steps:
the gateway judges whether the authentication information of the user and the adapter is the access authentication information set in the system initialization process, if so, the communication process is encrypted through the certificate, and the safe communication is realized.
As shown in fig. 3, the safety control system of a numerical control machine tool with identity authentication and a secure communication gateway provided in an embodiment of the present invention includes:
and the authentication information setting module 1 is used for presetting an authentication information database in the gateway.
And the role creating module 2 is used for creating a system administrator terminal capable of changing the database information.
And the information creating module 3 is used for creating user group information, group administrators and group user information.
And the user configuration module 4 is used for configuring a user side for connecting the gateway message service.
And the adapter configuration module 5 is used for deploying an adapter on the numerical control machine tool, performing connection configuration and writing authentication information accessed to the security gateway into the adapter through a configuration file.
And the agent configuration module 6 is used for configuring an agent for ensuring the authentication process and the safe communication process at the user side and writing authentication information required by gateway connection into the agent.
The authentication setting module 7 is used for initially setting the user-machine tool access authority based on the equipment information of the numerical control machine tool and the information of a group administrator; for setting a user authentication mode and issuing a certificate for secure communication.
And the permission modification module 8 is used for modifying the permission level of the corresponding role based on the permission setting.
And an authentication information database 9 for storing authentication information.
And the authentication module 10 is used for authenticating the adapter authentication information, the user authentication information and the user group information, and endowing corresponding access authority if the authentication is passed.
And the safety access module 11 is used for accessing information of the numerical control machine tool through safety connection with the gateway based on the acquired access authority, the gateway limits access according to the group where the user is located, and the adapter provides corresponding information according to the user authority level.
And the encryption module 12 is used for encrypting the communication process through the certificate to realize secure communication.
As shown in fig. 4, the safety control system of the numerical control machine tool with identity authentication and a secure communication gateway provided in the embodiment of the present invention includes the following roles:
and the user side is used for carrying out safe communication with the safety gateway through the agent and accessing the information provided by the equipment in the group under the given authority according to the authority.
The numerical control machine tool is used for carrying out safety communication with the safety gateway through the adapter to realize access strategies with different safety levels; and is used for providing corresponding information according to the user authority level.
The security gateway is used for verifying the user identity by utilizing the internal message queue in cooperation with the identity authentication data and limiting access according to the group where the user is located;
and the administrator comprises a system administrator and a group administrator and is used for managing the identity authentication data in the gateway.
The security gateway provided by the embodiment of the invention comprises: an authentication data unit and a message queue unit.
The authentication data unit is used for recording the related data of the identity authentication.
And the message queue unit is used for transferring and distributing messages on the basis of the secure communication.
The administrator provided by the embodiment of the invention comprises the following steps:
a system administrator to create user groups, create user group members, create a group administrator, and assign devices to user groups.
And the group administrator is used for changing the permission level of the users in the group to the devices in the group.
The technical solution of the present invention is further illustrated by the following specific examples.
Example (b):
the numerical control machine tool safety technology of the identity authentication and safety communication gateway comprises the following steps:
step one, when the system is initialized, presetting an authentication information database in a gateway, and creating a system administrator user capable of changing database information.
And secondly, when the system is initialized, a system administrator creates user group information, a group administrator and group user information through a management page, imports numerical control machine equipment information, and initially sets the user-machine access authority by the group administrator.
And step three, configuring a user for connecting the gateway message service when the system is initialized, setting an authentication mode, and issuing a certificate for safe communication.
And step four, when the system is initialized, deploying an adapter (agent) on the numerical control machine tool, wherein the adapter needs to realize access strategies with different security levels and writes authentication information accessed to the security gateway through a configuration file.
And step five, configuring an agent at the user side when the system is initialized, wherein the agent needs to write authentication information needed by gateway connection.
And step six, when the system runs, the system administrator can modify the group and the group administrator, and the group administrator can modify the authority level of the group administrator.
And seventhly, accessing information of the numerical control machine tool by the user through the safe connection with the gateway, limiting the access by the gateway according to the group where the user is located, and providing corresponding information by the adapter according to the user permission level.
In a specific embodiment, in step two, the system administrator has the right to create a user group, create user group members and assign devices to the user group; the group administrator is created by a system administrator with the authority to change the level of authority of the users in the group to the devices in the group.
In the above embodiment, the system administrator is only responsible for the designation of user groups and group administrators, and the assignment of devices to groups, and the specific authority setting and group user creation are implemented by the group administrators, conforming to structured organization management.
In the specific implementation manner, in the second step, the entity of the authentication information exists inside the gateway, and includes user authentication information and user group information;
in the above embodiment, the user group information includes group member information, group device information, and authority information of the device by the member. The user can access the information provided by the equipment in the group under the given authority only according to the authority, so that the numerical control machine cluster can conveniently perform grouping management.
In the above embodiment, the user authentication information includes information such as a user ID and a login password, and the user needs to provide authentication information meeting requirements to obtain the corresponding access right, thereby effectively implementing identity authentication.
As shown in fig. 2, the present invention further provides a modular implementation of a security technology of a numerical control machine tool with an identity authentication and secure communication gateway, including a user, a numerical control machine tool, a security gateway and an administrator module, where the administrator module manages identity authentication data in the gateway through a page, the user and the numerical control machine tool respectively perform secure communication with the security gateway through an adapter and an agent, and an internal message queue of the security gateway performs verification of the user identity in cooperation with the identity authentication data.
In a specific implementation manner, the gateway module further includes an authentication data module and a message queue module, where the authentication module is configured to record identity authentication related data, and the message queue module performs transfer distribution on a message based on secure communication.
In addition, the invention described in the patent also has innovative embodiments in other application scenarios. For example, before the security gateway disclosed by the invention is used by enterprises, a VPN network is built and configured on the basis of a numerical control system, so that a part of remote access functions are realized, or an enterprise builds a unified identity authentication platform on the basis of the numerical control system, so that a part of functions of user management and identity authentication are realized. In the application scenario, the scheme of the present invention has embodiments that are different in implementation details but all conform to the inventive effect. Another innovative embodiment of the present invention is presented below on the premise that the numerical control machine environment has an existing VPN network.
Firstly, the process of accessing the machine tool by a user with existing VPN facilities in the environment is described: the VPN configuration of the numerical control machine tool refers to that the agent can be accessed from a public network environment through the agent configured on the numerical control machine tool, so that the same access effect as that of the field is achieved. The configuration mode provides a remote access function on the basis of only a traditional numerical control system, the specific structure is shown in fig. 5, and the embodiment in the case only needs to provide user authentication and user management functions.
On the premise of configuring VPN access in the environment shown in fig. 5, the communication security of public network access and public network access is provided by an original VPN, the working environment of the security gateway is switched from the public network environment to an intranet environment, the connection of the user side and the connection of the machine tool side are respectively taken over in the communication process of the user machine tool, the unification of heterogeneous communication protocols is realized by configuring an agent on the numerical control machine tool, and then the management and authority distribution are performed on the personnel by using the hierarchical management idea of an administrator and a group administrator, the specific embodiment scheme is shown in fig. 6, the VPN provides public network security and certain authentication here, and the gateway provides the remaining access control and organization management functions.
In the embodiment of the invention, a gateway for providing authentication and security is formed by creatively combining a database and a message queue product, wherein the message queue has high throughput and high reliability support, the information transmission and collection efficiency of the numerical control machine tool is innovatively improved, and on the basis of improving the data transmission efficiency, the reliable database product is used for providing support for user management and authentication information storage. On the basis of the above technology, the invention performs a series of optimization improvements, for example, a function of personnel grouping management is provided for the user access gateway side, a strategy for grouping machine tools and personnel is innovatively provided, and on the basis of the prior art, personnel management cost can be significantly reduced.
In the description of the present invention, "a plurality" means two or more unless otherwise specified; the terms "upper", "lower", "left", "right", "inner", "outer", "front", "rear", "head", "tail", and the like, indicate orientations or positional relationships that are based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing and simplifying the description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any modification, equivalent replacement, and improvement made by those skilled in the art within the technical scope of the present invention disclosed in the present invention should be covered within the scope of the present invention.

Claims (8)

1. A safety control method of a numerical control machine tool with identity authentication and a safety communication gateway is characterized by comprising the following steps:
the method comprises the steps that a numerical control machine adapter, a safety communication gateway and an agent are configured to obtain safety access of the numerical control machine and information of a user on the numerical control machine; the safety communication gateway divides equipment and a user side according to user groups, changes the access authority of the user-equipment, and acquires the information of specific machine tool equipment under the authorization condition of a system administrator side;
the numerical control machine tool safety control system with the identity authentication and the safety communication gateway of the numerical control machine tool safety control method with the identity authentication and the safety communication gateway comprises the following steps:
the authentication information setting module is used for presetting an authentication information database in the security communication gateway;
the role creating module is used for creating a system administrator terminal for changing the database information;
the information creating module is used for creating user group information, group administrators and group user information;
the user configuration module is used for configuring a user side for connecting the message service of the secure communication gateway;
the adapter configuration module is used for deploying the adapter on the numerical control machine tool, performing connection configuration and writing authentication information accessed to the secure communication gateway into the adapter through a configuration file;
the agent configuration module is used for configuring an agent for ensuring the authentication process and the safety communication process at the user side and writing authentication information required by the connection of the safety communication gateway into the agent;
the authentication setting module is used for initially setting the user-machine tool access authority based on the equipment information and the group administrator information of the numerical control machine; the system is used for setting a user authentication mode and issuing a certificate for secure communication;
the permission modification module is used for modifying the permission level of the corresponding role based on the permission setting;
the authentication information database is used for storing authentication information;
the authentication module is used for authenticating the adapter authentication information, the user authentication information and the user group information, and corresponding access authority is given if the authentication is passed;
the safety access module is used for accessing information of the numerical control machine tool through safety connection with a safety communication gateway based on the acquired access authority, the safety communication gateway limits access according to the group where the user is located, and the adapter provides corresponding information according to the authority level of the user;
and the encryption module is used for encrypting the communication process through the certificate to realize safe communication.
2. The security control method of a numerical control machine tool having an identity authentication and security communication gateway of claim 1, wherein the security control method of a numerical control machine tool having an identity authentication and security communication gateway comprises the steps of:
firstly, a system initializes and presets an authentication information database in a secure communication gateway, and creates a system administrator end for changing database information;
secondly, a system administrator end creates user group information, a group administrator and group user information, imports numerical control machine equipment information and group administrator information, and initially sets user-machine tool access authority;
step three, configuring a user side for connecting the message service of the secure communication gateway, setting an authentication mode, and issuing a certificate for secure communication;
deploying adapters for realizing access strategies of different security levels on the numerical control machine tool, wherein the adapters write authentication information accessed to the secure communication gateway through configuration files;
step five, configuring an agent at a user side, wherein the agent writes authentication information required by the connection of the access security communication gateway;
step six, judging whether the authentication information written in the step four and the step five meets the requirements, if so, acquiring corresponding access authority by the user side;
and step seven, the user side accesses the information of the numerical control machine tool through the safety connection with the safety communication gateway based on the access authority acquired in the step six, the safety communication gateway limits the access according to the group where the user side is located, and the adapter provides corresponding information according to the authority level of the user side.
3. The security control method of a numerical control machine tool having an identity authentication and secure communication gateway according to claim 2, wherein the entity of the required authentication information exists inside the secure communication gateway, and includes user authentication information and user group information;
the user authentication information comprises a user ID, a login password and other related information;
the user group information comprises group member information, group equipment information and member-to-equipment authority information.
4. The security control method of a nc machine tool having an identity authentication and security communication gateway of claim 2, wherein the security control method of a nc machine tool having an identity authentication and security communication gateway further comprises:
the secure communication gateway judges whether the authentication information of the user side and the adapter is the access authentication information set in the system initialization process, and if so, the communication process is encrypted through a certificate, so that secure communication is realized.
5. The security control method of a nc machine tool having an identity authentication and security communication gateway of claim 1, wherein the security control system of a nc machine tool having an identity authentication and security communication gateway includes the following roles:
the user side is used for carrying out safe communication with the safe communication gateway through the agent and accessing information provided by the equipment in the group under a given authority according to the authority;
the numerical control machine tool is used for carrying out safety communication with the safety communication gateway through the adapter to realize access strategies with different safety levels; meanwhile, the system is used for providing corresponding information according to the user authority level;
the safety communication gateway is used for verifying the user identity by utilizing the internal message queue in cooperation with the identity authentication data and limiting access according to the group where the user is located;
and the administrator terminal comprises a system administrator and a group administrator and is used for managing the identity authentication data in the secure communication gateway.
6. The security control method of a numerical control machine tool having an identity authentication and a secure communication gateway according to claim 5, wherein the secure communication gateway comprises: an authentication data unit and a message queue unit;
the authentication data unit is used for recording the related data of identity authentication;
and the message queue unit is used for transferring and distributing messages on the basis of the secure communication.
7. The security control method of a numerical control machine tool having an identity authentication and secure communication gateway according to claim 5, wherein the administrator side comprises:
the system administrator terminal is used for creating a user group, creating user group members, creating a group administrator and distributing the equipment to the user group;
and the group administrator terminal is used for changing the permission level of the users in the group to the devices in the group.
8. A computer-readable storage medium storing instructions which, when executed on a computer, cause the computer to perform the method for security control of a nc machine having an identity authentication and secure communication gateway according to any one of claims 1 to 4.
CN202010657207.1A 2020-07-09 2020-07-09 Numerical control machine tool safety system with identity authentication and safety communication gateway and method Active CN111818053B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010657207.1A CN111818053B (en) 2020-07-09 2020-07-09 Numerical control machine tool safety system with identity authentication and safety communication gateway and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010657207.1A CN111818053B (en) 2020-07-09 2020-07-09 Numerical control machine tool safety system with identity authentication and safety communication gateway and method

Publications (2)

Publication Number Publication Date
CN111818053A CN111818053A (en) 2020-10-23
CN111818053B true CN111818053B (en) 2021-08-17

Family

ID=72842009

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010657207.1A Active CN111818053B (en) 2020-07-09 2020-07-09 Numerical control machine tool safety system with identity authentication and safety communication gateway and method

Country Status (1)

Country Link
CN (1) CN111818053B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112861081A (en) * 2021-01-29 2021-05-28 武汉华中数控股份有限公司 G code encryption method and system for numerical control system
CN113766015B (en) * 2021-08-23 2024-04-05 武汉华中数控股份有限公司 Communication system and method based on NC-Link protocol

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1863195A (en) * 2005-05-13 2006-11-15 中兴通讯股份有限公司 Family network system with safety registration function and method thereof
CN102438026A (en) * 2012-01-12 2012-05-02 冶金自动化研究设计院 Industrial control network security protection method and system
CN104954242A (en) * 2014-03-26 2015-09-30 洛克威尔自动控制技术股份有限公司 Unified data ingestion adapter for migration of industrial data to a cloud platform
CN107040459A (en) * 2017-03-27 2017-08-11 高岩 A kind of intelligent industrial secure cloud gateway device system and method
CN107222508A (en) * 2017-07-14 2017-09-29 国家计算机网络与信息安全管理中心 Safety access control method, equipment and system
CN109976239A (en) * 2019-04-29 2019-07-05 北京京航计算通讯研究所 Industrial control system terminal security guard system
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
CN110501965A (en) * 2019-07-18 2019-11-26 浙江工业大学 Based on the acquisition of Embedded remote PLC data and early warning system
CN111144698A (en) * 2019-12-02 2020-05-12 上海展湾信息科技有限公司 Numerical control equipment program management application platform based on public cloud and soft gateway

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6453353B1 (en) * 1998-07-10 2002-09-17 Entrust, Inc. Role-based navigation of information resources
US6584454B1 (en) * 1999-12-31 2003-06-24 Ge Medical Technology Services, Inc. Method and apparatus for community management in remote system servicing
US9635029B2 (en) * 2012-01-27 2017-04-25 Honeywell International Inc. Role-based access control permissions
CN107071075B (en) * 2016-11-16 2020-07-21 国家数字交换系统工程技术研究中心 Device and method for dynamically jumping network address

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1863195A (en) * 2005-05-13 2006-11-15 中兴通讯股份有限公司 Family network system with safety registration function and method thereof
CN102438026A (en) * 2012-01-12 2012-05-02 冶金自动化研究设计院 Industrial control network security protection method and system
CN104954242A (en) * 2014-03-26 2015-09-30 洛克威尔自动控制技术股份有限公司 Unified data ingestion adapter for migration of industrial data to a cloud platform
CN107040459A (en) * 2017-03-27 2017-08-11 高岩 A kind of intelligent industrial secure cloud gateway device system and method
CN107222508A (en) * 2017-07-14 2017-09-29 国家计算机网络与信息安全管理中心 Safety access control method, equipment and system
CN109976239A (en) * 2019-04-29 2019-07-05 北京京航计算通讯研究所 Industrial control system terminal security guard system
CN110501965A (en) * 2019-07-18 2019-11-26 浙江工业大学 Based on the acquisition of Embedded remote PLC data and early warning system
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
CN111144698A (en) * 2019-12-02 2020-05-12 上海展湾信息科技有限公司 Numerical control equipment program management application platform based on public cloud and soft gateway

Also Published As

Publication number Publication date
CN111818053A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN111818053B (en) Numerical control machine tool safety system with identity authentication and safety communication gateway and method
DE19983331B4 (en) Method and apparatus for providing data management for a network coupled storage system
US6845395B1 (en) Method and apparatus for identifying network devices on a storage network
CN101931613B (en) Centralized authenticating method and centralized authenticating system
US20100186075A1 (en) Method and system for accessing devices in a secure manner
CN100385860C (en) Method and device for safety of storaged network data
JP2004522330A (en) Encryption of data to be stored in the information processing system
CN111447180B (en) Security access control strategy for power Internet of things edge access management system
CN105915338A (en) Key generation method and key generation system
CN109995530B (en) Safe distributed database interaction system suitable for mobile positioning system
CN107689949A (en) Data base authority management method and system
CN112235193B (en) Data transmission method, device, equipment and medium based on cross-network multi-level routing
CN114866346B (en) Password service platform based on decentralization
CN112818332A (en) Password management service platform for intelligent manufacturing
CN102194292B (en) Billing server, tax copying system and tax copying method
CN111654372A (en) Key management method and related device
CN113067871A (en) Digital file management method based on block chain technology
CN114390100A (en) Working method of OPC UA server based on numerical control system
CN112347440B (en) User access authority division system of industrial control equipment and application method thereof
CN108769004B (en) Remote operation safety verification method for industrial internet intelligent equipment
CN104217283A (en) Data sharing device and data sharing system
CN109903046A (en) User data management and device based on block chain
CN111917798B (en) Internet of things terminal management and control and secure communication method
CN110430207B (en) Multi-point remote cross-network interaction collaborative authentication method for smart power grid
CN106301791A (en) Method and system for realizing unified user authentication authorization based on big data platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant