CN112055029A - Zero-trust power Internet of things equipment and user real-time trust degree evaluation method - Google Patents

Zero-trust power Internet of things equipment and user real-time trust degree evaluation method Download PDF

Info

Publication number
CN112055029A
CN112055029A CN202010975261.0A CN202010975261A CN112055029A CN 112055029 A CN112055029 A CN 112055029A CN 202010975261 A CN202010975261 A CN 202010975261A CN 112055029 A CN112055029 A CN 112055029A
Authority
CN
China
Prior art keywords
trust
current
equipment
access
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010975261.0A
Other languages
Chinese (zh)
Other versions
CN112055029B (en
Inventor
费稼轩
石聪聪
张小建
黄秀丽
程凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Hebei Electric Power Co Ltd, Global Energy Interconnection Research Institute, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202010975261.0A priority Critical patent/CN112055029B/en
Publication of CN112055029A publication Critical patent/CN112055029A/en
Application granted granted Critical
Publication of CN112055029B publication Critical patent/CN112055029B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of information security, in particular to zero-trust electric power Internet of things equipment and a user real-time trust degree evaluation method, which comprises the steps of obtaining equipment information, user identity information, accessed target object resources and access behavior data of all object resources of target electric power Internet of things equipment; the equipment information comprises equipment identity information and equipment data; performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information; after the target power Internet of things equipment and the user successfully perform identity authentication, determining the current trust level of the target power Internet of things equipment according to the equipment data and the access behavior data of each object resource; and comparing the current trust with a trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource. By determining the current trust level, the security of the electric power Internet of things system is improved for the fact that the access authority extends from an external network to an internal network.

Description

Zero-trust power Internet of things equipment and user real-time trust degree evaluation method
Technical Field
The invention relates to the technical field of information security, in particular to zero-trust electric power Internet of things equipment and a user real-time trust degree evaluation method.
Background
The trust evaluation model analyzes and measures the trust information and the trust degree of the network node, gives the trust level to the node through the numerical value of the trust degree of the node, further realizes access control, authority management and security measurement, and plays an increasingly important role in the security of a network system at present.
Because the hardware and software development of the power internet of things system is not mature enough, the quality levels of power internet of things equipment are not uniform, the security problem is not paid attention to enough, and some power internet of things equipment have security holes in the system and software, once the holes are utilized, the power internet of things equipment is easily attacked by various means, so that the network system of the power internet of things faces greater security threat. Most of the existing network security protection and trust evaluation systems adopt a security architecture based on boundary protection, the network is divided into an internal network, an external network and other areas according to the position of equipment in the network, the internal network and the external network are isolated at the network boundary, security measures such as a firewall and an intrusion detection system are deployed, a corresponding security strategy is configured, and a boundary protection and trust evaluation system is built.
However, with the development of cloud computing technology, more and more applications and data are deployed in the cloud, and meanwhile, remote access by using a tunnel technology is more and more common, the boundary of a network is more and more fuzzy, and the traditional trust evaluation and security protection method for performing boundary protection according to the position of an access subject in the network encounters more and more challenges. In order to solve the problems, google corporation proposes a zero trust framework, takes identity authentication as a core, and guarantees the security of access resources through continuous authentication and trust evaluation, and the zero trust framework is applied to a security protection and trust evaluation system by more and more enterprises.
However, most of the zero trust frameworks continue to use a partial boundary protection scheme, so that the internal network and the external network are isolated, and a trust rating and access strategy with high trust is adopted for the internal network, so that the system is easy to suffer from internal attack, and the security of the electric power internet of things system is low.
Disclosure of Invention
In view of this, the embodiment of the invention provides a zero-trust power internet of things device and a user real-time trust degree evaluation method, so as to solve the problem of low security of a power internet of things system.
According to a first aspect, an embodiment of the present invention provides a zero-trust power internet of things device and a user real-time trust evaluation method, including:
acquiring equipment information, user identity information, accessed target object resources and access behavior data of each object resource of target power Internet of things equipment; wherein the device information comprises device identity information and device data;
performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information;
after the target power Internet of things equipment and the user successfully perform identity authentication, determining the current trust level of the target power Internet of things equipment according to the equipment data and the access behavior data of each object resource;
and comparing the current trust with a trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource.
According to the zero-trust electric power Internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment of the invention, after target electric power Internet of things equipment and user identity information are authenticated, the current trust degree of the target electric power Internet of things equipment is determined by using equipment data of the target electric power Internet of things and access behavior data of each object resource so as to determine the authority of accessing the target object resource; namely, the current trust level is comprehensively determined by using the device data of the target power Internet of things and the access behavior data of each object resource, and the determination of the access authority is extended from the external network to the internal network of the power Internet of things, so that the safety of the power Internet of things system is improved.
With reference to the first aspect, in a first implementation manner of the first aspect, the determining a current trust level of the target power internet of things device according to the device data and the access behavior data of each guest resource includes:
calculating the access success rate of all the object resources, the access success rate of a first preset object resource and the access success rate of a second preset object resource based on the access behavior data of all the object resources; the first preset object resource is an object resource with an access success rate lower than a first preset value, and the second preset object resource is an object resource with a trust threshold value exceeding a second preset value;
calculating the current access trust level of the access behavior by utilizing the access success rate of all the object resources, the access success rate of the first preset object resource and the access success rate of the second preset object resource;
determining the current equipment trust level of the target Internet of things equipment based on the equipment data;
and determining the current trust level of the target power Internet of things equipment according to the current access trust level of the access behavior and the current equipment trust level of the target Internet of things equipment.
According to the zero-trust electric power Internet of things equipment and the user real-time trust evaluation method provided by the embodiment of the invention, the current access trust is calculated by utilizing the access success rates of various object resources, and the current access trust is calculated from the angles of a plurality of object resources, so that the calculation accuracy of the current access trust is improved, and thus a basic guarantee is provided for the accurate determination of the current trust of the subsequent target electric power Internet of things equipment.
With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, the following formula is used to calculate the current access trust level of the access behavior:
R=a1R1+a2R2+a3R3
wherein R is the current access trust of the access behavior, R1For all said object resources, R2Access success rate, R, of first preset object resource3Second Preset Objective resource Access success Rate, a1、a2And a3Is a coefficient of more than 0 and less than 1, wherein a1+a2+a3=1。
With reference to the first implementation manner of the first aspect, in a third implementation manner of the first aspect, the determining, based on the device data, the current device trust level of the target internet of things device includes:
extracting a safety state detection result in the equipment data, wherein the safety state detection result comprises a detection result of at least a detection parameter;
determining the current security trust level of the target Internet of things equipment by using the security state detection result;
extracting static attribute parameters and dynamic attribute parameters in the equipment data, wherein the static attribute parameters comprise at least one of an IP address, an MAC address or a login mode, and the dynamic attribute parameters comprise at least one of uplink flow, downlink flow or a memory state;
determining the current attribute trust level of the target Internet of things equipment based on the static attribute parameters and the dynamic attribute parameters;
and calculating the current equipment trust level of the target Internet of things equipment by using the current security trust level and the current attribute trust level.
According to the zero-trust electric power Internet of things equipment and the user real-time trust evaluation method provided by the embodiment of the invention, the current equipment trust of the target Internet of things equipment is determined by using the safety state detection result and the static and dynamic attribute parameters in the equipment data, so that the accuracy of the current equipment trust of the target Internet of things equipment is improved.
With reference to the third implementation manner of the first aspect, in the fourth implementation manner of the first aspect, the current device trust level of the target internet of things device is calculated by using the following formula:
C0=w1S+w2d, in the formula, the compound I,
Figure BDA0002685531710000041
wherein, C0The current equipment trust degree of the target Internet of things equipment, S is the current safety trust degree, D is the current attribute trust degree, w1、w2Is a constant greater than 0 and less than 1, N is the number of the static attribute parameters, QiFor the static attribute parameter, M is the dynamic attribute parameter, MjAs the number of the dynamic attribute parameters, bj、cjIs a constant greater than 0 and less than 1.
With reference to any one of the first to fourth embodiments of the first aspect, in a fifth embodiment of the first aspect, the determining the current trust level of the target power internet of things device according to the current access trust level of the access behavior and the current device trust level of the target internet of things device includes:
calculating a first current trust level of the target power internet of things equipment by using the current access trust level of the access behavior and the current equipment trust level of the target internet of things equipment;
acquiring a time attenuation factor and historical trust of the target power Internet of things equipment;
determining the current trust level of the target power Internet of things equipment based on the first current trust level, the time attenuation factor and the historical trust level.
According to the zero-trust electric power Internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment of the invention, the time attenuation factor is introduced into the calculation process of the current trust degree of the target electric power Internet of things equipment, and the historical trust degree is combined into the calculation process of the current trust degree, so that the reliability of the calculation result of the current trust degree is improved.
With reference to the fifth implementation manner of the first aspect, in a sixth implementation manner of the first aspect, the determining a current trust level of the target power internet of things device based on the first current trust level, the time decay factor, and the historical trust level includes:
calculating a second current trust level of the target power Internet of things equipment by using the first current trust level, the time attenuation factor and the historical trust level;
extracting role influence factors corresponding to the user identity information;
and calculating the current trust degree of the target power Internet of things equipment by using the role influence factor and the second current trust degree.
According to the zero-trust electric power Internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment of the invention, as the role of the user has a certain influence on the current trust degree of the target electric power Internet of things equipment, a role influence factor is added in the calculation process of the current trust degree, the accuracy of the calculation of the current trust degree is improved, the current trust degree is subsequently utilized, the authority of the target electric power Internet of things equipment for accessing the target objective resource is determined, and the safety of the electric power Internet of things system is ensured.
With reference to the sixth implementation manner of the first aspect, in the seventh implementation manner of the first aspect, the current trust level of the target power internet of things device is calculated by using the following formula:
C=(1+α)C2in the formula, C2=(1-γ)C1+γC2
Wherein C is the current trust level of the target point networking equipment, C1Is the first current confidence level, C2And for the second current confidence level, alpha is the role influence factor, the value of alpha is between 0 and 1, gamma is the time attenuation factor, and the value of gamma is between-1 and 1.
With reference to the first aspect, in an eighth implementation manner of the first aspect, the comparing the current trust level with the trust level threshold of the target object resource to determine the authority of the target power internet of things device to access the target object resource includes:
initializing a user role trust level by utilizing the user identity information; wherein the user role trust level is the authority for accessing the target object resource;
judging whether the current trust is greater than the trust threshold of the target object resource;
and when the current trust degree is less than or equal to the trust degree threshold value of the target object resource, adjusting the trust level of the user role.
According to the zero-trust electric power Internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment of the invention, when the current trust degree is less than or equal to the trust degree threshold value of the target object resource, the authority of the user for accessing the target object resource is adjusted by adjusting the role trust level, so that the target electric power Internet of things equipment can be ensured to access the target object resource, the authority of the target electric power Internet of things equipment for accessing the target object resource is restrained, and the safety of the electric power Internet of things system is improved.
According to a second aspect, an embodiment of the present invention further provides a zero-trust power internet of things device and a user real-time trust evaluation apparatus, including:
the acquisition module is used for acquiring equipment information, user identity information, accessed target object resources and access behavior data of each object resource of the target power Internet of things equipment; wherein the device information comprises device identity information and device data;
the identity authentication module is used for performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information;
the trust degree determining module is used for determining the current trust degree of the target power Internet of things equipment according to the equipment data and the access behavior data of each object resource after the target power Internet of things equipment and the user successfully perform identity authentication;
and the access authority determining module is used for comparing the current trust with the trust threshold of the target object resource and determining the authority of the target power Internet of things equipment for accessing the target object resource.
After the target electric power internet of things equipment and the user identity information are authenticated, the current trust level of the target electric power internet of things equipment is determined by using the equipment data of the target electric power internet of things and the access behavior data of each object resource so as to determine the authority of accessing the target object resource; namely, the current trust level is comprehensively determined by using the device data of the target power Internet of things and the access behavior data of each object resource, and the determination of the access authority is extended from the external network to the internal network of the power Internet of things, so that the safety of the power Internet of things system is improved.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: the memory and the processor are in communication connection with each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the zero-trust power internet of things device and the user real-time trust evaluation method described in the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the zero-trust power internet of things device and the user real-time trust evaluation method described in the first aspect or any one of the implementation manners of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a zero-trust power internet of things device and a user real-time trust evaluation method according to an embodiment of the invention;
FIG. 2 is a flow chart of a zero-trust power IOT device and a user real-time trust evaluation method according to an embodiment of the invention;
FIG. 3 is a flow chart of a zero trust power IOT device and a user real-time trust evaluation method according to an embodiment of the invention;
FIG. 4 is a flow chart of a zero-trust power IOT device and a user real-time trust evaluation method according to an embodiment of the invention;
FIG. 5 is a block diagram of the zero-trust power IOT device and the user real-time trust evaluation apparatus according to the embodiment of the invention
FIG. 6 is a block diagram of the structures of a zero-trust power IOT device and a user real-time trust evaluation system according to an embodiment of the invention;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the zero-trust electric power internet of things equipment and the user real-time trust evaluation method provided by the embodiment of the invention run through the whole access process, and realize real-time calculation and update of the current trust of the target electric power internet of things equipment.
In accordance with an embodiment of the present invention, there is provided a zero trust power internet of things device and user real-time trust assessment method embodiment, it is noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
In this embodiment, a zero-trust power internet of things device and a user real-time trust degree evaluation method are provided, which may be used for electronic devices, such as computers, servers, and the like, fig. 1 is a flowchart of a zero-trust power internet of things device and a user real-time trust degree evaluation method according to an embodiment of the present invention, and as shown in fig. 1, the flowchart includes the following steps:
and S11, acquiring the device information, the user identity information, the accessed target object resources and the access behavior data of each object resource of the target power Internet of things device.
The device information includes device identity information and device data.
The device identity information and the user identity information are used for verifying the identity of the target power internet of things device and the user, wherein the user corresponds to the target power internet of things device. Specifically, a user accesses a target object resource through a target power internet of things device.
The access behavior data is historical access data of each object resource, such as the access times and the access success times of each object resource. Each object resource also has a corresponding trust threshold, and the object resources can be divided according to the trust threshold, for example, the object resources can be divided into key object resources and non-key object resources.
Optionally, the access behavior data may be further divided into high-risk object resources and low-risk object resources according to the access success rate of each object resource. And subsequently, determining the trust degree of the target power Internet of things equipment by using the access behavior data of each object resource.
The device information, the user identity information and the accessed target object resources can be obtained by the electronic device from the target power internet of things device in real time, and the access behavior data of each object resource can be stored in the electronic device or obtained by the electronic device accessing other databases. The specific way of acquiring the access behavior data of each object resource by the electronic device is not limited at all, and only the electronic device needs to be ensured to acquire the parameters.
And S12, performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information.
After the electronic equipment acquires the equipment identity information and the user identity information, the electronic equipment verifies the target power Internet of things equipment and the user identity. The specific identity authentication process may be implemented in the electronic device, or the electronic device may implement identity authentication through interaction with the identity authentication platform.
For example, the electronic device may send an identity authentication request to the identity authentication platform, the identity authentication platform sends a certificate reading instruction to the electronic device to obtain a device certificate, queries a corresponding device certificate of the device authentication database, sends a plaintext random number to the electronic device after passing the authentication, the electronic device calls an encryption function, encrypts the plaintext using a private key and sends the plaintext to the identity authentication platform, the identity authentication platform calls a device public key to decrypt the ciphertext, sends a user authentication instruction to the electronic device after passing the authentication to obtain user identity information, calls a Hash value generated by a Hash function, calls a corresponding Hash value in the database to compare, and performs user identity authentication.
Executing S13 after the identity authentication of the target power Internet of things equipment and the user is successful; otherwise, other operations are performed. The other operations can be reminding the user to input the user identity information again, and also can refuse the target power Internet of things equipment to access the target object resource. The specific form of other operations may be set according to the actual situation, and is not limited herein.
And S13, determining the current trust level of the target power Internet of things device according to the device data and the access behavior data of each object resource.
After the target power internet of things equipment and the user identity authentication pass, the electronic equipment calculates the current trust degree of the target power internet of things equipment by using the equipment data and the access behavior data of each object resource. For example, the electronic device calculates corresponding trust degrees by using the device data and the access behavior data, and then performs weighted summation on all the trust degrees to obtain the current trust degree of the target power internet of things device.
The device data may be device security detection data, or some login information of the device, for example, whether the device has a security vulnerability, whether the device is logged in abnormally, and the like, which all affect the calculation of the current trust level.
In addition, the electronic equipment can also perform recalculation by combining the historical trust level of the target power internet of things equipment on the basis of the calculated trust level to obtain the current trust level of the target power internet of things equipment.
The step will be described in detail below, and will not be described herein again.
And S14, comparing the current trust with the trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource.
After the current trust level of the target electronic Internet of things equipment is obtained through calculation, the electronic equipment compares the current trust level with the trust level threshold of the target object resource, and if the current trust level is greater than the trust level threshold of the target object resource, the target electronic Internet of things equipment is determined to be capable of accessing the target object resource; if the trust degree is less than or equal to the threshold value of the trust degree of the target object resource, the access of the target power internet of things equipment can be refused, and other operations can also be executed. This step will be described in detail below.
In the zero-trust electric power internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment, after the target electric power internet of things equipment and the user identity information are authenticated, the current trust degree of the target electric power internet of things equipment is determined by using the equipment data of the target electric power internet of things and the access behavior data of each object resource, so as to determine the authority of accessing the target object resource; namely, the current trust level is comprehensively determined by using the device data of the target power Internet of things and the access behavior data of each object resource, and the determination of the access authority is extended from the external network to the internal network of the power Internet of things, so that the safety of the power Internet of things system is improved.
In this embodiment, a zero-trust power internet of things device and a user real-time trust evaluation method are provided, which may be used for electronic devices, such as computers, servers, and the like, fig. 2 is a flowchart of a zero-trust power internet of things device and a user real-time trust evaluation method according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
and S21, acquiring the device information, the user identity information, the accessed target object resources and the access behavior data of each object resource of the target power Internet of things device.
The device information includes device identity information and device data.
Please refer to S11 in fig. 1, which is not described herein again.
And S22, performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information.
Executing S23 after the identity authentication of the target power Internet of things equipment and the user is successful; and if not, executing to refuse the target power Internet of things equipment to access the target object resource.
Please refer to S12 in fig. 1, which is not described herein again.
And S23, determining the current trust level of the target power Internet of things device according to the device data and the access behavior data of each object resource.
Specifically, the step S23 includes the following steps:
s231, calculating access success rates of all object resources, the first preset object resource, and the second preset object resource based on the access behavior data of each object resource.
The first preset object resource is an object resource with an access success rate lower than a first preset value, and the second preset object resource is an object resource with a trust threshold value exceeding a second preset value.
The electronic equipment calculates the total access success rate and the high-risk access success rate by reading the access behavior data of each object resource, selects a resource access record with a high confidence threshold value, calculates the key resource access success rate, and adds the total access success rate, the first preset object resource (high-risk object resource) access success rate and the second preset object resource (key object resource) access success rate according to the weight according to the parameter configuration weight to generate the current access confidence of the access behavior. In this embodiment, an object resource with an access success rate lower than 50% is defined as a first preset object resource, that is, a high-risk object resource; and defining the object resource with the trust degree threshold value exceeding 0.9 as a second preset object resource, namely a key object resource.
In specific implementation, the total access success rate is set to be R1, the high-risk access success rate is set to be R2, and the key resource access success rate is set to be R3. The total access request times are N, and the access success times are T; the total access times of all the resources with the access success rate lower than 50% are Nr, and the access success times of all the resources with the access success rate lower than 50% are Tr; the total times of the resource access requests with the confidence threshold exceeding 0.9 are Ne, and the times of the resource access success with the confidence threshold exceeding 0.9 are Te.
Then, the total access success rate can be calculated by utilizing N and T; the access success rate of the high-risk object resource can be calculated by utilizing Nr and Tr; the access success rate of the key object resource can be calculated by utilizing Ne and Te.
And S232, calculating the current access trust of the access behavior by using the access success rates of all the object resources, the first preset object resource and the second preset object resource.
Specifically, the current access trust level of the access behavior may be calculated by using the following formula:
R=a1R1+a2R2+a3R3
wherein R is the current access trust of the access behavior, R1For all said object resources, R2Access success rate, R, of first preset object resource3Second Preset Objective resource Access success Rate, a1、a2And a3Is a coefficient of more than 0 and less than 1, wherein a1+a2+a3=1。
Optionally, the current model essay confidence level is R, and the weights of the total access success rate, the high-risk access success rate and the key resource access success rate are a1、a2、a3,a1、a2、a3The parameters can be adjusted according to actual conditions by respectively setting the parameters to 35%, 35% and 30%.
And S233, determining the current equipment trust level of the target Internet of things equipment based on the equipment data.
In this embodiment, the device data includes a security status detection result, a static attribute parameter, and a dynamic attribute parameter. And the electronic equipment calculates corresponding trust degrees by respectively utilizing the equipment data, and then determines the current equipment trust degree of the target Internet of things equipment by utilizing a weighted summation mode.
Specifically, the step S233 includes the steps of:
(1) and extracting a safety state detection result in the equipment data.
The safety state detection result comprises at least a detection result of the detection parameter.
The detection parameters include, but are not limited to, detection of security states of devices such as bug patches, system versions, port settings, software installation and the like, and detection of security states of networks such as network encryption, DNS tampering, phishing networks, false networks, ARP spoofing, DHCP spoofing and the like.
The safety state detection result of the target power internet of things equipment can be obtained by detecting other equipment, no limitation is made, and only the safety state detection result in the equipment data can be extracted by the electronic equipment.
(2) And determining the current security trust level of the target Internet of things equipment by using the security state detection result.
After the electronic equipment obtains the safety state detection result, the detection result of each detection parameter can be scored according to a preset scoring standard, and the total safety state score of the target power internet of things equipment is obtained. For example, the security status is overall H, with a score between 0 and 100, and a high score represents high confidence.
After obtaining the score values corresponding to the detection parameters, the electronic device may configure weights according to the detection parameters, and add the score values of the detection parameters according to the weights to obtain the current security trust level of the target internet of things device.
For example, the current security trust level of the target internet of things device is S, S ═ H/100.
(3) And extracting the static attribute parameters and the dynamic attribute parameters in the equipment data.
The static attribute parameters comprise at least one of an IP address, an MAC address or a login mode, and the dynamic attribute parameters comprise at least one of uplink flow, downlink flow or a memory state.
It should be noted that the static attribute parameters and the dynamic attribute parameters are not limited to the above, and may also be other parameters, and specifically, the corresponding setting may be continued according to the actual situation.
(4) And determining the current attribute trust degree of the target Internet of things equipment based on the static attribute parameters and the dynamic attribute parameters.
The electronic equipment scores static attribute parameters of the equipment such as an IP address, an MAC address, a login position, login time and a login mode and dynamic attribute parameters of the equipment such as uplink flow, downlink flow, TCP connection density, a memory state and a storage state according to the deviation degree of the current attribute parameters of the equipment and the historical attribute parameters of the equipment. And configuring weights according to the attribute parameters, and adding scores of all the equipment static attribute parameters and the equipment dynamic attribute parameters according to the weights to generate the current attribute trust degree of the target Internet of things equipment.
Specifically, the current attribute trust level is set to be D, the device static attribute parameters such as IP address, MAC address, login position, login time, login mode and the like are respectively set to be Q1, Q2, Q3, Q4 and Q5, each device static attribute parameter is the ratio of the number of times of the current data of the item appearing in the history data to the total number of the history data, the uplink flow, the device dynamic attribute parameters of the downlink flow, the TCP connection density, the memory state, the storage state and the like are respectively M1, M2, M3, M4 and M5, the evaluation value of each device dynamic attribute parameter is determined by the relative error of the current data and the average value of the historical data of the item, the relative error is 0 percent, the evaluation value is set to be 1, the relative error exceeds 100 percent, the evaluation value is set to be 0, and when the relative error is between 0 percent and 100 percent, the evaluation value is determined by a monotonic function set by a system administrator. In the concrete implementation, a linear function is adopted, and the weights of the static attribute parameters of the equipment such as the IP address, the MAC address, the login position, the login time, the login mode and the like are respectively b1, b2, b3, b4 and b 5.
The current attribute trust level D of the target Internet of things equipment can be calculated by adopting the following formula:
Figure BDA0002685531710000131
n is the number of the static attribute parameters, QiFor the static attribute parameter, M is the dynamic attribute parameter, MjAs the number of the dynamic attribute parameters, bj、cjIs a constant greater than 0 and less than 1.
For example, as in the above example, b1, b2, b3, b4, b5 are set to 25%, 15%, 10%, respectively, the device dynamic attribute parameters such as uplink traffic, downlink traffic, TCP connection density, memory state, storage state, etc. are set to c1, c2, c3, c4, c5, respectively, and are set to 20%, 30%, 15%, respectively, so that the parameters are adjustable.
(5) And calculating the current equipment trust level of the target Internet of things equipment by using the current security trust level and the current attribute trust level.
And the electronic equipment combines the current security trust degree and the current attribute trust degree obtained by the calculation in the step, and calculates the current equipment trust degree. Specifically, the current device trust level of the target internet of things device is calculated by adopting the following formula:
C0=w1S+w2d, in the formula, the compound I,
Figure BDA0002685531710000132
wherein, C0The current equipment trust degree of the target Internet of things equipment, S is the current safety trust degree, D is the current attribute trust degree, w1、w2Is a constant greater than 0 and less than 1, N is the number of the static attribute parameters, QiFor the static attribute parameter, M is the dynamic attribute parameter, MjAs the number of the dynamic attribute parameters, bj、cjIs a constant greater than 0 and less than 1.
The current equipment trust degree of the target Internet of things equipment is determined by using the safety state detection result and the static and dynamic attribute parameters in the equipment data, and the accuracy of the current equipment trust degree of the target Internet of things equipment is improved.
And S234, determining the current trust level of the target electric power Internet of things equipment according to the current access trust level of the access behavior and the current equipment trust level of the target Internet of things equipment.
After the current access trust and the current device trust are obtained through calculation, the electronic device can directly use the current access trust and the current device trust to carry out weighted summation calculation, so as to obtain the current trust of the target power internet of things device.
For example, the following formula can be adopted to calculate the current trust level C of the target power internet of things device:
C=C0+w3R
wherein, w3The specific value can be set according to the actual situation.
Of course, the current trust level of the target power internet of things device can be determined by combining other parameters on the basis of the current access trust level and the current device trust level.
As an optional implementation manner of this embodiment, the step S234 includes the following steps:
(1) and calculating the first current trust level of the target power Internet of things equipment by using the current access trust level of the access behavior and the current equipment trust level of the target Internet of things equipment.
Wherein, the first current trust level can be calculated by adopting the formula, namely:
C1=C0+w3R
(2) and acquiring a time attenuation factor and the historical trust of the target power Internet of things equipment.
The setting of the time attenuation factor affects the proportion of the historical confidence level, and the specific value of the time attenuation factor can be set correspondingly according to the actual situation, without any limitation. The historical trust degree corresponds to the target power Internet of things equipment, and the current trust degree of the target power Internet of things equipment becomes the historical trust degree in the next calculation along with the time.
(3) And determining the current trust level of the target power Internet of things equipment based on the first current trust level, the time attenuation factor and the historical trust level.
The electronic equipment calculates and determines the current trust degree of the target power Internet of things equipment by directly utilizing the time attenuation factor and the historical trust degree on the basis of the first current trust degree; or the calculation can be carried out by combining other parameters on the basis of the calculation.
For example, the step (3) includes the steps of:
and 3.1) calculating a second current trust degree of the target power Internet of things equipment by using the first current trust degree, the time attenuation factor and the historical trust degree.
The second current confidence level may be expressed by the following formula:
C2=(1-γ)C1+γC2
wherein, C2Is the second current confidence level, C1And gamma is the time attenuation factor and the value of gamma is between-1 and 1 for the first current confidence level.
And 3.2) extracting role influence factors corresponding to the user identity information.
The role impact factors depend on the user identity information, and the electronic equipment can provide corresponding role impact factors by using the user identity information.
And 3.3) calculating the current trust degree of the target power Internet of things equipment by using the role influence factor and the second current trust degree.
Specifically, the current trust level of the target power internet of things device is calculated by adopting the following formula:
C=(1+α)C2in the formula, C2=(1-γ)C1+γC2
Wherein C is the current trust level of the target point networking equipment, C1Is the first current confidence level, C2And for the second current confidence level, alpha is the role influence factor, the value of alpha is between 0 and 1, gamma is the time attenuation factor, and the value of gamma is between-1 and 1.
Time attenuation factors are introduced in the calculation process of the current trust degree of the target power Internet of things equipment, and the historical trust degree is combined in the calculation process of the current trust degree, so that the reliability of the calculation result of the current trust degree is improved.
And S24, comparing the current trust with the trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource.
Please refer to embodiment S14 shown in fig. 1 in detail, which is not described herein again.
According to the zero-trust electric power internet of things equipment and the user real-time trust evaluation method provided by the embodiment, the current access trust is calculated by utilizing the access success rates of various object resources, and the current access trust is calculated from the perspective of a plurality of object resources, so that the calculation accuracy of the current access trust is improved, and a basic guarantee is provided for the accurate determination of the current trust of the subsequent target electric power internet of things equipment.
The embodiment provides a zero-trust power internet of things device and a user real-time trust degree evaluation method, which can be used for electronic devices such as computers, servers and the like, and fig. 3 is a flowchart of the zero-trust power internet of things device and the user real-time trust degree evaluation method according to the embodiment of the invention, and as shown in fig. 3, the flowchart includes the following steps:
and S31, acquiring the device information, the user identity information, the accessed target object resources and the access behavior data of each object resource of the target power Internet of things device.
The device information includes device identity information and device data.
Please refer to S21 in fig. 2 for details, which are not described herein.
And S32, performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information.
Executing S33 after the identity authentication of the target power Internet of things equipment and the user is successful; and if not, the target power Internet of things equipment is refused to access the target object resource.
Please refer to S21 in fig. 2 for details, which are not described herein.
And S33, determining the current trust level of the target power Internet of things device according to the device data and the access behavior data of each object resource.
Please refer to S21 in fig. 2 for details, which are not described herein.
And S34, comparing the current trust with the trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource.
Specifically, the step S34 includes the following steps:
s341, the user role trust level is initialized by utilizing the user identity information.
And the user role trust level is the authority for accessing the target object resource.
After the electronic equipment acquires the user identity information, the role trust level is initialized.
And S342, judging whether the current trust is greater than the trust threshold of the target object resource.
When the current trust is less than or equal to the trust threshold of the target object resource, executing S343; otherwise, determining the user role trust level of the target power Internet of things equipment as an initialized user role trust level.
And S343, adjusting the trust level of the user role.
And when the current trust degree is less than or equal to the trust degree threshold value of the target object resource, the electronic equipment adjusts the trust level of the user role. For example, the electronic device may send a role adjustment instruction to the identity authentication platform to lower the trust level of the user role by one step, and then return to execute S33 to re-determine the current trust level.
The electronic device may set an upper limit of the number of consecutive access failures, for example, 5 times, and when the trust levels of 5 users are continuously adjusted downward and the corresponding current trust level is still less than or equal to the trust level threshold of the target object resource, access to the target object resource is denied.
In some optional implementations of this embodiment, before the step S33, the method may further include: the electronic equipment sends the user identity information and the access request to an access control strategy library, judges whether the current access conforms to the access control strategy, and refuses the access of the target power Internet of things equipment if the current access does not conform to the access control strategy; if the current device conforms to the access control policy, S33 is performed.
According to the zero-trust electric power Internet of things equipment and the user real-time trust evaluation method provided by the embodiment, when the current trust is less than or equal to the trust threshold of the target object resource, the authority of the user for accessing the target object resource is adjusted by adjusting the trust level for the role, so that the target electric power Internet of things equipment can be ensured to access the target object resource, the authority of the target electric power Internet of things equipment for accessing the target object resource is restrained, and the safety of the electric power Internet of things system is improved.
As a specific implementation manner of this embodiment, in the following method description process, please refer to the zero-trust power internet of things device and the user real-time trust evaluation system shown in fig. 6. The zero-trust electric power internet of things equipment and the user real-time trust degree evaluation method provided by the embodiment of the invention, as shown in fig. 4, mainly comprise the following steps:
the method comprises the steps that firstly, an electric power Internet of things proxy server is initialized, connection is established with electric power Internet of things equipment through a wireless or wired network, equipment identity authentication information, equipment safety state information and equipment data are obtained from the electric power Internet of things equipment, and functions of internal modules are started;
the electric power Internet of things proxy server sends an identity authentication request to an identity authentication platform, the identity authentication platform sends a certificate reading instruction to the electric power Internet of things proxy server to acquire an equipment certificate, a corresponding equipment certificate of an equipment authentication database is inquired, a plaintext random number is sent to the electric power Internet of things proxy server after the authentication is passed, the electric power Internet of things proxy server calls an encryption function, the plaintext is encrypted by using a private key and is sent to the identity authentication platform, the identity authentication platform calls an equipment public key to decrypt a ciphertext, a user authentication instruction is sent to the electric power Internet of things proxy server after the authentication is passed to acquire a Hash value generated by calling a Hash function by user identity information, the corresponding Hash value in the database is called to be compared, if the authentication is passed, the process is switched to, otherwise;
the identity authentication platform calls user role information in the database and initializes the user roles;
the electric power internet of things equipment sends an access request to the electric power internet of things proxy server, and the electric power internet of things proxy server receives the access request, establishes connection with the access proxy server and forwards the access request to the access proxy server;
the access proxy server sends an access request authorization inquiry to an access control engine, the access control engine sends an inquiry instruction to an identity authentication platform to acquire equipment identity information, user identity information and user role information, and sends the user identity information, the user role information and the access request of the access subject equipment to an access control policy library, the access control policy library judges whether the current access meets an access control policy, and returns the judgment result to the access control engine, the access control policy is set by a system administrator, if the current access meets the access control policy, the access control policy is transferred to the sixth, otherwise, the access control policy is transferred to the ninth;
sixthly, the access control engine sends a trust degree generation instruction to the trust degree evaluation module, the trust degree evaluation module carries out trust degree calculation after receiving the instruction, and the comprehensive trust degree is sent to the access control engine;
the access control engine sends a query instruction to the resource trust database to acquire a trust threshold of the accessed object resource, and returns a message of whether to grant the access request to the access proxy server according to the magnitude relation between the trust of the equipment user and the resource trust threshold;
if the trust of the equipment and the user exceeds the trust threshold of the resource, the access control engine returns an authorization approval message to the access proxy server, the access proxy server establishes connection with the resource through an access request of the power Internet of things proxy server to perform resource access operation, otherwise, the access control engine returns an authorization failure message to the access proxy server and sends a role adjusting instruction to the identity authentication platform to perform user role adjustment;
and ninthly, the access control engine sends the access authorization result to the trust degree evaluation module, the trust degree evaluation module receives and stores the access authorization result, the access proxy server sends a continuous resource access inquiry message to the power Internet of things proxy server, the power Internet of things proxy server returns a continuous resource access answer after receiving the inquiry message, if the continuous resource access is selected, the process is switched to the fourth step, and if the process is not ended.
According to the zero-trust power internet of things equipment and the user real-time trust evaluation method provided by the embodiment of the invention, the state and the information of the power internet of things equipment are continuously obtained, the power internet of things equipment and the user are subjected to real-time trust evaluation according to the security state and the access behavior of the power internet of things equipment and the user, and the trust level and the authority of the power internet of things equipment and the user are adjusted through the real-time trust evaluation result of the power internet of things equipment and the user based on a zero-trust framework, so that the resource protection capability of the system and the effectiveness and the stability of defense of security threats such as internal and external attacks are improved.
The embodiment also provides a zero-trust power internet of things device and a user real-time trust degree evaluation device, which are used for realizing the above embodiments and preferred embodiments, and are not described again after being explained. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
The embodiment provides a zero-trust power internet of things device and a user real-time trust degree evaluation apparatus, as shown in fig. 5, including:
the obtaining module 41 is configured to obtain device information, user identity information, accessed target object resources, and access behavior data of each object resource of the target power internet of things device; wherein the device information comprises device identity information and device data;
the identity authentication module 42 is configured to perform identity authentication on the target power internet of things device and the user based on the device identity information and the user identity information;
the trust level determining module 43 is configured to determine, according to the device data and the access behavior data of each object resource, a current trust level of the target power internet of things device after the target power internet of things device and the user successfully perform identity authentication;
an access permission determining module 44, configured to compare the current trust level with a trust level threshold of the target object resource, and determine a permission that the target power internet of things device accesses the target object resource.
The zero-trust power internet of things device and the user real-time trust evaluation apparatus in this embodiment are presented in the form of functional units, where the units refer to ASIC circuits, processors and memories executing one or more software or fixed programs, and/or other devices capable of providing the above functions.
In the embodiment of the invention, from the aspect of software implementation, the software algorithm is divided into each processing module, and each processing module is divided according to functions to obtain a corresponding processing platform. Specifically, the embodiment of the invention also provides a zero-trust power internet of things device and a user real-time trust degree evaluation system, and as shown in fig. 6, fig. 6 shows a structural block diagram of the zero-trust power internet of things device and the user real-time trust degree evaluation system. The respective modules and the interaction angles between the respective modules in fig. 6 will be described in detail below.
As shown in fig. 6, the power internet of things proxy server 2 according to the present invention includes a certificate authentication module 21, a security status detection module 22, an equipment data collection module 23, a user identity authentication module 24, and a challenge response module 25; in specific implementation, the certificate authentication module 21 sends a certificate reading instruction to the electric power internet of things device 1 to obtain a device certificate, the device certificate is sent to the identity authentication platform 8 in the device identity verification stage, and the identity authentication platform 8 queries the device authentication database 84 to compare the device certificate, so that device certificate authentication is completed; the security state detection module 22 detects device security detection items such as bug patches, system versions, port settings, software installation and the like of the power internet of things device 1 and network security detection items, stores security state detection results of the power internet of things device 1 in a database, and sends the security state detection results to the trust degree evaluation module 9 in a trust evaluation stage for device security state evaluation; the device data collection module 23 sends a device data reading instruction to the electric power internet of things device 1 to obtain static data such as an IP address, an MAC address, a login position, login time, a login mode and the like of the device and dynamic data such as uplink flow, downlink flow, TCP connection density, a memory state, a storage state and the like, and sends device data to the trust evaluation module 9 in a trust evaluation stage for device data evaluation; the user identity authentication module 24 establishes connection with the identity authentication platform 8 in an identity authentication stage, returns a user account, a password and security confidential information after receiving a user authentication instruction, and the identity authentication platform 8 queries the user identity database 85 for comparison to complete user identity authentication; the challenge response module 25 returns the ciphertext encrypted by using the device private key after receiving the plaintext random number sent by the identity authentication platform 8 in the challenge response authentication stage, and the identity authentication platform 8 calls a decryption function to decrypt by using the device public key and compares the decryption function with the original text to finish the challenge response authentication.
As shown in fig. 6, the access proxy server 3 establishes connection communication with the power internet of things proxy server 2, all access requests from the power internet of things proxy server 2 are received by the access proxy server 3, the access proxy server 3 sends an access request authorization query to the access control engine 5 after receiving the access request, establishes connection between the power internet of things proxy server 2 and the resource 4 after receiving an access request grant authorization message from the access control engine 5, and sends an access request failure message to the power internet of things proxy server 2 if the access control engine 5 fails to grant the access request.
As shown in fig. 1, the access control engine 5 receives an access request authorization query of the access proxy server 3, invokes the identity authentication platform 8 to check the identity authentication results of the device and the user, receives user role initialization information of the identity authentication platform 8 after the identity authentication is passed, sends an access control policy evaluation instruction to the access control policy repository 7 to obtain an evaluation result of whether the access policy is met, invokes the trust evaluation module 9 to generate the trust of the device and the user after the access policy evaluation, sends a trust threshold reading instruction to the resource trust database 6 to obtain a trust threshold required by the access object resource of the access request, determines whether to grant the access request authorization according to the magnitude relationship between the trust and the trust threshold, and returns the authorization result to the access proxy server 3.
As shown in fig. 6, the resource trust database 6 obtains and stores the trust threshold of all resources from the resource database, the administrator operates to adjust the trust threshold of part of the resources, periodically receives the access policy adjustment instruction of the access control policy database 7, adjusts the trust threshold of the corresponding resource, and receives the resource trust threshold reading instruction of the access control engine 5 in the trust evaluation stage and returns the trust threshold of the queried resource.
The access control strategy base 7 stores an access control strategy and a trust degree evaluation strategy of the dynamic access control system, an administrator adjusts the access control strategy, sends an access strategy adjustment instruction to the resource trust database 6 to adjust the resource trust degree threshold, receives the access control strategy evaluation instruction of the access control engine 5 in the trust evaluation stage, returns an access strategy evaluation result, and sends a role influence factor to the trust degree evaluation module 9 for generating the current trust degree.
And the identity authentication platform 8 establishes connection communication with the power Internet of things proxy server 2. The authentication system includes a certificate authentication module 81, a challenge response module 82, a user identity authentication module 83, a device authentication database 84, and a user identity database 85. In a specific implementation, the certificate authentication module 81 sends a certificate reading instruction to the power internet of things proxy server 2 to obtain an equipment certificate in a certificate authentication stage, and sends a certificate query instruction to the equipment authentication database 84 for comparison to complete equipment certificate authentication; the challenge response module 82 sends a plaintext random number to the power internet-of-things proxy server 2 in a challenge response stage, receives a ciphertext returned by the power internet-of-things proxy server 2, sends a public key query instruction to the device authentication database 84 to obtain a device public key, decrypts the ciphertext, compares the ciphertext with the original text, and completes challenge response authentication; the user identity authentication module 83 sends a user verification instruction to the power internet of things proxy server 2 to obtain a user account, a password and security secret information in the user identity authentication stage, invokes an MD5 algorithm to generate a hash value, sends a query instruction to the user identity database 85 to obtain a corresponding hash value, and compares the hash value to complete user identity authentication; the device authentication database 84 stores a device certificate and a public key of the power internet of things device, provides the device certificate to the certificate authentication module 81 in the certificate authentication phase, and provides the device public key to the challenge response module 82 in the challenge response phase; the user identity database 85 stores hash values of user accounts, passwords and security secret information, and provides the user identity information hash values to the user identity authentication module in the user identity authentication stage.
The trust degree evaluation module 9 comprises an access behavior evaluation module 91, a security state evaluation module 92, a device data evaluation module 93 and a trust degree generation module 94; in the specific implementation, the access behavior evaluation module 91 reads access records such as access request evaluation results, access object resources, access operations and the like in the access behavior evaluation stage, searches for resources with a low access success rate, evaluates the overall access behavior of the device and the user, the access behavior of key resources and the high-risk access behavior, generates an access behavior evaluation value, and sends the access behavior evaluation value to the trust level generation module 94; the security state evaluation module 92 sends a security state reading instruction to the security state detection module 22 of the power internet of things proxy server 2 to acquire device security state information such as a vulnerability patch, a system version, port setting, software installation and the like and network security state information such as network encryption, DNS tampering, phishing network, false network, ARP spoofing, DHCP spoofing and the like in a security state evaluation stage, evaluates the device security state and the network security state, generates a security state evaluation value, and sends the security state evaluation value to the trust level generation module 94; the device data evaluation module 93 sends a device data reading instruction to the device data collection module 23 of the power internet of things proxy server 2 to obtain device data in a device data evaluation stage, evaluates static data such as an IP address, an MAC address, a login position, login time, a login mode and the like and dynamic data such as uplink flow, downlink flow, TCP connection density, a memory state, a storage state and the like of the device according to a deviation degree from historical data of the device, generates a device data evaluation value, and sends the device data evaluation value to the trust level generation module 94; the trust level generation module 94 obtains the trust level evaluation policy, the time attenuation factor and the role influence factor from the access control policy library 7 in the trust level generation stage, receives the evaluation values of the access behavior evaluation module 91, the security state evaluation module 92 and the device data evaluation module 93, and generates the comprehensive trust level, that is, the current trust level of the target power internet of things device.
The flow of the calculation of the specific current confidence (i.e., the calculation of the evaluation value) is as follows:
1) initializing a proxy server of the power internet of things, establishing connection with power internet of things equipment through a wireless local area network, acquiring equipment identity authentication information, equipment safety state information and equipment data from the power internet of things equipment, and starting functions of internal modules;
2) the method comprises the steps that an electric power internet of things proxy server sends an identity authentication request to an identity authentication platform, the identity authentication platform sends a certificate reading instruction to the electric power internet of things proxy server to obtain an equipment certificate, a corresponding equipment certificate of an equipment authentication database is inquired, a plaintext random number is sent to the electric power internet of things proxy server after the authentication is passed, the electric power internet of things proxy server calls an RSA algorithm, a plaintext is encrypted by using a private key and is sent to the identity authentication platform, an equipment public key is called by the identity authentication platform to decrypt a ciphertext, a user authentication instruction is sent to the electric power internet of things proxy server after the authentication is passed to obtain user identity information such as a user account, a password and security information, an MD5 algorithm is called to generate a hash value, corresponding hash values in the database are called;
3) after the authentication is passed, the identity authentication platform calls user role information and role trust levels in the database, user roles are initialized, a role influence factor is jointly determined by a user role of an access subject and an access object resource, different user roles have different role influence factors for the same access resource, more direct and more close users have larger role influence factors in specific implementation, the role influence factors of the same user role for different access resources are different, and five role trust levels are provided for the same user role: the role influence factor is reduced by the extremely unreliable grade and the extremely unreliable grade, the role influence factor is improved by the credible grade and the extremely reliable grade, and the role influence factor is not influenced by the unknown trust grade;
4) the electric power internet of things equipment sends an access request to an electric power internet of things proxy server, the electric power internet of things proxy server receives the access request, establishes connection with the access proxy server and forwards the access request to the access proxy server;
5) the access proxy server sends an access request authorization inquiry to an access control engine, the access control engine sends an inquiry instruction to an identity authentication platform to acquire equipment identity information, user identity information and user role information, the user identity information, the user role information and the access request of an access subject equipment are sent to an access control strategy library, the access control strategy library judges whether the current access conforms to an access control strategy, and a judgment result of whether the current access conforms to the access control strategy is returned;
6) the access control engine sends a trust level generation instruction to the trust level evaluation module, the trust level evaluation module carries out trust level evaluation after receiving the instruction, and the generated comprehensive trust level is sent to the access control engine;
7) the access control engine sends a query instruction to the resource trust database to acquire a trust threshold of an access object resource, and sends a message whether to grant the access request to the access proxy server according to the size relationship between the equipment and the user trust and the resource trust threshold;
8) if the access request authorization passes, the electric power internet of things equipment is connected with the resource to perform resource access operation, if the access request authorization does not pass, the access control engine sends a role adjustment instruction to the identity authentication platform, a system administrator sets an upper limit of the continuous access failure times (the upper limit is generally adopted to be 5 times in specific implementation, the times can be adjusted), and the role trust level of the user is reduced by one level;
9) the access control engine sends an access authorization result to the trust degree evaluation module, the trust degree evaluation module receives and stores access information such as access subjects, access object resources, successful access and access operation, the access proxy server sends a request message for continuing resource access to the power internet of things proxy server, and the power internet of things proxy server returns a message for continuing resource access after receiving the request message.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
The embodiment of the invention also provides electronic equipment which is provided with the zero-trust power internet of things equipment and the user real-time trust degree evaluation device shown in the figure 5.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 7, the electronic device may include: at least one processor 51, such as a CPU (Central Processing Unit), at least one communication interface 53, memory 54, at least one communication bus 52. Wherein a communication bus 52 is used to enable the connection communication between these components. The communication interface 53 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 53 may also include a standard wired interface and a standard wireless interface. The Memory 54 may be a high-speed RAM Memory (volatile Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 54 may alternatively be at least one memory device located remotely from the processor 51. Wherein the processor 51 may be in connection with the apparatus described in fig. 5, the memory 54 stores an application program, and the processor 51 calls the program code stored in the memory 54 for performing any of the above-mentioned method steps.
The communication bus 52 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 52 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
The memory 54 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 54 may also comprise a combination of the above types of memories.
The processor 51 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 51 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 54 is also used to store program instructions. The processor 51 may call a program instruction to implement the zero-trust power internet of things device and the user real-time trust evaluation method as shown in the embodiments of fig. 1 to 4 of the present application.
The embodiment of the invention also provides a non-transitory computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions can execute the zero-trust electric power internet of things equipment and the user real-time trust evaluation method in any method embodiment. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (12)

1. A zero-trust electric power Internet of things equipment and a user real-time trust degree evaluation method are characterized by comprising the following steps:
acquiring equipment information, user identity information, accessed target object resources and access behavior data of each object resource of target power Internet of things equipment; wherein the device information comprises device identity information and device data;
performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information;
after the target power Internet of things equipment and the user successfully perform identity authentication, determining the current trust level of the target power Internet of things equipment according to the equipment data and the access behavior data of each object resource;
and comparing the current trust with a trust threshold of the target object resource, and determining the authority of the target power Internet of things equipment for accessing the target object resource.
2. The method of claim 1, wherein the determining the current trust level of the target power internet of things device according to the device data and the access behavior data of the object resources comprises:
calculating the access success rate of all the object resources, the access success rate of a first preset object resource and the access success rate of a second preset object resource based on the access behavior data of all the object resources; the first preset object resource is an object resource with an access success rate lower than a first preset value, and the second preset object resource is an object resource with a trust threshold value exceeding a second preset value;
calculating the current access trust level of the access behavior by utilizing the access success rate of all the object resources, the access success rate of the first preset object resource and the access success rate of the second preset object resource;
determining the current equipment trust level of the target Internet of things equipment based on the equipment data;
and determining the current trust level of the target power Internet of things equipment according to the current access trust level of the access behavior and the current equipment trust level of the target Internet of things equipment.
3. The method of claim 2, wherein the current access confidence level for the access behavior is calculated using the following formula:
R=a1R1+a2R2+a3R3
wherein R is the current access trust of the access behavior, R1For all said object resources, R2Access success rate, R, of first preset object resource3Second Preset Objective resource Access success Rate, a1、a2And a3Is a coefficient of more than 0 and less than 1, wherein a1+a2+a3=1。
4. The method of claim 2, wherein the determining the current device trust level of the target internet of things device based on the device data comprises:
extracting a safety state detection result in the equipment data, wherein the safety state detection result comprises a detection result of at least a detection parameter;
determining the current security trust level of the target Internet of things equipment by using the security state detection result;
extracting static attribute parameters and dynamic attribute parameters in the equipment data, wherein the static attribute parameters comprise at least one of an IP address, an MAC address or a login mode, and the dynamic attribute parameters comprise at least one of uplink flow, downlink flow or a memory state;
determining the current attribute trust level of the target Internet of things equipment based on the static attribute parameters and the dynamic attribute parameters;
and calculating the current equipment trust level of the target Internet of things equipment by using the current security trust level and the current attribute trust level.
5. The method of claim 4, wherein the current device trust level of the target IOT device is calculated using the following formula:
C0=w1S+w2d, in the formula, the compound I,
Figure FDA0002685531700000021
wherein, C0The current equipment trust degree of the target Internet of things equipment, S is the current safety trust degree, D is the current attribute trust degree, w1、w2Is a constant greater than 0 and less than 1, N is the number of the static attribute parameters, QiFor the static attribute parameter, M is the dynamic attribute parameter, MjAs the number of the dynamic attribute parameters, bj、cjIs a constant greater than 0 and less than 1.
6. The method of any one of claims 2-5, wherein determining the current trust level of the target power IOT device according to the current access trust level of the access behavior and the current device trust level of the target IOT device comprises:
calculating a first current trust level of the target power internet of things equipment by using the current access trust level of the access behavior and the current equipment trust level of the target internet of things equipment;
acquiring a time attenuation factor and historical trust of the target power Internet of things equipment;
determining the current trust level of the target power Internet of things equipment based on the first current trust level, the time attenuation factor and the historical trust level.
7. The method of claim 6, wherein determining the current level of trust of the target power IOT device based on the first current level of trust, the time decay factor, and the historical level of trust comprises:
calculating a second current trust level of the target power Internet of things equipment by using the first current trust level, the time attenuation factor and the historical trust level;
extracting role influence factors corresponding to the user identity information;
and calculating the current trust degree of the target power Internet of things equipment by using the role influence factor and the second current trust degree.
8. The method according to claim 7, wherein the current trust level of the target power internet of things device is calculated by adopting the following formula:
C=(1+α)C2in the formula, C2=(1-γ)C1+γC2
Wherein C is the current trust level of the target point networking equipment, C1Is the first current confidence level, C2And for the second current confidence level, alpha is the role influence factor, the value of alpha is between 0 and 1, gamma is the time attenuation factor, and the value of gamma is between-1 and 1.
9. The method of claim 1, wherein the comparing the current trust level with the trust level threshold of the target object resource to determine the authority of the target power internet of things device to access the target object resource comprises:
initializing a user role trust level by utilizing the user identity information; wherein the user role trust level is the authority for accessing the target object resource;
judging whether the current trust is greater than the trust threshold of the target object resource;
and when the current trust degree is less than or equal to the trust degree threshold value of the target object resource, adjusting the trust level of the user role.
10. The utility model provides a real-time trust degree evaluation device of zero trust electric power thing networking equipment and user which characterized in that includes:
the acquisition module is used for acquiring equipment information, user identity information, accessed target object resources and access behavior data of each object resource of the target power Internet of things equipment; wherein the device information comprises device identity information and device data;
the identity authentication module is used for performing identity authentication on the target power Internet of things equipment and the user based on the equipment identity information and the user identity information;
the trust degree determining module is used for determining the current trust degree of the target power Internet of things equipment according to the equipment data and the access behavior data of each object resource after the target power Internet of things equipment and the user successfully perform identity authentication;
and the access authority determining module is used for comparing the current trust with the trust threshold of the target object resource and determining the authority of the target power Internet of things equipment for accessing the target object resource.
11. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the zero-trust power internet of things device and the user real-time trust evaluation method of any one of claims 1 to 9.
12. A computer-readable storage medium storing computer instructions for causing a computer to perform the zero-trust power internet of things device and the user real-time trust evaluation method of any one of claims 1 to 9.
CN202010975261.0A 2020-09-16 2020-09-16 User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment Active CN112055029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010975261.0A CN112055029B (en) 2020-09-16 2020-09-16 User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010975261.0A CN112055029B (en) 2020-09-16 2020-09-16 User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment

Publications (2)

Publication Number Publication Date
CN112055029A true CN112055029A (en) 2020-12-08
CN112055029B CN112055029B (en) 2023-04-07

Family

ID=73602994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010975261.0A Active CN112055029B (en) 2020-09-16 2020-09-16 User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment

Country Status (1)

Country Link
CN (1) CN112055029B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583810A (en) * 2020-12-09 2021-03-30 中电积至(海南)信息技术有限公司 Zero trust method for context-based virtual network
CN113301560A (en) * 2021-05-20 2021-08-24 中国信息通信研究院 Electric power Internet of things terminal control method and system
CN113380008A (en) * 2021-05-12 2021-09-10 四川新网银行股份有限公司 Dynamic threshold value adjusting method based on number of hits and hit rate
CN113472778A (en) * 2021-06-30 2021-10-01 中国人民解放军国防科技大学 Information network safety protection trust system and method
CN113487218A (en) * 2021-07-21 2021-10-08 国网浙江省电力有限公司电力科学研究院 Internet of things trust evaluation method
CN113542214A (en) * 2021-05-31 2021-10-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine readable storage medium
CN113783844A (en) * 2021-08-13 2021-12-10 中国光大银行股份有限公司 Zero-trust access control method and device and electronic equipment
CN113807862A (en) * 2021-01-29 2021-12-17 北京沃东天骏信息技术有限公司 Access security control method, device, equipment and storage medium
CN113923030A (en) * 2021-10-11 2022-01-11 中国联合网络通信集团有限公司 Remote access method based on zero trust, terminal equipment and computer storage medium
CN114039755A (en) * 2021-10-29 2022-02-11 中国银联股份有限公司 Authority control method and device, electronic equipment and storage medium
CN114189380A (en) * 2021-12-09 2022-03-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN114268494A (en) * 2021-12-22 2022-04-01 赛尔网络有限公司 Secure access method, system, device and medium
CN114389877A (en) * 2022-01-10 2022-04-22 河南能睿科技有限公司 Identity trust evaluation method for zero trust network and related product thereof
CN114465759A (en) * 2021-12-21 2022-05-10 奇安信科技集团股份有限公司 Trust level evaluation method and device, electronic equipment and storage medium
CN114513786A (en) * 2022-04-19 2022-05-17 国网天津市电力公司电力科学研究院 5G feeder automation access control method, device and medium based on zero trust
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method
CN114745191A (en) * 2022-04-22 2022-07-12 中国电力科学研究院有限公司 Credible real-time measurement method, device, equipment and medium for energy internet terminal
CN114840348A (en) * 2022-07-01 2022-08-02 石家庄学院 Resource grade determination method and system for computer
CN114925394A (en) * 2022-05-13 2022-08-19 中国电信股份有限公司 Request processing method, system, device, product, medium and equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232424A (en) * 2008-03-04 2008-07-30 中国移动通信集团设计院有限公司 Access method, access system, trust service center, network trust platform
CN104049916A (en) * 2014-06-24 2014-09-17 东南大学 Self-organizing distributed storage system and method based on node role switching mechanism
CN107222433A (en) * 2017-04-18 2017-09-29 中国科学院信息工程研究所 A kind of access control method and system based on SDN path
CN109918894A (en) * 2019-03-01 2019-06-21 中南大学 Method for evaluating trust based on reputation in the processing of edge calculations network video
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
US20200014702A1 (en) * 2015-06-02 2020-01-09 Dipankar Dasgupta Adaptive multi-factor authentication system with multi-user permission strategy to access sensitive information
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111447187A (en) * 2020-03-19 2020-07-24 重庆邮电大学 Cross-domain authentication method for heterogeneous Internet of things

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232424A (en) * 2008-03-04 2008-07-30 中国移动通信集团设计院有限公司 Access method, access system, trust service center, network trust platform
CN104049916A (en) * 2014-06-24 2014-09-17 东南大学 Self-organizing distributed storage system and method based on node role switching mechanism
US20200014702A1 (en) * 2015-06-02 2020-01-09 Dipankar Dasgupta Adaptive multi-factor authentication system with multi-user permission strategy to access sensitive information
CN107222433A (en) * 2017-04-18 2017-09-29 中国科学院信息工程研究所 A kind of access control method and system based on SDN path
CN109918894A (en) * 2019-03-01 2019-06-21 中南大学 Method for evaluating trust based on reputation in the processing of edge calculations network video
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium
CN111447187A (en) * 2020-03-19 2020-07-24 重庆邮电大学 Cross-domain authentication method for heterogeneous Internet of things

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112583810A (en) * 2020-12-09 2021-03-30 中电积至(海南)信息技术有限公司 Zero trust method for context-based virtual network
CN113807862A (en) * 2021-01-29 2021-12-17 北京沃东天骏信息技术有限公司 Access security control method, device, equipment and storage medium
CN113380008A (en) * 2021-05-12 2021-09-10 四川新网银行股份有限公司 Dynamic threshold value adjusting method based on number of hits and hit rate
CN113380008B (en) * 2021-05-12 2022-07-08 四川新网银行股份有限公司 Dynamic threshold value adjusting method based on number of hits and hit rate
CN113301560A (en) * 2021-05-20 2021-08-24 中国信息通信研究院 Electric power Internet of things terminal control method and system
CN113542214A (en) * 2021-05-31 2021-10-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine readable storage medium
CN113542214B (en) * 2021-05-31 2023-08-22 新华三信息安全技术有限公司 Access control method, device, equipment and machine-readable storage medium
CN113472778A (en) * 2021-06-30 2021-10-01 中国人民解放军国防科技大学 Information network safety protection trust system and method
CN113472778B (en) * 2021-06-30 2023-04-07 中国人民解放军国防科技大学 Information network safety protection trust system and method
CN113487218A (en) * 2021-07-21 2021-10-08 国网浙江省电力有限公司电力科学研究院 Internet of things trust evaluation method
CN113783844A (en) * 2021-08-13 2021-12-10 中国光大银行股份有限公司 Zero-trust access control method and device and electronic equipment
CN113923030A (en) * 2021-10-11 2022-01-11 中国联合网络通信集团有限公司 Remote access method based on zero trust, terminal equipment and computer storage medium
CN113923030B (en) * 2021-10-11 2023-06-23 中国联合网络通信集团有限公司 Remote access method based on zero trust, terminal equipment and computer storage medium
CN114039755A (en) * 2021-10-29 2022-02-11 中国银联股份有限公司 Authority control method and device, electronic equipment and storage medium
CN114039755B (en) * 2021-10-29 2024-03-22 中国银联股份有限公司 Authority control method and device, electronic equipment and storage medium
CN114189380A (en) * 2021-12-09 2022-03-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN114189380B (en) * 2021-12-09 2023-09-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN114465759A (en) * 2021-12-21 2022-05-10 奇安信科技集团股份有限公司 Trust level evaluation method and device, electronic equipment and storage medium
CN114268494A (en) * 2021-12-22 2022-04-01 赛尔网络有限公司 Secure access method, system, device and medium
CN114389877A (en) * 2022-01-10 2022-04-22 河南能睿科技有限公司 Identity trust evaluation method for zero trust network and related product thereof
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method
CN114567473B (en) * 2022-02-23 2024-01-09 南通大学 Internet of vehicles access control method based on zero trust mechanism
CN114513786A (en) * 2022-04-19 2022-05-17 国网天津市电力公司电力科学研究院 5G feeder automation access control method, device and medium based on zero trust
CN114745191A (en) * 2022-04-22 2022-07-12 中国电力科学研究院有限公司 Credible real-time measurement method, device, equipment and medium for energy internet terminal
CN114745191B (en) * 2022-04-22 2024-03-08 中国电力科学研究院有限公司 Trusted real-time measurement method, device, equipment and medium for energy internet terminal
CN114925394A (en) * 2022-05-13 2022-08-19 中国电信股份有限公司 Request processing method, system, device, product, medium and equipment
CN114840348A (en) * 2022-07-01 2022-08-02 石家庄学院 Resource grade determination method and system for computer

Also Published As

Publication number Publication date
CN112055029B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN112055029B (en) User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment
US10630676B2 (en) Protecting against malicious discovery of account existence
US8738923B2 (en) Framework for notifying a directory service of authentication events processed outside the directory service
US11330005B2 (en) Privileged account breach detections based on behavioral access patterns
US9246686B1 (en) Salt value service
US20190007387A1 (en) Secure detection and management of compromised credentials
WO2019095856A1 (en) Network identity authentication method and system, and user agent device used thereby
US11736480B2 (en) Device risk level based on device metadata comparison
AU2019401240B2 (en) Detecting and responding to attempts to gain unauthorized access to user accounts in an online system
CN106899561B (en) TNC (network node controller) authority control method and system based on ACL (Access control List)
US9935940B1 (en) Password security
CN112087469A (en) Zero-trust dynamic access control method for power Internet of things equipment and users
US20210083881A1 (en) Dynamically analyzing third-party application website certificates across users to detect malicious activity
CN114513786A (en) 5G feeder automation access control method, device and medium based on zero trust
US11177958B2 (en) Protection of authentication tokens
US10412097B1 (en) Method and system for providing distributed authentication
CN114978544A (en) Access authentication method, device, system, electronic equipment and medium
US11128638B2 (en) Location assurance using location indicators modified by shared secrets
Gligor Zero Trust in Zero Trust
US20200252212A1 (en) Client-Driven Shared Secret Updates for Client Authentication
US11741217B1 (en) Systems and methods for managing multiple valid one time password (OTP) for a single identity
Foltz et al. Secure Endpoint Device Agent Architecture.
Freimanis Vulnerability Assessment of Authentication Methods in a Large-Scale Computer System
CN115001859A (en) Big data cloud authentication service system for security authentication
CN114598507A (en) Attacker portrait generation method and device, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant