CN112637122A - Test method, response method and system for access control of communication unit master station - Google Patents

Test method, response method and system for access control of communication unit master station Download PDF

Info

Publication number
CN112637122A
CN112637122A CN202011293736.4A CN202011293736A CN112637122A CN 112637122 A CN112637122 A CN 112637122A CN 202011293736 A CN202011293736 A CN 202011293736A CN 112637122 A CN112637122 A CN 112637122A
Authority
CN
China
Prior art keywords
access control
control instruction
test
master station
test case
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011293736.4A
Other languages
Chinese (zh)
Other versions
CN112637122B (en
Inventor
辛宗彦
刘伟
赵思华
唐晓柯
李铮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202011293736.4A priority Critical patent/CN112637122B/en
Publication of CN112637122A publication Critical patent/CN112637122A/en
Application granted granted Critical
Publication of CN112637122B publication Critical patent/CN112637122B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Abstract

The invention provides a test method, a response method and a system for access control of a communication unit master station, and belongs to the technical field of communication. The test method comprises the following steps: authenticating the encryption library and reading a test case; acquiring an access control instruction in the test case, and calling an encryption library after passing authentication to encrypt the access control instruction; changing the access control instruction in the test case into an encrypted access control instruction; and executing the test case after the access control instruction is changed to obtain a test result. The invention realizes the safety test of the access of the master station of the remote communication unit.

Description

Test method, response method and system for access control of communication unit master station
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a test method for access control of a communication unit master station, a response method for access control of a communication unit master station, a test system for access control of a communication unit master station, a response system for access control of a communication unit master station, an electronic device, and a computer-readable storage medium.
Background
At present, the market has no special master station access control test for a wireless public network or private network communication unit, for example, the wireless public network communication unit can communicate with any master station when in work, a network access address (such as an IP address) of the master station can be configured in a power concentrator, a remote communication unit can read the IP address of the master station set in the power concentrator in an initialization process, then initiates a connection request for the IP, and can communicate after receiving a reply from the master station.
The existing technical scheme does not ensure safety in practical application, and an operator can randomly modify the IP address of the main station set in the concentrator, so that the remote communication unit can be connected with any specified IP address to transmit power data. Therefore, there is a need to solve the communication security risk or data leakage risk of the communication unit and the master station, but there is no scheme for master station access control in the market.
Disclosure of Invention
The invention aims to provide a test method, a response method and a system for access control of a communication unit master station, which solve the technical problems of potential communication safety hazards or data leakage risks and the like caused by the fact that the master station can be randomly changed to point to any site or website.
In order to achieve the above object, an embodiment of the present invention provides a test method for access control of a master station of a communication unit, where the test method includes:
authenticating the encryption library and reading a test case;
acquiring an access control instruction in the test case, and calling an encryption library after passing authentication to encrypt the access control instruction;
changing the access control instruction in the test case into an encrypted access control instruction;
and executing the test case after the access control instruction is changed to obtain a test result.
Specifically, before authenticating the encryption library, the test method further includes:
acquiring a pre-configured encryption library and a hardware identifier of a trusted system, and converting the hardware identifier into a trusted authentication key through the pre-configured encryption library;
recording the trusted authentication key to a storage location having read authority.
Specifically, the authentication encryption library includes:
acquiring a hardware identifier of a current system, and reading the trusted authentication key from the storage position, wherein the hardware identifier of the current system is the same as the hardware identifier of the trusted system in type;
verifying whether an authentication key transformed from the hardware identification of the current system and the authenticated encryption library are identical to the trusted authentication key, and/or,
verifying whether the hardware identifier converted according to the authenticated encryption library and the trusted authentication key is consistent with the hardware identifier of the trusted system;
and if the inconsistent verification result does not exist, judging that the authenticated encryption library is the encryption library after the authentication is passed.
Specifically, after authenticating the encryption library and reading the test case and before acquiring the access control instruction in the test case, the method further includes:
and updating the master station network access address of the access control instruction in the test case, wherein the master station network access address is obtained from a master station white list.
Specifically, the obtaining of the access control instruction in the test case and the calling of the encryption library after the authentication pass to encrypt the access control instruction include:
acquiring an access control instruction in the test case, and determining a configuration instruction in the access control instruction and an updated master station network access address;
calling an encryption library which passes authentication, and carrying out encryption calculation on the plaintext of the updated master station network access address to obtain a ciphertext corresponding to the plaintext;
the clear text of the configuration instructions is maintained.
Specifically, the changing the access control instruction in the test case to an encrypted access control instruction includes:
splicing the plaintext of the configuration instruction and the ciphertext to obtain a spliced access control instruction;
and changing the access control instruction in the test case into the spliced access control instruction.
Specifically, the executing the test case after the access control instruction is changed to obtain the test result includes:
trying to establish communication connection between the communication unit and the master station according to the access control instruction in the test case after the access control instruction is changed;
and obtaining a test result corresponding to the connection state by judging the connection state of the communication connection.
Specifically, the executing the test case after the access control instruction is changed to obtain the test result specifically includes:
if the access control instruction in the test case after the access control instruction is changed sets a newly added network access address of the master station,
attempting to establish a communication connection between the network access address of the communication unit and the network access address of the newly added master station,
if the communication connection is judged to be successful, a result of passing the test is obtained, or
And judging that the communication connection is failed, and obtaining a result that the test is failed.
Specifically, the executing the test case after the access control instruction is changed to obtain the test result specifically includes:
if the access control command deletes the added network access address of the master station in the test case after the access control command is changed,
attempting to establish a communication connection between the network access address of the communication unit and the incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
Specifically, the executing the test case after the access control instruction is changed to obtain the test result specifically includes:
if the access control instruction in the test case after the access control instruction is changed does not increase the network access address of the master station which is not increased,
attempting to establish a communication connection between the network access address of the communication unit and the non-incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
The embodiment of the invention provides a response method for access control of a communication unit master station, which comprises the following steps:
authenticating the encryption library and receiving an access control instruction provided by a test case in the test method;
