CN112087469A - Zero-trust dynamic access control method for power Internet of things equipment and users - Google Patents

Zero-trust dynamic access control method for power Internet of things equipment and users Download PDF

Info

Publication number
CN112087469A
CN112087469A CN202010990264.1A CN202010990264A CN112087469A CN 112087469 A CN112087469 A CN 112087469A CN 202010990264 A CN202010990264 A CN 202010990264A CN 112087469 A CN112087469 A CN 112087469A
Authority
CN
China
Prior art keywords
trust
power internet
real
target user
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010990264.1A
Other languages
Chinese (zh)
Inventor
石聪聪
姚启桂
费稼轩
范杰
陈连栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Hebei Electric Power Co Ltd
Global Energy Interconnection Research Institute
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Hebei Electric Power Co Ltd, Global Energy Interconnection Research Institute, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202010990264.1A priority Critical patent/CN112087469A/en
Publication of CN112087469A publication Critical patent/CN112087469A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/35Utilities, e.g. electricity, gas or water
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention relates to the technical field of access control, in particular to a zero-trust dynamic access control method for power Internet of things equipment and users, which comprises the steps of obtaining historical interaction data of a target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment; respectively determining the direct trust degree and the indirect trust degree of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust degree of the hierarchical recommender; determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree; and controlling the target user to access the target power Internet of things equipment based on the real-time trust degree. The method is used for performing correlation calculation on the target user and the target power Internet of things equipment accessed by the target user, so that a scheme of boundary protection is avoided, and the safety of the power Internet of things system is improved.

Description

Zero-trust dynamic access control method for power Internet of things equipment and users
Technical Field
The invention relates to the technical field of access control, in particular to a zero-trust dynamic access control method for power Internet of things equipment and users.
Background
At present, the safety research of the internet of things is still in a starting stage in the power industry. Research mainly develops around formulation of industry specifications and standards, and research aiming at a safety protection system of the power internet of things and related technologies is less. The wide access of massive terminal devices and users in the power internet of things environment increases the exposure of the network, and information assets (including data, business systems and infrastructure) in the core position of the network virtually increase the exposure, so that the possibility of being attacked is higher and higher, which provides a serious challenge for a protection system characterized by boundary isolation.
Authentication and access control of terminal equipment and users of the internet of things mostly adopt a mode of one-time authentication, one-time authorization and long-term effectiveness, and the security model has some problems: once the boundary is breached, the attacker can gain unobstructed access to the enterprise's internal privileged network. In order to solve the problems, google corporation proposes a zero trust framework, takes identity authentication as a core, and guarantees the security of access resources through continuous authentication and trust evaluation, and the zero trust framework is applied to a security protection and trust evaluation system by more and more enterprises.
However, most of the zero trust frameworks continue to use a partial boundary protection scheme, so that the internal network and the external network are isolated, and a trust rating and access strategy with high trust is adopted for the internal network, so that the system is easy to suffer from internal attack, and the security of the electric power internet of things system is low.
Disclosure of Invention
In view of this, the embodiment of the invention provides a zero-trust dynamic access control method for power internet of things devices and users, so as to solve the problem that the existing power internet of things system is low in security.
According to a first aspect, an embodiment of the present invention provides a zero-trust dynamic access control method for power internet of things devices and users, including:
acquiring historical interaction data of a target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment;
respectively determining the direct trust degree and the indirect trust degree of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust degree of the hierarchical recommender;
determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree;
and controlling the target user to access the target power Internet of things equipment based on the real-time trust degree.
According to the zero-trust dynamic access control method for the power Internet of things equipment and the users, the real-time trust degree of the target power Internet of things equipment to the target users is calculated in real time by using the historical user data and the transfer trust degree of the hierarchical recommenders, and the access of the target users to the target power Internet of things equipment is controlled in real time by using the real-time trust degree.
Optionally, the historical interaction data includes the number of interactions, the number of interaction failures, and each accessed power internet of things device of the target user within a preset time interval; wherein the determining the direct trust level and the indirect trust level of the target power internet of things device to the target user based on the historical interaction data and the transfer trust level of the hierarchical recommender respectively comprises:
calculating the direct knowledge of the target user by using the interaction times of the target user and the interaction failure times;
calculating direct experience of the target user by using the number of interaction times of the target user, the number of interaction failure times and each accessed power Internet of things device;
determining the direct confidence level based on the direct knowledge and the direct experience;
and determining the indirect trust degree by utilizing the number of the hierarchical recommenders and the transfer trust degree of the hierarchical recommenders.
According to the zero-trust dynamic access control method for the power Internet of things equipment and the users, the direct trust is obtained by respectively calculating direct knowledge and direct experience and combining the direct knowledge and the direct experience when the direct trust is calculated, and the reliability of direct trust calculation is guaranteed; and when the indirect trust degree is calculated, the transitivity of trust is utilized to calculate, so that the accuracy of calculating the indirect trust degree is improved.
Optionally, the direct confidence is calculated using the following formula:
DT=μDE+(1-μ)DK
Figure BDA0002690625800000031
Figure BDA0002690625800000032
Figure BDA0002690625800000033
Figure BDA0002690625800000034
wherein DT is the direct confidence level; DE is the direct experience; DK is the direct knowledge; μ is a constant, μ ∈ (0, 1); n is the number of interactions of the target user; w is aiIs the proportion occupied by the ith interaction; lambda [ alpha ]iIs a penalty factor; e.g. of the typeiThe power internet of things equipment is interacted for the ith time; f is the number of interactive failures; sl is a service level factor and sl is ∈ [1,100]]。
Optionally, the indirect confidence is calculated by using the following formula:
Figure BDA0002690625800000035
Figure BDA0002690625800000036
wherein, IT (R)i,Rj) Is the target power Internet of things equipment RiFor the target user Rj(ii) indirect confidence of; n is the number of the hierarchical recommenders; DT' (R)k,Rj) Level recommender R corresponding to target power Internet of things equipmentkFor the target user Rj(ii) a degree of transitive trust of; omega (R)k) As a hierarchical recommender RkA corresponding weight; l is a predetermined number of layers.
According to the zero-trust dynamic access control method for the power Internet of things equipment and the users, different weighting is carried out on different levels through the levels of indirect trust, namely different weights are given to recommenders of different levels, and the accuracy of indirect trust calculation is improved.
Optionally, the determining, according to the direct trust level and the indirect trust level, the real-time trust level of the target power internet of things device on the target user includes:
acquiring historical maximum access times of the target user to the electric power Internet of things equipment and historical access times of the target user to the electric power Internet of things equipment within a preset time interval;
calculating a confidence weight using the number of hierarchical recommenders;
determining a real-time trust degree evaluation value based on the historical maximum access times, the historical access times, the trust degree weight, the direct trust degree and the indirect trust degree;
and determining the real-time credibility based on the real-time credibility evaluation value.
According to the zero-trust dynamic access control method for the power Internet of things equipment and the users, the real-time trust evaluation value is calculated through the direct trust and the indirect trust, the real-time trust is determined on the basis, the accuracy of real-time trust calculation is improved, and reliable guarantee is provided for the safety protection of a subsequent power Internet of things system.
Optionally, the real-time confidence evaluation value is calculated by using the following formula:
Figure BDA0002690625800000041
Figure BDA0002690625800000042
Figure BDA0002690625800000043
wherein, T (R)i,Rj) Is the target power Internet of things equipment RiFor the target user RjThe real-time confidence evaluation value of; IT (R)i,Rj) To the target power Internet of things equipmentRiFor the target user Rj(ii) indirect confidence of; n is the historical maximum access times; n is the historical access times; DT' (R)i,Rj) Level recommender R corresponding to target power Internet of things equipmentiFor the target user Rj(ii) a degree of transitive trust of;
Figure BDA0002690625800000044
a number of recommenders for the hierarchy; n isallThe number of the electric power internet of things equipment having a direct trust relationship with the target user is set; is a regulatory factor, and α ∈ (0, 1).
Optionally, the determining the real-time confidence based on the real-time confidence evaluation value includes:
acquiring current behavior risk assessment values, last behavior risk assessment values and dangerous behavior times of the target user accessing the target power internet of things device;
determining the access state of the target user by using the last behavior risk assessment value; wherein the access state is a normal behavior or a dangerous behavior;
determining a real-time risk assessment value based on the access state of the target user and the last behavior risk assessment value;
and determining the real-time trust level based on the real-time risk assessment value and the real-time trust level assessment value.
The zero-trust dynamic access control method for the power Internet of things equipment and the users combines the real-time risk assessment value on the basis of the real-time trust assessment value, and then performs assessment from the perspective of access behaviors, so that the accuracy of real-time trust calculation is improved.
Optionally, the real-time risk assessment value is calculated using the following formula:
Figure BDA0002690625800000051
wherein R is the real-time risk assessment value; r0Is the last risk assessment value; r' is the last behavior risk assessment value; c is the dangerous behavior times; alpha is a risk attenuation factor and alpha is in the range of 0.5,1](ii) a Mu is a constant and mu is e [1,2 ]]。
Optionally, the real-time confidence level is calculated by using the following formula:
Figure BDA0002690625800000052
wherein T is the real-time confidence level; t is0The last confidence level; θ is a risk assessment threshold; r is a real-time risk assessment value; c is the dangerous behavior times; λ is a first trust correction factor, and λ ∈ [0.5, 1]](ii) a Rho is a second trust correction factor, and rho is in a range of 0,0.5]。
Optionally, the controlling, based on the real-time trust level, the access of the target user to the target power internet of things device includes:
judging whether the real-time trust degree is greater than a trust degree threshold value of the target power Internet of things equipment;
and when the real-time trust degree is greater than the trust degree threshold value of the target power Internet of things equipment, allowing the target user to access the target power Internet of things equipment.
According to a second aspect, an embodiment of the present invention further provides a zero-trust dynamic access control apparatus for power internet of things devices and users, including:
the acquisition module is used for acquiring historical interaction data of a target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment;
the first determination module is used for respectively determining the direct trust degree and the indirect trust degree of the target power internet of things equipment to the target user based on the historical interaction data and the transfer trust degree of the hierarchical recommender;
the second determining module is used for determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree;
and the control module is used for controlling the target user to access the target power Internet of things equipment based on the real-time trust degree.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: the memory and the processor are communicatively connected with each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the method for zero-trust dynamic access control for power internet of things devices and users as described in the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the method for zero-trust dynamic access control for power internet of things devices and users described in the first aspect or any one of the implementation manners of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a zero-trust dynamic access control method for power internet of things devices and users according to an embodiment of the present invention;
fig. 2 is a flowchart of a zero-trust dynamic access control method for power internet of things devices and users according to an embodiment of the present invention;
fig. 3 is a flowchart of a zero-trust dynamic access control method for power internet of things devices and users according to an embodiment of the present invention;
fig. 4 is a block diagram of a zero-trust dynamic access control device for power internet of things devices and users according to an embodiment of the present invention;
fig. 5 is a block diagram of a zero-trust dynamic access control system for power internet of things devices and users according to an embodiment of the present invention;
FIG. 6 is a block diagram of a real-time confidence computation according to an embodiment of the invention;
fig. 7 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the zero-trust dynamic access control method for the power internet of things devices and the users in the embodiment of the present invention is applied to the whole process of accessing the target power internet of things device by the target user, so as to perform dynamic real-time access control.
The target user requests to access one of the electric power internet of things devices, namely the electric power internet of things device is called a target electric power internet of things device.
According to an embodiment of the present invention, a zero trust dynamic access control method for power internet of things devices and users is provided, it should be noted that the steps shown in the flowchart of the figure may be executed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in an order different from the order shown.
In this embodiment, a zero-trust dynamic access control method for a power internet of things device and a user is provided, which may be used for the electronic devices, such as a computer, a mobile phone, a tablet computer, and the like, fig. 1 is a flowchart of the zero-trust dynamic access control method for the power internet of things device and the user according to the embodiment of the present invention, and as shown in fig. 1, the flowchart includes the following steps:
and S11, obtaining historical interaction data of the target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment.
The electronic equipment records data of interaction between each user and corresponding power internet of things equipment, for example, different users can be distinguished through each identifier, and historical interaction data of different users can be determined by subsequently utilizing the identifiers. The historical interactive data can be the times of accessing the power internet of things equipment, the times of successful access, the times of failed access and the like of each user.
The level recommenders are some electric power internet of things devices related to the target user, and the electric power internet of things devices have an incidence relation with the target electric power internet of things devices in a network structure. For example, a tree structure diagram may be established for the power internet of things device, the power internet of things system is divided into nodes in the tree structure diagram, where a target power internet of things device is used as a certain node in the tree structure diagram, and if a target user interacts with an upstream node and a downstream node related to the node before, the nodes interacting with the target user may be referred to as hierarchical recommenders.
The transitive trust of the hierarchical recommenders can be understood as the trust of each hierarchical recommender on the target user, and the indirect trust can be calculated by using the transitivity of the trust.
And S12, respectively determining the direct trust and the indirect trust of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust of the hierarchical recommender.
Specifically, the electronic device determines the direct trust degree of the target power internet of things device on the target user based on historical interaction data. For example, historical access data may be utilized to calculate a historical access success rate, based on which a direct trust level is determined; and the direct trust degree can be determined by combining other parameters on the basis of the historical access success rate.
The electronic equipment can accumulate and sum recommenders of all levels to obtain indirect trust; and corresponding weights can be distributed to recommenders at all levels, and the indirect trust degree and the like can be obtained by weighted summation.
This step will be described in detail below.
And S13, determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree.
After the electronic equipment obtains the direct trust degree and the indirect trust degree through calculation, the electronic equipment can directly utilize the direct trust degree and the indirect trust degree to calculate the real-time trust degree; or calculating the real-time trust degree by combining other parameters on the basis of the direct trust degree and the indirect trust degree, and the like. Details about this step will be described later.
And S14, controlling the access of the target user to the target power Internet of things equipment based on the real-time trust degree.
After the electronic device obtains the real-time trust degree through calculation, the real-time trust degree can be compared with a trust degree threshold value of the target power internet of things device, and whether the electronic device has the authority of accessing the target power internet of things is determined.
According to the zero-trust dynamic access control method for the power internet of things equipment and the users, the real-time trust degree of the target power internet of things equipment to the target user is calculated in real time by using historical user data and the transfer trust degree of the hierarchical recommender, and the access of the target user to the target power internet of things equipment is controlled in real time by using the real-time trust degree.
In some optional embodiments of this embodiment, the zero-trust dynamic access control method for the power internet of things device and the user may further include the following steps:
(1) and the user applies for accessing the target power Internet of things equipment. And the user performs forced encryption of public and private key algorithm on the traffic through the agent of the Internet of things.
(2) The system acquires the past related data of a user through a user management module, wherein the past related data comprises metadata from different dimensions, such as a terminal address, a host name, a process start/stop event, a read-write event of a registry, a read-write event of a disk file, a port opening condition, a 5-tuple of a network, accessed resources, external links and the like; and analyzing the security risk from attributes such as versions, vulnerability patches, system application levels, identity authentication methods and the like. And if the result of the security analysis does not meet the corresponding condition, the user is denied access. The vulnerability scanning system, the certificate authority and the routing address mapping table are obtained from the equipment list module. User information is registered at the time of first access, and if the user has been accessed previously, updating is performed based on the previous access level and address change.
In this embodiment, a zero-trust dynamic access control method for a power internet of things device and a user is provided, which may be used for the electronic devices, such as a computer, a mobile phone, a tablet computer, and the like, fig. 2 is a flowchart of the zero-trust dynamic access control method for the power internet of things device and the user according to the embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
and S21, obtaining historical interaction data of the target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment.
Please refer to S11 in fig. 1, which is not described herein again.
And S22, respectively determining the direct trust and the indirect trust of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust of the hierarchical recommender.
The historical interaction data comprises the interaction times and interaction failure times of the target user in a preset time interval and each accessed power Internet of things device.
Specifically, the step S22 includes the following steps:
s221, calculating the direct knowledge of the target user by using the interaction times of the target user and the interaction failure times.
The direct knowledge DK can be calculated using the following formula:
Figure BDA0002690625800000091
wherein DK is the direct knowledge; n is the number of interactions of the target user; f is the number of interactive failures; sl is a service level factor and sl is ∈ [1,100 ].
S222, calculating direct experience of the target user by using the number of interaction times and the number of interaction failure times of the target user and the accessed power Internet of things equipment.
The direct experience can be calculated using the following formula:
Figure BDA0002690625800000101
Figure BDA0002690625800000102
Figure BDA0002690625800000103
wherein DE is the direct experience; w is aiIs the proportion occupied by the ith interaction; lambda [ alpha ]iIs a penalty factor; e.g. of the typeiThe method is the power Internet of things equipment for the ith interaction.
And S223, determining the direct trust degree based on the direct knowledge and the direct experience.
The direct confidence is calculated using the following formula:
DT=μDE+(1-μ)DK
wherein DT is the direct confidence level; DE is the direct experience; DK is the direct knowledge.
S224, determining indirect trust by using the number of the hierarchical recommenders and the transfer trust of the hierarchical recommenders.
Specifically, the indirect confidence is calculated by the following formula:
Figure BDA0002690625800000104
Figure BDA0002690625800000105
wherein, IT (R)i,Rj) Is the target power Internet of things equipment RiFor the target user Rj(ii) indirect confidence of; n is the number of the hierarchical recommenders; DT' (R)k,Rj) Level recommender R corresponding to target power Internet of things equipmentkFor the target user Rj(ii) a degree of transitive trust of; omega (R)k) As a hierarchical recommender RkA corresponding weight; l is a predetermined number of layers.
And S23, determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree.
Please refer to S13 in fig. 1, which is not described herein again.
And S24, controlling the access of the target user to the target power Internet of things equipment based on the real-time trust degree.
Specifically, the step S24 includes the following steps:
and S241, judging whether the real-time trust is greater than the trust threshold of the target power Internet of things equipment.
Executing S242 when the real-time trust degree is greater than the trust degree threshold value of the target power Internet of things equipment; and if not, the target user is refused to access the target power Internet of things equipment.
And S242, allowing the target user to access the target power Internet of things equipment.
Optionally, after determining the access right of the target user to the target power internet of things device, the electronic device may update data in the user management database for subsequent re-evaluation of the trust level.
According to the zero-trust dynamic access control method for the power internet of things equipment and the users, when the direct trust degree is calculated, the direct knowledge and the direct experience are respectively calculated and then combined to obtain the direct trust degree, so that the reliability of the direct trust degree calculation is ensured; and when the indirect trust degree is calculated, the transitivity of trust is utilized to calculate, so that the accuracy of calculating the indirect trust degree is improved.
In this embodiment, a zero-trust dynamic access control method for a power internet of things device and a user is provided, which may be used for the electronic devices, such as a computer, a mobile phone, a tablet computer, and the like, fig. 3 is a flowchart of the zero-trust dynamic access control method for the power internet of things device and the user according to the embodiment of the present invention, and as shown in fig. 3, the flowchart includes the following steps:
and S31, obtaining historical interaction data of the target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment.
Please refer to S21 in fig. 2 for details, which are not described herein.
And S32, respectively determining the direct trust and the indirect trust of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust of the hierarchical recommender.
Please refer to S22 in fig. 2 for details, which are not described herein.
And S33, determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree.
Specifically, the step S33 includes the following steps:
and S331, acquiring the historical maximum access times of the target user to the electric power Internet of things equipment and the historical access times of the target user to the electric power Internet of things equipment within a preset time interval.
The electronic device can record the times of accessing the electric power internet of things device by the target user and historical access times of accessing the electric power internet of things device by the target user in a preset time interval.
And S332, calculating the trust degree weight by using the number of the hierarchical recommenders.
Specifically, the confidence weight is calculated using the following formula:
Figure BDA0002690625800000121
Figure BDA0002690625800000122
wherein, beta (R)j) Is the confidence weight;
Figure BDA0002690625800000123
a number of recommenders for the hierarchy; n isallThe number of the electric power internet of things equipment having a direct trust relationship with the target user is set; is a regulatory factor, and α ∈ (0, 1).
S333, determining a real-time trust degree evaluation value based on the historical maximum access times, the historical access times, the trust degree weight, the direct trust degree and the indirect trust degree.
Specifically, the real-time confidence evaluation value is calculated by using the following formula:
Figure BDA0002690625800000124
wherein, T (R)i,Rj) Is the target power Internet of things equipment RiFor the target user RjThe real-time confidence evaluation value of; IT (R)i,Rj) Is the target power Internet of things equipment RiFor the target user Rj(ii) indirect confidence of; n is the historical maximum access times; n is the historical access times; DT' (R)i,Rj) Level recommender R corresponding to target power Internet of things equipmentiTo what is neededThe target user RjThe degree of trust of the transfer.
And S334, determining the real-time credibility based on the real-time credibility evaluation value.
The electronic equipment can directly use the real-time trust degree evaluation value as the real-time trust degree, and can also determine the real-time trust degree by combining other parameters on the basis. Specifically, the step S334 includes the following steps:
(1) the method comprises the steps of obtaining current behavior risk assessment values and last behavior risk assessment values of a target power Internet of things device and a target user, and the times of dangerous behaviors of the target user accessing the target power Internet of things device.
Defining the behavior risk factors of the power internet of things equipment and the user in the power internet of things environment as follows:
1) the resource value RV: the resource accessed by the electric power internet of things equipment can be a hardware resource, such as a specific electric meter, or can be a software resource, such as certain data. The resource values of different levels are different, and the resource values are divided into:
RV={RV1(of general importance), RV2(important), RV3(of greater importance), RV4(very important }
2) Resource vulnerability V: the resource vulnerability refers to the difficulty of the resource being vulnerable, and is divided into the following according to the difficulty of the resource being vulnerable:
V={V1(easy), V2(general), V3(difficult), V4(extremely difficult) }
3) Behavioral risk level L: and regarding the abnormal behaviors and the malicious behaviors of the user as dangerous behaviors, and dividing the behavior danger levels according to the influence degree of the behaviors:
L={L1(negligible), L2(Low), L3(in), L4(high }
A data table may be maintained in the electronic device in which values corresponding to resource value, resource vulnerability and behavioral risk level exist. After determining the resource value, the resource vulnerability and the behavior risk level of the target power Internet of things equipment, the electronic equipment can directly search the data table to obtain corresponding numerical values, so that the specific numerical values of RV, V and L are obtained.
The calculation method of the current behavior risk assessment value is as follows:
R′0=RV×V×L
for the subsequent calculation of participation confidence, the risk assessment value needs to be mapped into the [0, 1] interval, and the transformation formula is as follows:
Figure BDA0002690625800000131
and the electronic equipment compares the calculated behavior risk assessment value with a threshold value, and counts the times of dangerous behaviors of the target user accessing the target power Internet of things equipment.
(2) And determining the access state of the target user by using the last behavior risk assessment value. Wherein the access state is a normal behavior or a dangerous behavior.
And comparing the risk evaluation value of the last behavior with a threshold value to determine whether the access behavior is normal behavior or dangerous behavior.
(3) And determining a real-time risk assessment value based on the access state of the target user and the last behavior risk assessment value.
Specifically, the real-time risk assessment value is calculated using the following formula:
Figure BDA0002690625800000132
wherein R is the real-time risk assessment value; r0Is the last risk assessment value; r' is the last behavior risk assessment value; c is the dangerous behavior times; alpha is a risk attenuation factor and alpha is in the range of 0.5,1](ii) a Mu is a constant and mu is e [1,2 ]]。
(4) And determining the real-time trust degree based on the real-time risk assessment value and the real-time trust degree assessment value.
Calculating the real-time confidence level by adopting the following formula:
Figure BDA0002690625800000133
wherein T is the real-time confidence level; t is0The last confidence level; θ is a risk assessment threshold; r is a real-time risk assessment value; c is the dangerous behavior times; λ is a first trust correction factor, and λ ∈ [0.5, 1]](ii) a Rho is a second trust correction factor, and rho is in a range of 0,0.5]。
And S34, controlling the access of the target user to the target power Internet of things equipment based on the real-time trust degree.
Please refer to S24 in fig. 2 for details, which are not described herein.
The zero-trust dynamic access control method facing the power internet of things equipment and the user, provided by the embodiment, combines the real-time risk assessment value on the basis of the real-time trust assessment value, and then performs assessment from the perspective of access behavior, so that the accuracy of real-time trust calculation is improved.
The embodiment also provides a zero-trust dynamic access control device for power internet of things equipment and users, which is used for implementing the above embodiments and preferred embodiments, and the description of the zero-trust dynamic access control device is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
The embodiment provides a zero-trust dynamic access control device for power internet of things devices and users, as shown in fig. 4, the device includes:
the obtaining module 41 is configured to obtain historical interaction data of a target user and a transfer trust level of a hierarchical recommender corresponding to a target power internet of things device;
a first determining module 42, configured to determine, based on the historical interaction data and the delivery trust level of the hierarchical recommender, a direct trust level and an indirect trust level of the target power internet of things device for the target user, respectively;
a second determining module 43, configured to determine, according to the direct trust level and the indirect trust level, a real-time trust level of the target power internet of things device on the target user;
and the control module 44 is configured to control, based on the real-time trust level, access of the target user to the target power internet of things device.
The zero trust dynamic access control device for power internet of things devices and users in this embodiment is presented in the form of a functional unit, where the unit refers to an ASIC circuit, a processor and a memory executing one or more software or fixed programs, and/or other devices capable of providing the above functions.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
In some optional embodiments of this embodiment, from the perspective of software program implementation, each program module is integrated and divided to obtain the zero-trust dynamic access control system facing the power internet of things device and the user as illustrated in fig. 5, where the system includes a data source module 1, a dynamic access control module 2, and a device access detection module 3. Servers based on a Linux system are adopted, and the data source module 1 is deployed in a remote place to serve as a database server; the dynamic access control module 2 is connected with the gateway; the equipment access detection module is arranged on a server which is accessed by a user and is connected with the first two modules through a wired network.
As shown in fig. 5, the data source module 1 according to this embodiment includes a user management module 11, a password management module 12, and an equipment list module 13; the user management module 11 is positioned on the server, is connected with the dynamic access control module 2 and the equipment access detection module 3 through a wired network to realize the storage and support functions of user identity data, and provides the former user data for the trust calculation module; the password management module 12 is logically connected with the short-time token management module 22 and the internet of things agent 31, and provides a storage function; the device list module 13 provides device-related information for the access control engine 21 and the confidence calculation module 33, and stores resource updates from the power internet-of-things devices; the dynamic access control module 2 comprises an access control engine 21, a short-time token control module 22 and an equipment grading management and control module 23; the access control engine 21 obtains the user information given by the internet of things agent 31, contacts the trust degree calculation module 33, performs access control on the user by combining the equipment list 13, and sets an access control point; the control module of the short-time token 22 forms a special token according to the front-end agent user information and sends the special token and the instruction together; the equipment management service 23 interacts with the equipment list module 13, and sends the updating and increasing conditions of the equipment to the equipment list module 13 and carries out persistence operation; the equipment access detection module 3 comprises an internet of things agent 31, a security transmission module 32 and a trust degree calculation module 33; the internet of things agent 31 interacts the front-end user information with the trust degree calculation module 33 and the access control engine 21 through a load balancing system, and distributes the information based on the authority; the secure transmission module 32 encrypts the communication process according to a specific algorithm; the trust calculation module analyzes the identity trust by combining the user information provided by the internet of things agent 31 and the user management module 11, and sends the result to the access control engine 21.
Fig. 6 shows a process of calculating the real-time trust level, and the specific process may refer to the related description in the embodiments of fig. 1 to fig. 3, which is not described herein again.
An embodiment of the present invention further provides an electronic device, which has the zero-trust dynamic access control apparatus facing the power internet of things device and the user shown in fig. 5.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 7, the electronic device may include: at least one processor 51, such as a CPU (Central Processing Unit), at least one communication interface 53, memory 54, at least one communication bus 52. Wherein a communication bus 52 is used to enable the connection communication between these components. The communication interface 53 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 53 may also include a standard wired interface and a standard wireless interface. The Memory 54 may be a high-speed RAM Memory (volatile Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 54 may alternatively be at least one memory device located remotely from the processor 51. Wherein the processor 51 may be in connection with the apparatus described in fig. 4, the memory 54 stores an application program, and the processor 51 calls the program code stored in the memory 54 for performing any of the above-mentioned method steps.
The communication bus 52 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 52 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
The memory 54 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 54 may also comprise a combination of the above types of memories.
The processor 51 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor 51 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 54 is also used to store program instructions. The processor 51 may call a program instruction to implement the zero-trust dynamic access control method for the power internet of things devices and users as shown in the embodiments of fig. 1 to 3 of the present application.
The embodiment of the invention also provides a non-transitory computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions can execute the zero-trust dynamic access control method facing the power internet of things equipment and the user in any method embodiment. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (13)

1. A zero-trust dynamic access control method for power Internet of things equipment and users is characterized by comprising the following steps:
acquiring historical interaction data of a target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment;
respectively determining the direct trust degree and the indirect trust degree of the target power Internet of things equipment to the target user based on the historical interaction data and the transfer trust degree of the hierarchical recommender;
determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree;
and controlling the target user to access the target power Internet of things equipment based on the real-time trust degree.
2. The method according to claim 1, wherein the historical interaction data comprises the number of interactions, the number of interaction failures and the number of accessed power internet of things devices of the target user within a preset time interval; wherein the determining the direct trust level and the indirect trust level of the target power internet of things device to the target user based on the historical interaction data and the transfer trust level of the hierarchical recommender respectively comprises:
calculating the direct knowledge of the target user by using the interaction times of the target user and the interaction failure times;
calculating direct experience of the target user by using the number of interaction times of the target user, the number of interaction failure times and each accessed power Internet of things device;
determining the direct confidence level based on the direct knowledge and the direct experience;
and determining the indirect trust degree by utilizing the number of the hierarchical recommenders and the transfer trust degree of the hierarchical recommenders.
3. The method of claim 2, wherein the direct confidence level is calculated using the following formula:
DT=μDE+(1-μ)DK
Figure FDA0002690625790000021
Figure FDA0002690625790000022
Figure FDA0002690625790000023
Figure FDA0002690625790000024
wherein DT is the direct confidence level; DE is the direct experience; DK is the direct knowledge; μ is a constant, μ ∈ (0, 1); n is the number of interactions of the target user; w is aiIs the proportion occupied by the ith interaction; lambda [ alpha ]iIs a penalty factor; e.g. of the typeiThe power internet of things equipment is interacted for the ith time; f is the number of interactive failures; sl is a service level factor and sl is ∈ [1,100]]。
4. The method of claim 2, wherein the indirect confidence level is calculated using the following formula:
Figure FDA0002690625790000025
Figure FDA0002690625790000026
wherein, IT (R)i,Rj) Is the target power Internet of things equipment RiFor the target user Rj(ii) indirect confidence of; n is the number of the hierarchical recommenders; DT' (R)k,Rj) Level recommender R corresponding to target power Internet of things equipmentkFor the target user Rj(ii) a degree of transitive trust of; omega (R)k) As a hierarchical recommender RkA corresponding weight; l is a predetermined number of layers.
5. The method of claim 1, wherein the determining the real-time trust level of the target power IOT device for the target user according to the direct trust level and the indirect trust level comprises:
acquiring historical maximum access times of the target user to the electric power Internet of things equipment and historical access times of the target user to the electric power Internet of things equipment within a preset time interval;
calculating a confidence weight using the number of hierarchical recommenders;
determining a real-time trust degree evaluation value based on the historical maximum access times, the historical access times, the trust degree weight, the direct trust degree and the indirect trust degree;
and determining the real-time credibility based on the real-time credibility evaluation value.
6. The method of claim 5, wherein the real-time confidence measure is calculated using the following equation:
Figure FDA0002690625790000031
Figure FDA0002690625790000032
Figure FDA0002690625790000033
wherein, T (R)i,Rj) Is the target power Internet of things equipment RiFor the target user RjThe real-time confidence evaluation value of; IT (R)i,Rj) Is the target power Internet of things equipment RiFor the target user Rj(ii) indirect confidence of; n is the historical maximum access times; n is the historical access times; DT' (R)i,Rj) Level recommender R corresponding to target power Internet of things equipmentiFor the target user Rj(ii) a degree of transitive trust of; l isRjA number of recommenders for the hierarchy; n isallElectric power for direct trust relationship with the target userThe number of the internet of things devices; is a regulatory factor, and α ∈ (0, 1).
7. The method of claim 5, wherein determining the real-time confidence level based on the real-time confidence assessment value comprises:
acquiring current behavior risk assessment values, last behavior risk assessment values and dangerous behavior times of the target user accessing the target power internet of things device;
determining the access state of the target user by using the last behavior risk assessment value; wherein the access state is a normal behavior or a dangerous behavior;
determining a real-time risk assessment value based on the access state of the target user and the last behavior risk assessment value;
and determining the real-time trust level based on the real-time risk assessment value and the real-time trust level assessment value.
8. The method of claim 7, wherein the real-time risk assessment value is calculated using the following formula:
Figure FDA0002690625790000034
wherein R is the real-time risk assessment value; r0Is the last risk assessment value; r' is the last behavior risk assessment value; c is the dangerous behavior times; alpha is a risk attenuation factor and alpha is in the range of 0.5,1](ii) a Mu is a constant and mu is e [1,2 ]]。
9. The method of claim 7, wherein the real-time confidence level is calculated using the following formula:
Figure FDA0002690625790000041
wherein T is the real-time confidence level; t is0The last confidence level; θ is a risk assessment threshold; r is a real-time risk assessment value; c is the dangerous behavior times; λ is a first trust correction factor, and λ ∈ [0.5, 1]](ii) a Rho is a second trust correction factor, and rho is in a range of 0,0.5]。
10. The method of claim 1, wherein the controlling access of the target user to the target power internet of things device based on the real-time trust level comprises:
judging whether the real-time trust degree is greater than a trust degree threshold value of the target power Internet of things equipment;
and when the real-time trust degree is greater than the trust degree threshold value of the target power Internet of things equipment, allowing the target user to access the target power Internet of things equipment.
11. The utility model provides a zero trust dynamic access control device towards electric power thing networking equipment and user which characterized in that includes:
the acquisition module is used for acquiring historical interaction data of a target user and the transfer trust degree of a hierarchical recommender corresponding to the target power Internet of things equipment;
the first determination module is used for respectively determining the direct trust degree and the indirect trust degree of the target power internet of things equipment to the target user based on the historical interaction data and the transfer trust degree of the hierarchical recommender;
the second determining module is used for determining the real-time trust degree of the target power Internet of things equipment to the target user according to the direct trust degree and the indirect trust degree;
and the control module is used for controlling the target user to access the target power Internet of things equipment based on the real-time trust degree.
12. An electronic device, comprising:
a memory and a processor, the memory and the processor are communicatively connected with each other, the memory stores computer instructions, and the processor executes the computer instructions to execute the zero-trust dynamic access control method for the power internet of things equipment and the user according to any one of claims 1 to 10.
13. A computer-readable storage medium storing computer instructions for causing a computer to execute the power internet of things device and user oriented zero-trust dynamic access control method according to any one of claims 1 to 10.
CN202010990264.1A 2020-09-18 2020-09-18 Zero-trust dynamic access control method for power Internet of things equipment and users Pending CN112087469A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010990264.1A CN112087469A (en) 2020-09-18 2020-09-18 Zero-trust dynamic access control method for power Internet of things equipment and users

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010990264.1A CN112087469A (en) 2020-09-18 2020-09-18 Zero-trust dynamic access control method for power Internet of things equipment and users

Publications (1)

Publication Number Publication Date
CN112087469A true CN112087469A (en) 2020-12-15

Family

ID=73739211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010990264.1A Pending CN112087469A (en) 2020-09-18 2020-09-18 Zero-trust dynamic access control method for power Internet of things equipment and users

Country Status (1)

Country Link
CN (1) CN112087469A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112751860A (en) * 2020-12-29 2021-05-04 航天科工网络信息发展有限公司 Intelligent identity analysis method in zero trust network
CN113783844A (en) * 2021-08-13 2021-12-10 中国光大银行股份有限公司 Zero-trust access control method and device and electronic equipment
CN113824732A (en) * 2021-10-13 2021-12-21 成都安恒信息技术有限公司 Zero trust-based multi-factor authentication method
CN114189380A (en) * 2021-12-09 2022-03-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN115051877A (en) * 2022-08-12 2022-09-13 国网浙江省电力有限公司杭州供电公司 Power grid cloud service security access method based on zero trust model
CN116055216A (en) * 2023-03-06 2023-05-02 睿至科技集团有限公司 Security detection method and system based on Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288063A1 (en) * 2017-03-31 2018-10-04 Oracle International Corporation Mechanisms for anomaly detection and access management
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180288063A1 (en) * 2017-03-31 2018-10-04 Oracle International Corporation Mechanisms for anomaly detection and access management
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘正南: ""云环境下基于用户行为评估的访问控制模型研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》, 15 November 2016 (2016-11-15), pages 7 - 37 *
苑博林: ""基于信任及风险的访问控制模型研究与系统实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》, 15 August 2016 (2016-08-15), pages 7 - 57 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112751860A (en) * 2020-12-29 2021-05-04 航天科工网络信息发展有限公司 Intelligent identity analysis method in zero trust network
CN112751860B (en) * 2020-12-29 2023-06-06 航天科工网络信息发展有限公司 Intelligent identity analysis method in zero trust network
CN113783844A (en) * 2021-08-13 2021-12-10 中国光大银行股份有限公司 Zero-trust access control method and device and electronic equipment
CN113824732A (en) * 2021-10-13 2021-12-21 成都安恒信息技术有限公司 Zero trust-based multi-factor authentication method
CN114189380A (en) * 2021-12-09 2022-03-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN114189380B (en) * 2021-12-09 2023-09-15 四川启睿克科技有限公司 Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
CN115051877A (en) * 2022-08-12 2022-09-13 国网浙江省电力有限公司杭州供电公司 Power grid cloud service security access method based on zero trust model
CN115051877B (en) * 2022-08-12 2022-11-01 国网浙江省电力有限公司杭州供电公司 Zero-trust model-based power grid cloud service security access method
CN116055216A (en) * 2023-03-06 2023-05-02 睿至科技集团有限公司 Security detection method and system based on Internet of things

Similar Documents

Publication Publication Date Title
CN112087469A (en) Zero-trust dynamic access control method for power Internet of things equipment and users
CN112055029B (en) User real-time trust degree evaluation method for zero-trust electric power Internet of things equipment
US10348739B2 (en) Automated data risk assessment
US20160241576A1 (en) Detection of anomalous network activity
US11537721B2 (en) Device-based security scoring
US20180046796A1 (en) Methods for identifying compromised credentials and controlling account access
US10999311B2 (en) Risk score generation for assets of an enterprise system utilizing user authentication activity
CN107624238A (en) To the safe access control of the application based on cloud
US9148435B2 (en) Establishment of a trust index to enable connections from unknown devices
US10491621B2 (en) Website security tracking across a network
US20200244709A1 (en) Detecting fraudulent logins
US20210234877A1 (en) Proactively protecting service endpoints based on deep learning of user location and access patterns
CN113536258A (en) Terminal access control method and device, storage medium and electronic equipment
US8694993B1 (en) Virtualization platform for secured communications between a user device and an application server
CN111131176B (en) Resource access control method, device, equipment and storage medium
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
CN112653679B (en) Dynamic identity authentication method, device, server and storage medium
US9866587B2 (en) Identifying suspicious activity in a load test
US9635017B2 (en) Computer network security management system and method
CN116319024A (en) Access control method and device of zero trust system and zero trust system
US11336667B2 (en) Single point secured mechanism to disable and enable the access to all user associated entities
CN117254918A (en) Zero trust dynamic authorization method and device, electronic equipment and readable storage medium
CN114285664A (en) Abnormal user identification method, system, device and medium
US11245703B2 (en) Security tool for considering multiple security contexts
WO2023175756A1 (en) Policy control device, zero trust system, policy control method, and policy control program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201215