executing the access control instruction;
attempting to decrypt the access control instruction through the encryption vault,
if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address by executing the decrypted access control instruction;
and requesting to establish communication connection with the network access address of the master station, and returning the connection state of the communication connection requested to be established to the test case, or not returning any failed connection state to the test case.
Specifically, after the executing the access control instruction and before the attempting to decrypt the access control instruction by the encryption library, the method further includes:
determining an execution state corresponding to the access control instruction,
if the execution state is unsuccessful, performing the step of attempting to decrypt the access control instruction through the encryption library;
if the execution state is successful execution, the encryption library is tried to decrypt the value of the operation position corresponding to the configuration instruction in the access control instruction,
and if the network access address is obtained through the value of the operation position after decryption, updating the obtained network access address into the master station network access address through executing the decrypted access control command, and performing the step of establishing communication connection between the request and the master station network access address.
An embodiment of the present invention provides a test system for access control of a master station of a communication unit, where the test system includes:
an encryption module for providing an encryption library and authenticating the encryption library;
the configuration module is used for reading a test case, acquiring an access control instruction in the test case, calling an encryption library after passing authentication to encrypt the access control instruction, and changing the access control instruction in the test case into the encrypted access control instruction;
and the execution module executes the test case after the access control instruction is changed to obtain a test result.
An embodiment of the present invention provides a response system for access control of a master station of a communication unit, where the response system includes:
a decryption module for providing an encrypted library and authenticating the encrypted library;
the receiving module is used for receiving the access control instruction provided by the test case and executing the access control instruction;
the updating module is used for attempting to decrypt the access control instruction through the encryption library, and if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address through executing the decrypted access control instruction;
and the response module is used for requesting to establish communication connection with the network access address of the master station and returning the connection state of the communication connection requested to be established to the test case or not returning any failed connection state to the test case.
In another aspect, an embodiment of the present invention provides an electronic device, including:
at least one processor;
a memory coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implements the aforementioned method by executing the instructions stored by the memory.
In yet another aspect, an embodiment of the present invention provides a computer-readable storage medium storing computer instructions, which, when executed on a computer, cause the computer to perform the foregoing method.
The invention realizes the test scheme of the access control of the remote communication unit and the master station; the invention uses the encryption library for authentication aiming at the access control of the main station, encrypts the IP address information of the white list of the main station, can realize the access test of the main station with the white list IP address (or the IP address removing the white list IP address or the IP address not belonging to the white list IP address), and realizes the test of the access control of the main station of the remote communication unit by using the test case (the IP address is changed and replaced by encrypted data or ciphertext) of the splicing reconstructed instruction, and completes the bidirectional data communication, thereby realizing the actual safety of the communication data connection between the remote communication unit and the main station and ensuring the authenticity and the integrity of the data.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
FIG. 1 is a schematic diagram of the principal method of an embodiment of the present invention;
FIG. 2 is a flow chart illustrating exemplary major steps of an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Example 1
Referring to fig. 1, an embodiment of the present invention provides a test method for access control of a master station of a communication unit, where the test method may include:
authenticating the encryption library and reading a test case;
acquiring an access control instruction in the test case, and calling an encryption library after passing authentication to encrypt the access control instruction;
changing the access control instruction in the test case into an encrypted access control instruction;
and executing the test case after the access control instruction is changed to obtain a test result.
In some specific implementations, when a master station access control test is performed, firstly, an encryption library used needs to be authenticated; the purpose of authentication is that the encryption library cannot be allowed to run and used on any computing device, that is, the encryption library can only be used on a target computing device, for example, implemented by a computing device with a configured trusted execution environment or implemented by a secure chip with a configured trusted platform module, so as to ensure the authority and validity of the testing method; the method for authenticating the encryption library is determined by the algorithm of the encryption library, so that authentication in different modes is required to be performed according to different encryption libraries, the test can be continued only when the authentication is successful, and otherwise, the test is finished; the encryption library is optional, the open-source encryption library can be, for example, cryptlb, crypt + +, OpenSSL and the like, the encryption library can be formed and the use permission of the encryption library can be obtained (namely, the preconfigured encryption library is obtained) through a conventional compiling process by using an open-source encryption algorithm, and the closed-source encryption algorithm generally provides a compiled installation file or a packaged encryption library file (the encryption library can be used only by changing a path to the environment where the test case is located after the use permission is obtained, namely, the preconfigured encryption library is obtained); for example, a source code (e.g., a source code of OpenSSL) is obtained in a current system (e.g., a UNIX system) environment, configuration (e.g., an instruction/config — parameter) is performed according to a parameter (e.g., a path parameter) of the current system, and then the configuration may be compiled (e.g., an instruction make, a make install, and the like) to form an encryption library, where the formed encryption library may be used in the embodiment of the present invention;
in order to realize unique characteristics, for example, a calculation function (for example, a random parameter generation function is involved, the random parameter generation function is changed into an assignment function) or a parameter of the calculation function (for example, a random parameter is involved, which can be taken as a predefined parameter) in an encryption algorithm source code corresponding to an encryption library can be arbitrarily changed, so that only a user knows an authentication original text and a corresponding encryption result of a compiled encryption library, the authentication original text and the corresponding encryption result can be obtained by calling an authentication function of the execution encryption library, verifying whether a mapping rule of the current encryption library can obtain a corresponding encryption result according to the authentication original text or obtain the authentication original text according to the encryption result, and completing the authentication encryption library, and since the encryption library which is not tampered or intentionally intervened can repeatedly obtain a corresponding output according to the same input, whether the encryption library has authority and validity can be judged through an authentication execution condition, if the corresponding authentication text has no corresponding output (is not the corresponding encryption result), the encryption library can be regarded as being tampered or judged to be invalid, and if the corresponding output (is the corresponding encryption result), the encryption library has authority and validity;
for using an encryption library, for example, a Message Authentication Code (MAC) algorithm may be used, and specifically, there are generally three ways, one of which is to generate a Message Authentication Code according to a ciphertext obtained by encrypting a plaintext, and send the ciphertext and the Message Authentication Code to a data receiving party together, and this process may be referred to as Encrypt-then-MAC (etm); secondly, generating a message authentication code according to the plaintext, encrypting the plaintext to obtain a ciphertext when the message authentication code is not assembled, and sending the message authentication code and the ciphertext to a data receiver together, wherein the process can be called Encrypt-and-MAC (E & M); and thirdly, generating a message authentication code according to the plaintext, assembling the message authentication code and the plaintext, encrypting, and sending the encrypted ciphertext to a data receiver, wherein the process can be called MAC-then-encrypt (MtE).
For example, the encryption library is selected as a dynamic link library file formed by compiling and packaging through a cryptographic algorithm (such as SM1, SM4 and SM7), for authenticating the encryption library, preprocessing preparation is required in the system environment of the encryption library, the preprocessing preparation is, for example, to acquire the use authority of the encryption library in the current system environment, then, Media Access Control (MAC) Address required for authentication can be started to be constructed, the MAC Address can be used as a hardware identifier of a current system or a trusted system of one type, or other keys can be selected, a MAC Address corresponding to the network hardware of the current system can be acquired, the MAC Address can be mapped into a key string (which can be an authentication key in a data format) according to the selected cryptographic algorithm, the key string can be stored into a registry of the current system or a newly-built configuration file or other string storage location, then when the encryption library needs to be authenticated, acquiring the MAC address of the current system and acquiring the key string from the storage location, calling an authentication function of the encryption library, such as auth (), wherein the authentication function can be used for performing encryption of the MAC address, or can be used for performing decryption of the key string, or can be used for performing both the encryption and the decryption, after the authentication function is performed, it can be checked whether the encryption result is consistent with the key string acquired from the storage location, or can be checked whether the decryption result is consistent with the MAC address of the current system, or can be checked whether the encryption result is consistent with the key string acquired from the storage location, and is checked whether the decryption result is consistent with the MAC address of the current system, if so, the encryption library passes the authentication; the encryption library of the open source encryption algorithm may also be an authentication method.
In the file of a test case, there may be steps of other test items, such as delay time, bandwidth, etc.; the remote communication unit and the master station can be servers or industrial control equipment, and the test method can be executed on the remote communication unit or the master station, and is preferably executed on the master station.
Further, after authenticating the encryption library and reading the test case, and before acquiring the access control instruction in the test case, the method may further include:
and updating the master station network access address of the access control instruction in the test case, wherein the master station network access address is obtained from a master station white list.
In some implementations, the master network access address may be a public network address, which may be different according to the network environment of the remote communication unit and the master station, and when changed, may be an IP address, for example 192.168.1.100; the white list of the master station can be obtained in advance through the route configuration.
Further, the obtaining an access control instruction in the test case and invoking an encryption library after the authentication is passed to encrypt the access control instruction may include:
acquiring an access control instruction in the test case, and determining a configuration instruction in the access control instruction and an updated master station network access address;
calling an encryption library which passes authentication, and carrying out encryption calculation on the plaintext of the updated master station network access address to obtain a ciphertext corresponding to the plaintext;
the clear text of the configuration instructions is maintained.
In some implementations, the access control instruction may be:
set AT $ MYUPDATEAC 1, IP address to be set
The configuration instruction can be a part except an IP address to be set, and after the white list IP address of the main station is set, the access control instruction is updated as follows:
set`AT$MYUPDATEAC=1,192.168.1.100`
for setting a section of IP address, a plurality of access control instructions can be configured, and when the use case is read, the instruction for setting the white list of the main station is represented;
continuing to convert the set IP address into a ciphertext, extracting 192.168.1.100 in the access control instruction, and performing encryption calculation according to a format specified by an encryption library, where the processed ciphertext may be, for example: DFEA037439DAEB 90652836497;
further, the changing the access control instruction in the test case to an encrypted access control instruction may include:
splicing the plaintext of the configuration instruction and the ciphertext to obtain a spliced access control instruction;
changing the access control instruction in the test case into the spliced access control instruction;
after the change, the access control instruction can be:
set`AT$MYUPDATEAC=1,DFEA037439DAEB90652836497`
the instruction can be sent to the remote communication unit of the embodiment of the invention, and the remote communication unit analyzes the IP address of the master station according to the ciphertext and sets the white list IP address of the master station.
Further, the executing the test case after the access control instruction is changed to obtain the test result may include:
trying to establish communication connection between the communication unit and the master station according to the access control instruction in the test case after the access control instruction is changed;
and obtaining a test result corresponding to the connection state by judging the connection state of the communication connection.
In some implementations, a connection request test may be initiated at the remote communication unit for a white list IP address of the master station that has been set; the test result can be judged as:
and (3) connection is successful: the test is passed; or
Connection failure: the test failed.
For the IP address of the master station white list which is not set, a connection request test can be initiated at the remote communication unit; the test result can be judged as:
and (3) connection is successful: the test fails; or
Connection failure: the test is passed.
After the deletion of the white list IP address of the primary station that was set, a connection request test may be initiated at the remote communication unit. The test result is judged as:
and (3) connection is successful: the test fails; or
Connection failure: the test is passed.
In some implementations, as in fig. 2, the testing method can include the steps of:
s1), performing encryption library authentication;
s2) judging whether the authentication is successful, if not, ending the test, optionally reporting an error, and if so, carrying out S3);
s3) reading (testing) cases;
s4) encrypting the IP (address) of the main station, and setting the IP address of the main station as a white list address;
s5) judging whether the IP address of the main station white list is successfully set, if not, ending the test, optionally reporting an error, and if so, carrying out S6);
s6), and determining whether the legal IP address and the illegal IP address are successfully limited, wherein the legal IP address can be the IP address or IP address field which is set or once set and still exists in the white list of the master station, and the illegal IP address can be the IP address or IP address field which is not set or once set and deleted later in the white list of the master station, and then obtaining the test result, and ending the access control test of the remote communication unit and the master station.
Example 2
The embodiment of the invention and the embodiment 1 belong to the same inventive concept, and the embodiment of the invention provides a response method for access control of a communication unit master station, wherein the response method comprises the following steps:
authenticating the encryption library, and receiving an access control instruction provided by a test case in the test method described in embodiment 1;
executing the access control instruction;
attempting to decrypt the access control instruction through the encryption vault,
if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address by executing the decrypted access control instruction;
and requesting to establish communication connection with the network access address of the master station, and returning the connection state of the communication connection requested to be established to the test case, or not returning any failed connection state to the test case.
The embodiment of the present invention can be used for response execution of the remote communication unit, and the access control instruction can have various forms, such as an unencrypted access control instruction, a fully encrypted access control instruction (for example, a corresponding code line is fully converted into an encrypted code, such as a hash code, etc.), and a spliced access control instruction as described in embodiment 1.
The embodiment of the invention can be applicable regardless of whether the access control instruction is encrypted, for the unencrypted access control instruction, when the access control instruction is executed for the first time, the updating of the network access address of the main station can be completed according to the configuration instruction of the plaintext in the access control instruction, and the network access address of the main station can not be updated because the address is not obtained when the access control instruction is executed for the second time;
for the completely encrypted access control instruction, when the access control instruction is executed for the first time, the execution state can be optionally returned to be abnormal (but the execution state can be ignored by default), then decryption is attempted, the decrypted access control instruction can be a complete plaintext and has a configuration instruction and a network access address, and therefore the network access address of the master station can be successfully updated by executing the decrypted access control instruction again;
for the spliced access control instruction, after the access control instruction is executed for the first time, the value (the value of the operation position) corresponding to the network access address field of the master station is actually covered by the ciphertext, but the network access address can be obtained after decryption, so that after the access control instruction is executed for the second time, the obtained network access address can be used for covering the ciphertext, the minimum judgment operation introduction is realized, and the local calculation cost is reduced.
A judgment operation may be introduced to distinguish an execution state, and perform a corresponding operation accurately according to the execution state, specifically, after the executing the access control instruction and before the attempting to decrypt the access control instruction through the encryption library, the method further includes:
determining an execution state corresponding to the access control instruction,
if the execution state is unsuccessful, performing the step of attempting to decrypt the access control instruction through the encryption library, and considering that the access control instruction is completely encrypted;
if the execution state is successful execution, the encryption library is tried to decrypt the value of the operation position corresponding to the configuration instruction in the access control instruction, and the access control instruction can be considered to be spliced or unencrypted;
and if the network access address is obtained through the value of the operation position after decryption (the access control command can be considered to be a spliced access control command), updating the obtained network access address into the master station network access address by executing the decrypted access control command, and performing the step of establishing communication connection between the request and the master station network access address.
Example 3
The embodiment of the present invention is the same inventive concept as embodiments 1 and 2, and provides a test system for access control of a master station of a communication unit, where the test system may include:
an encryption module for providing an encryption library and authenticating the encryption library;
the configuration module is used for reading a test case, acquiring an access control instruction in the test case, calling an encryption library after passing authentication to encrypt the access control instruction, and changing the access control instruction in the test case into the encrypted access control instruction;
and the execution module executes the test case after the access control instruction is changed to obtain a test result.
Specifically, the test system may further include a key generation module, where the key generation module is configured to:
acquiring a pre-configured encryption library and a hardware identifier of a trusted system, and converting the hardware identifier into a trusted authentication key through the pre-configured encryption library;
recording the trusted authentication key to a storage location having read authority.
Specifically, the encryption module is specifically configured to:
acquiring a hardware identifier of a current system, and reading the trusted authentication key from the storage position, wherein the hardware identifier of the current system is the same as the hardware identifier of the trusted system in type;
verifying whether an authentication key transformed from the hardware identification of the current system and the authenticated encryption library are identical to the trusted authentication key, and/or,
verifying whether the hardware identifier converted according to the authenticated encryption library and the trusted authentication key is consistent with the hardware identifier of the trusted system;
and if the inconsistent verification result does not exist, judging that the authenticated encryption library is the encryption library after the authentication is passed.
Preferably, after authenticating the encryption library and reading the test case, and before acquiring the access control instruction in the test case, the configuration module may be further configured to:
and updating the master station network access address of the access control instruction in the test case, wherein the master station network access address is obtained from a master station white list.
Preferably, the configuration module may be specifically configured to:
acquiring an access control instruction in the test case, and determining a configuration instruction in the access control instruction and an updated master station network access address;
calling an encryption library which passes authentication, and carrying out encryption calculation on the plaintext of the updated master station network access address to obtain a ciphertext corresponding to the plaintext;
the clear text of the configuration instructions is maintained.
Preferably, the configuration module may be specifically configured to:
splicing the plaintext of the configuration instruction and the ciphertext to obtain a spliced access control instruction;
and changing the access control instruction in the test case into the spliced access control instruction.
Preferably, the execution module may specifically be configured to:
trying to establish communication connection between the communication unit and the master station according to the access control instruction in the test case after the access control instruction is changed;
and obtaining a test result corresponding to the connection state by judging the connection state of the communication connection.
Preferably, the execution module may specifically be configured to:
if the access control instruction in the test case after the access control instruction is changed sets a newly added network access address of the master station,
attempting to establish a communication connection between the network access address of the communication unit and the network access address of the newly added master station,
if the communication connection is judged to be successful, a result of passing the test is obtained, or
And judging that the communication connection is failed, and obtaining a result that the test is failed.
Preferably, the execution module may specifically be configured to:
if the access control command deletes the added network access address of the master station in the test case after the access control command is changed,
attempting to establish a communication connection between the network access address of the communication unit and the incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
Preferably, the execution module may specifically be configured to:
if the access control instruction in the test case after the access control instruction is changed does not increase the network access address of the master station which is not increased,
attempting to establish a communication connection between the network access address of the communication unit and the non-incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
Example 4
The embodiment of the present invention is the same inventive concept as embodiments 1 to 3, and the embodiment of the present invention is used for a response system for access control of a communication unit master station, and the response system includes:
a decryption module for providing an encrypted library and authenticating the encrypted library;
a receiving module, configured to receive an access control instruction provided by the test case in embodiment 2, and execute the access control instruction;
the updating module is used for attempting to decrypt the access control instruction through the encryption library, and if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address through executing the decrypted access control instruction;
and the response module is used for requesting to establish communication connection with the network access address of the master station and returning the connection state of the communication connection requested to be established to the test case or not returning any failed connection state to the test case.
The response system further includes: a judging module for judging an execution state corresponding to the access control instruction,
if the execution state is unsuccessful, performing the step of attempting to decrypt the access control instruction through the encryption library;
if the execution state is successful execution, the encryption library is tried to decrypt the value of the operation position corresponding to the configuration instruction in the access control instruction,
and if the network access address is obtained through the value of the operation position after decryption, updating the obtained network access address into the master station network access address through executing the decrypted access control command, and performing the step of establishing communication connection between the request and the master station network access address.
Although the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solutions of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications all belong to the protection scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention do not describe every possible combination.
Those skilled in the art will understand that all or part of the steps in the method according to the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In addition, any combination of various different implementation manners of the embodiments of the present invention is also possible, and the embodiments of the present invention should be considered as disclosed in the embodiments of the present invention as long as the combination does not depart from the spirit of the embodiments of the present invention.

Claims (16)

1. A test method for access control of a master station of a communication unit, the test method comprising:
authenticating the encryption library and reading a test case;
acquiring an access control instruction in the test case, and calling an encryption library after passing authentication to encrypt the access control instruction;
changing the access control instruction in the test case into an encrypted access control instruction;
and executing the test case after the access control instruction is changed to obtain a test result.
2. A test method for access control of a master station of a communication unit according to claim 1, wherein prior to authenticating the encryption vault, the test method further comprises:
acquiring a pre-configured encryption library and a hardware identifier of a trusted system, and converting the hardware identifier into a trusted authentication key through the pre-configured encryption library;
recording the trusted authentication key to a storage location having read authority.
3. A test method for access control of a master station of a communication unit according to claim 2, wherein the authentication encryption vault comprises:
acquiring a hardware identifier of a current system, and reading the trusted authentication key from the storage position, wherein the hardware identifier of the current system is the same as the hardware identifier of the trusted system in type;
verifying whether an authentication key transformed from the hardware identification of the current system and the authenticated encryption library are identical to the trusted authentication key, and/or,
verifying whether the hardware identifier converted according to the authenticated encryption library and the trusted authentication key is consistent with the hardware identifier of the trusted system;
and if the inconsistent verification result does not exist, judging that the authenticated encryption library is the encryption library after the authentication is passed.
4. The method of claim 1, after authenticating the encryption library and reading the test case and before obtaining the access control command in the test case, further comprising:
and updating the master station network access address of the access control instruction in the test case, wherein the master station network access address is obtained from a master station white list.
5. The method according to claim 4, wherein the obtaining of the access control command in the test case and the invoking of the authenticated encryption library to encrypt the access control command comprise:
acquiring an access control instruction in the test case, and determining a configuration instruction in the access control instruction and an updated master station network access address;
calling an encryption library which passes authentication, and carrying out encryption calculation on the plaintext of the updated master station network access address to obtain a ciphertext corresponding to the plaintext;
the clear text of the configuration instructions is maintained.
6. The method of claim 5, wherein the modifying the access control commands in the test case to encrypted access control commands comprises:
splicing the plaintext of the configuration instruction and the ciphertext to obtain a spliced access control instruction;
and changing the access control instruction in the test case into the spliced access control instruction.
7. The method of claim 4, wherein the executing the test case after the access control command is changed to obtain a test result comprises:
trying to establish communication connection between the communication unit and the master station according to the access control instruction in the test case after the access control instruction is changed;
and obtaining a test result corresponding to the connection state by judging the connection state of the communication connection.
8. The method according to claim 7, wherein the executing the test case after the access control command is changed to obtain a test result includes:
if the access control instruction in the test case after the access control instruction is changed sets a newly added network access address of the master station,
attempting to establish a communication connection between the network access address of the communication unit and the network access address of the newly added master station,
if the communication connection is judged to be successful, a result of passing the test is obtained, or
And judging that the communication connection is failed, and obtaining a result that the test is failed.
9. The method according to claim 7, wherein the executing the test case after the access control command is changed to obtain a test result includes:
if the access control command deletes the added network access address of the master station in the test case after the access control command is changed,
attempting to establish a communication connection between the network access address of the communication unit and the incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
10. The method according to claim 7, wherein the executing the test case after the access control command is changed to obtain a test result includes:
if the access control instruction in the test case after the access control instruction is changed does not increase the network access address of the master station which is not increased,
attempting to establish a communication connection between the network access address of the communication unit and the non-incremented master network access address,
if the communication connection is judged to be successful, a result that the test fails is obtained, or
And judging that the communication connection is failed, and obtaining a result of passing the test.
11. A response method for access control of a master station of a communication unit, the response method comprising:
authenticating an encryption library and receiving an access control instruction provided by a test case in the test method of any one of claims 1 to 10;
executing the access control instruction;
attempting to decrypt the access control instruction through the encryption vault,
if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address by executing the decrypted access control instruction;
and requesting to establish communication connection with the network access address of the master station, and returning the connection state of the communication connection requested to be established to the test case, or not returning any failed connection state to the test case.
12. The response method for access control of a communication unit master station of claim 11, after said executing said access control directives and before said attempting to decrypt said access control directives via said encryption vault, further comprising:
determining an execution state corresponding to the access control instruction,
if the execution state is unsuccessful, performing the step of attempting to decrypt the access control instruction through the encryption library;
if the execution state is successful execution, the encryption library is tried to decrypt the value of the operation position corresponding to the configuration instruction in the access control instruction,
and if the network access address is obtained through the value of the operation position after decryption, updating the obtained network access address into the master station network access address through executing the decrypted access control command, and performing the step of establishing communication connection between the request and the master station network access address.
13. A test system for access control of a master station of a communication unit, the test system comprising:
an encryption module for providing an encryption library and authenticating the encryption library;
the configuration module is used for reading a test case, acquiring an access control instruction in the test case, calling an encryption library after passing authentication to encrypt the access control instruction, and changing the access control instruction in the test case into the encrypted access control instruction;
and the execution module executes the test case after the access control instruction is changed to obtain a test result.
14. A response system for access control of a master station of a communication unit, the response system comprising:
a decryption module for providing an encrypted library and authenticating the encrypted library;
a receiving module, configured to receive an access control instruction provided by the test case in claim 11, and execute the access control instruction;
the updating module is used for attempting to decrypt the access control instruction through the encryption library, and if the network access address is obtained after decryption, the obtained network access address is updated to the master station network access address through executing the decrypted access control instruction;
and the response module is used for requesting to establish communication connection with the network access address of the master station and returning the connection state of the communication connection requested to be established to the test case or not returning any failed connection state to the test case.
15. An electronic device, comprising:
at least one processor;
a memory coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the method of any one of claims 1 to 12 by executing the instructions stored by the memory.
16. A computer readable storage medium storing computer instructions which, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 12.
CN202011293736.4A 2020-11-18 2020-11-18 Test method, response method and system for access control of communication unit master station Active CN112637122B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011293736.4A CN112637122B (en) 2020-11-18 2020-11-18 Test method, response method and system for access control of communication unit master station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011293736.4A CN112637122B (en) 2020-11-18 2020-11-18 Test method, response method and system for access control of communication unit master station

Publications (2)

Publication Number Publication Date
CN112637122A true CN112637122A (en) 2021-04-09
CN112637122B CN112637122B (en) 2022-01-18

Family

ID=75304345

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011293736.4A Active CN112637122B (en) 2020-11-18 2020-11-18 Test method, response method and system for access control of communication unit master station

Country Status (1)

Country Link
CN (1) CN112637122B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6161182A (en) * 1998-03-06 2000-12-12 Lucent Technologies Inc. Method and apparatus for restricting outbound access to remote equipment
CN109327436A (en) * 2018-09-27 2019-02-12 中国平安人寿保险股份有限公司 Safety detecting method, device, computer equipment and storage medium
CN111901312A (en) * 2020-07-10 2020-11-06 山东云海国创云计算装备产业创新中心有限公司 Method, system, equipment and readable storage medium for network access control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6161182A (en) * 1998-03-06 2000-12-12 Lucent Technologies Inc. Method and apparatus for restricting outbound access to remote equipment
CN109327436A (en) * 2018-09-27 2019-02-12 中国平安人寿保险股份有限公司 Safety detecting method, device, computer equipment and storage medium
CN111901312A (en) * 2020-07-10 2020-11-06 山东云海国创云计算装备产业创新中心有限公司 Method, system, equipment and readable storage medium for network access control

Also Published As

Publication number Publication date
CN112637122B (en) 2022-01-18

Similar Documents

Publication Publication Date Title
US11082228B2 (en) Reuse system, key generation device, data security device, in-vehicle computer, reuse method, and computer program
US7992193B2 (en) Method and apparatus to secure AAA protocol messages
CN108173662B (en) Equipment authentication method and device
JP4638912B2 (en) Method for transmitting a direct proof private key in a signed group to a device using a distribution CD
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
US20160365983A1 (en) Code signing system with machine to machine interaction
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
US10880100B2 (en) Apparatus and method for certificate enrollment
CN112737779B (en) Cryptographic machine service method, device, cryptographic machine and storage medium
CN105027493A (en) Secure mobile app connection bus
US20160365981A1 (en) Code signing system with machine to machine interaction
US11882117B1 (en) System and method for device label scan based zero touch device onboarding and device directory service
KR102591826B1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
KR20170017455A (en) Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices
CN116136911A (en) Data access method and device
JP6888122B2 (en) Semiconductor device, update data provision method, update data reception method and program
JP4998314B2 (en) Communication control method and communication control program
CN115150109A (en) Authentication method, device and related equipment
EP3820186A1 (en) Method and apparatus for transmitting router security information
CN116599719A (en) User login authentication method, device, equipment and storage medium
CN112637122B (en) Test method, response method and system for access control of communication unit master station
CN112182551B (en) PLC equipment identity authentication system and PLC equipment identity authentication method
CN114329522A (en) Private key protection method, device, system and storage medium
Bojanova et al. Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN)
US11968302B1 (en) Method and system for pre-shared key (PSK) based secure communications with domain name system (DNS) authenticator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant