CN113329008B - Intelligent power grid environment computing and protection parallel trusted computing platform - Google Patents
Intelligent power grid environment computing and protection parallel trusted computing platform Download PDFInfo
- Publication number
- CN113329008B CN113329008B CN202110580232.9A CN202110580232A CN113329008B CN 113329008 B CN113329008 B CN 113329008B CN 202110580232 A CN202110580232 A CN 202110580232A CN 113329008 B CN113329008 B CN 113329008B
- Authority
- CN
- China
- Prior art keywords
- password
- module
- time
- access terminal
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the field of electric power equipment, in particular to a trusted computing platform for parallel computing and protection of an intelligent power grid environment, which comprises a computing component and a protection component, wherein the protection component comprises a dynamic password distribution module, a historical password module, a time-staggered distribution module and a permission module; the dynamic password is used as a first password, the wrong password is used as a second password, the first password and the second password are transmitted by adopting a parallel line, and a dynamic password module is not required to be additionally arranged, so that the system cost is reduced on the premise of improving the safety; the wrong time password is generated relatively independently at the protection component and the access end, a password issuing process does not exist, the risk that the wrong time password is hijacked is avoided, the dynamic password distribution module and the historical password module relatively independently send the permission instruction to the permission module, and double-path safety is achieved.
Description
Technical Field
The invention relates to the field of electric power equipment, in particular to a trusted computing platform for parallel computing and protection of an intelligent power grid environment.
Background
With the continuous intellectualization of electric power equipment, various elements of a traditional power grid, including a controller, a sensor and the like, are continuously replaced by intelligent elements, a smart power grid is gradually formed, the smart power grid adopts hardware with a programmable program in the aspect of hardware, the smart power grid is constructed in the aspect of network architecture according to an internet of things mode, the smart power grid has higher similarity with the internet and has the characteristics of remote accessibility and controllability, so the possibility of being attacked by the network is higher and higher, and because of the basic status of the power grid in national economy, the protection of the power grid in various countries is more and more important.
Trusted Computing/Trusted Computing (TC) is a technology that is driven and developed by the Trusted Computing group (Trusted Computing cluster, formerly known as TCPA). Trusted computing is a trusted computing platform widely used in computing and communication systems and based on the support of a hardware security module, so as to improve the security of the whole system. The advocate of this technology states that it will make computers more secure, less vulnerable to viruses and malware, and therefore more reliable from an end user perspective. In addition, they also claim that trusted computing will make computers and servers provide greater computer security than is currently possible. While the art gives the system and software designers excessive rights and control, as opposed to thinking that those companies behind trusted computing are not so trustworthy.
Therefore, how to balance the relationship between security and system simplification is an important problem to be solved urgently in the field of smart grids, and password distribution is a key issue in the field.
Disclosure of Invention
1. Technical problem to be solved
For intelligent network systems including smart grids, conventional cryptographic solutions include:
(1) pre-storing a static password; the scheme controls the access authority by verifying whether the password input by the visitor is matched with the static password pre-stored in the system, has simple technical scheme and is easy to be cracked by attack means such as violent operation and the like;
(2) a dynamic password; the scheme distributes dynamic password firmware to a user in advance, controls access authority by verifying whether a real-time dynamic password input by the user is matched with the real-time dynamic password, and the dynamic password issuing process can be hijacked to cause password leakage.
(3) Double-password; the scheme of 'double dynamic passwords' or 'static passwords + dynamic passwords' has the problems of high similarity, easy overall cracking and increased use cost.
2. Technical scheme
In order to solve the problems, the invention adopts the following technical scheme:
a trusted computing platform with parallel computing and protection of an intelligent power grid environment comprises a parallel intelligent power grid computing component and an intelligent power grid protection component, wherein the intelligent power grid computing component is used for completing computing tasks, the intelligent power grid protection component is used for performing protection control on access authority and modification authority of the intelligent power grid computing component, and the protection control is based on real-time dynamic passwords and staggered passwords to control permission of access requests of an access terminal; the protection component comprises a dynamic password distribution module, a historical password module and a time-staggered distribution module; after the dynamic password distribution module generates the real-time dynamic password at the moment, the real-time dynamic password is distributed to the historical password module and the access terminal through the first line and the second line; the historical password module and the access terminal respectively generate a protection component historical password form and an access terminal historical password form; after the correct real-time dynamic password is input by the access terminal, the mistimed password distribution module sends a random forward tracing time to the historical password recording module and the access terminal, and the historical password recording module and the access terminal calculate a mistimed password based on the random forward tracing time; and when the access terminal inputs a correct wrong time password to the historical password module through the parallel line, allowing the access terminal to access the computing component.
Furthermore, the protection component also comprises a permission module, and after the access terminal inputs the correct real-time dynamic password, the dynamic password distribution module sends a first permission instruction to the permission module; and after the access terminal inputs a correct wrong-time password to the historical password module through the parallel line, the historical password module sends a second permission instruction to the permission module, and the permission module allows the access terminal to access the computing component based on the first permission instruction and the second permission instruction.
Further, the staggered-time distribution module sends the random forward tracing time to the access terminal and the historical password module through different lines, and the access terminal and the historical password module independently calculate staggered-time passwords based on a protection component historical password form and an access terminal historical password form of the access terminal.
Furthermore, the access terminal and the history password module are in one-way communication, and only the access terminal is allowed to input the wrong time password to be verified to the history password module.
Furthermore, the time-staggered distribution module and the history password module are in one-way communication, and only the time-staggered distribution module is allowed to send the random forward tracing time to the history password module.
Furthermore, the time-staggered distribution module and the access terminal are in one-way communication, and only the time-staggered distribution module is allowed to send random forward tracing time to the access terminal.
Further, the access terminal is in bidirectional communication with the computing unit under the control of the permission module.
Furthermore, a bidirectional check line is arranged between the protection component historical password form and the access end historical password form, when other communication lines of the access end are disconnected, the bidirectional check line checks the protection component historical password form and the access end historical password form, and when the protection component historical password form and the access end historical password form are inconsistent, the content of the access end historical password form is replaced by the content of the protection component historical password form.
3. Advantageous effects
Compared with the prior art, the invention has the advantages that:
(1) in the scheme, the dynamic password distribution module is adopted to generate the dynamic password at the cost moment, and the dynamic password is used as the first password, so that the basic security is realized, and the realization cost is lower; the wrong time password is generated by using the historical dynamic password as the second password, and a dynamic password module is not required to be additionally arranged, so that the system cost is reduced on the premise of improving the safety;
(2) in the scheme, a historical password form is adopted to record the generated dynamic password, and forms for password inquiry are respectively generated at a protection component and an access end; the method comprises the steps that a time-staggered distribution module is utilized to randomly generate a forward tracing moment, and time-staggered passwords are generated on a protection component and an access end relatively independently by utilizing the random forward tracing moment, so that a password issuing process does not exist, and the risk that the time-staggered passwords are hijacked is avoided;
(3) in the scheme, the dynamic password and the wrong password are transmitted in a one-way mode through parallel lines, so that the problem that all passwords are leaked due to hijacking of a single line is solved;
(4) in the scheme, the dynamic password distribution module and the historical password module relatively independently send the permission instruction to the permission module, so that the two-way security is realized;
(5) in the scheme, the protection component and the historical password form of the access terminal have a checking function, and an uplink of the access terminal is disconnected during checking, so that the system safety is improved; and when the password is inconsistent with the password, the password is prevented from being tampered due to hijacking of the access terminal on the basis of the record of the protection component.
Drawings
FIG. 1 is a simplified schematic diagram of the principal architecture of a computing platform according to the present invention;
FIG. 2 is a logic diagram of the connection of the main components of the computing platform according to the present invention;
the reference numbers in the figures illustrate:
1. a calculation section; 2. a shielding component; 3. an access terminal; 11. a dynamic password distribution module; 12. a historical password module; 13. a time-staggered distribution module; 14. a licensing module; 121. a protection component historical password form; 31. and accessing the historical password form of the terminal.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention; it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and all other embodiments obtained by those skilled in the art without any inventive work are within the scope of the present invention.
Referring to fig. 1-2, the present application can have different embodiments according to specific situations:
specific example 1:
a trusted computing platform with parallel computing and protection of an intelligent power grid environment comprises a parallel computing component 1 of the intelligent power grid and a parallel protection component 2 of the intelligent power grid, wherein the computing component 1 of the intelligent power grid is used for completing computing tasks, the protection component 2 of the intelligent power grid is used for performing protection control on access authority and modification authority of the computing component 1 of the intelligent power grid, and the protection control is based on real-time dynamic passwords and staggered passwords to control permission of access requests of an access terminal 3;
the protection component 1 comprises a dynamic password distribution module 11, a historical password module 12 and a time-staggered distribution module 13; after the dynamic password distribution module 11 generates the real-time dynamic password at the moment, the real-time dynamic password is distributed to the historical password module 12 and the access terminal 3 through the first line and the second line; the historical password module 12 and the access terminal 3 respectively generate a protection component historical password form 121 and an access terminal historical password form 31; after the access terminal 3 inputs a correct real-time dynamic password, the mistimed password distribution module 13 sends a random previous tracing time to the historical password recording module 12 and the access terminal 3, and the historical password recording module 12 and the access terminal 3 calculate a mistimed password based on the random previous tracing time; when the access terminal 3 inputs a correct wrong-time password to the historical password module 12 through a parallel line, the access terminal is allowed to access the computing part.
The protection component 1 further comprises a permission module 14, and after the access terminal 3 inputs a correct real-time dynamic password, the dynamic password distribution module 11 sends a first permission instruction to the permission module 14; after the access terminal 3 inputs a correct wrong-time password to the historical password module 12 through the parallel line, the historical password module 12 sends a second permission instruction to the permission module 14, and the permission module 14 allows the access terminal to access the computing component based on the first permission instruction and the second permission instruction.
The time-staggered distribution module 13 sends the random previous trace time to the access terminal 3 and the history password module 12 through different lines, and the access terminal 3 and the history password module 12 independently calculate the time-staggered password based on the protection component history password form 121 and the access terminal history password form 31 of the access terminal 3 and the history password module 12.
The access terminal 3 and the history password module 12 are in one-way communication, and only the access terminal 3 is allowed to input the wrong time password to be verified to the history password module 12.
The time-staggered distribution module 13 and the history password module 12 are in one-way communication, and only the time-staggered distribution module 13 is allowed to send the random forward tracing time to the history password module 12.
The time-staggered distribution module 13 and the access terminal 3 are in one-way communication, and only the time-staggered distribution module 13 is allowed to send the random forward tracing time to the access terminal 3.
The access terminal 3 communicates bi-directionally with the computation element 1 under the control of said permission module 14.
A bidirectional check line is arranged between the protection component historical password form 121 and the access terminal historical password form 31, when other communication lines of the access terminal are disconnected, the bidirectional check line checks the protection component historical password form 121 and the access terminal historical password form 31, and when the protection component historical password form 121 and the access terminal historical password form 31 are inconsistent, the contents of the access terminal historical password form 31 are replaced by the contents of the protection component historical password form 121.
The mistime password is generated in the history password form according to the random previous tracing time, for example, the current time is n time, the previous tracing time with a value of m is randomly generated, and the mistime password is the password at the nth-m time.
The foregoing is only a preferred embodiment of the present invention; the scope of the invention is not limited thereto. Any person skilled in the art should be able to cover the technical scope of the present invention by equivalent or modified solutions and modifications within the technical scope of the present invention.
Claims (7)
1. A parallel trusted computing platform for smart grid environment computing and protection comprises a parallel smart grid computing component (1) and a smart grid protection component (2), wherein the smart grid computing component (1) is used for completing computing tasks, and the smart grid protection component (2) is used for protecting and controlling access rights and modification rights of the smart grid computing component (1), and is characterized in that:
the protection control controls the permission of the access request of the access terminal (3) based on the real-time dynamic password and the time error password;
the protection component (2) comprises a dynamic password distribution module (11), a historical password module (12) and a time-staggered distribution module (13);
after the dynamic password distribution module (11) generates the real-time dynamic password at the moment, the real-time dynamic password is distributed to the historical password module (12) and the access terminal (3) through a first line and a second line;
the historical password module (12) and the access terminal (3) respectively generate a protection component historical password form (121) and an access terminal historical password form (31);
after the correct real-time dynamic password is input by the access terminal (3), the wrong time distribution module (13) sends random previous tracing time to the access terminal (3) and the historical password module (12) through different lines, the access terminal (3) and the historical password module (12) independently calculate the wrong time password based on the own access terminal historical password table (31) and the protection component historical password table (121), the wrong time password is generated in the historical password table according to the random previous tracing time, the current time is n time, the previous tracing time with a value of m is randomly generated, and the wrong time password is the password at the nth-m time;
and when the access terminal (3) inputs a correct wrong time password to the historical password module (12) through a parallel circuit, the access terminal is allowed to access the computing part.
2. The smart grid environment computing and protection parallel trusted computing platform of claim 1, wherein: the protection component (2) further comprises a permission module (14), and after the access terminal (3) inputs a correct real-time dynamic password, the dynamic password distribution module (11) sends a first permission instruction to the permission module (14); after the access terminal (3) inputs a correct wrong-time password to the historical password module (12) through a parallel circuit, the historical password module (12) sends a second permission instruction to the permission module (14), and the permission module (14) allows the access terminal to access the computing component based on the first permission instruction and the second permission instruction.
3. The smart grid environment computing and protection parallel trusted computing platform according to claim 1 or 2, wherein: the access terminal (3) and the history password module (12) are in one-way communication, and only the access terminal (3) is allowed to input a wrong time password to be verified to the history password module (12).
4. The smart grid environment computing and protection parallel trusted computing platform according to claim 1 or 2, wherein: the time-staggered distribution module (13) and the history password module (12) are in one-way communication, and only the time-staggered distribution module (13) is allowed to send the random forward tracing time to the history password module (12).
5. The smart grid environment computing and protection parallel trusted computing platform according to claim 1 or 2, wherein: the staggered time distribution module (13) and the access terminal (3) are in one-way communication, and the staggered time distribution module (13) is only allowed to send the random forward tracing time to the access terminal (3).
6. The smart grid environment computing and protection parallel trusted computing platform according to claim 1 or 2, wherein: the access terminal (3) is in bidirectional communication with the computing means (1) under the control of the permission module (14).
7. The smart grid environment computing and protection parallel trusted computing platform according to claim 1 or 2, wherein: a bidirectional check line is arranged between the protection component historical password form (121) and the access end historical password form (31), when other communication lines of the access end are disconnected, the bidirectional check line checks the protection component historical password form (121) and the access end historical password form (31), and when the protection component historical password form and the access end historical password form are inconsistent, the content of the access end historical password form (31) is replaced by the content of the protection component historical password form (121).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110580232.9A CN113329008B (en) | 2021-05-26 | 2021-05-26 | Intelligent power grid environment computing and protection parallel trusted computing platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110580232.9A CN113329008B (en) | 2021-05-26 | 2021-05-26 | Intelligent power grid environment computing and protection parallel trusted computing platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113329008A CN113329008A (en) | 2021-08-31 |
| CN113329008B true CN113329008B (en) | 2022-04-08 |
Family
ID=77421336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110580232.9A Active CN113329008B (en) | 2021-05-26 | 2021-05-26 | Intelligent power grid environment computing and protection parallel trusted computing platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113329008B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105468978A (en) * | 2015-11-16 | 2016-04-06 | 国网智能电网研究院 | Trusted computing cryptogram platform suitable for general computation platform of electric system |
| CN108460262A (en) * | 2018-01-08 | 2018-08-28 | 平安科技(深圳)有限公司 | Cipher management method, device, terminal device and storage medium |
| CN111800266A (en) * | 2020-08-19 | 2020-10-20 | 福州大学 | Off-line sharing equipment control system and method based on real-time reference |
| CN112269995A (en) * | 2020-08-07 | 2021-01-26 | 国网河北省电力有限公司信息通信分公司 | Trusted computing platform for parallel computing and protection of smart power grid environment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE0200812L (en) * | 2002-03-18 | 2003-09-16 | Optillion Ab | communication Module |
| CN102752319B (en) * | 2012-07-31 | 2015-02-11 | 广州市品高软件开发有限公司 | Cloud computing secure access method, device and system |
| CN112784258A (en) * | 2020-12-29 | 2021-05-11 | 国网宁夏电力有限公司信息通信公司 | Trusted computing system and safety protection system |
-
2021
- 2021-05-26 CN CN202110580232.9A patent/CN113329008B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105468978A (en) * | 2015-11-16 | 2016-04-06 | 国网智能电网研究院 | Trusted computing cryptogram platform suitable for general computation platform of electric system |
| CN108460262A (en) * | 2018-01-08 | 2018-08-28 | 平安科技(深圳)有限公司 | Cipher management method, device, terminal device and storage medium |
| CN112269995A (en) * | 2020-08-07 | 2021-01-26 | 国网河北省电力有限公司信息通信分公司 | Trusted computing platform for parallel computing and protection of smart power grid environment |
| CN111800266A (en) * | 2020-08-19 | 2020-10-20 | 福州大学 | Off-line sharing equipment control system and method based on real-time reference |
Non-Patent Citations (1)
| Title |
|---|
| 《对智能电网信息安全防护体系及关键技术的探讨》;方钟;《通讯世界》;20181221;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113329008A (en) | 2021-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2225695B1 (en) | Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral | |
| CN112653689B (en) | Terminal zero trust security control method and system | |
| CN105430000A (en) | Cloud computing security management system | |
| US10958670B2 (en) | Processing system for providing console access to a cyber range virtual environment | |
| CN112364311A (en) | Method and device for managing identity on block chain | |
| CN102035838A (en) | Trust service connecting method and trust service system based on platform identity | |
| CN106603488A (en) | Safety system based on power grid statistical data searching method | |
| CN103944913A (en) | Server-oriented safe firmware designing method | |
| CN112115484B (en) | Access control method, device, system and medium for application program | |
| US10924481B2 (en) | Processing system for providing console access to a cyber range virtual environment | |
| CN113329008B (en) | Intelligent power grid environment computing and protection parallel trusted computing platform | |
| CN112347440B (en) | User access authority division system of industrial control equipment and application method thereof | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN104915597A (en) | Physical isolation type USB port protection system and method | |
| CN108769004B (en) | Remote operation safety verification method for industrial internet intelligent equipment | |
| US20170308720A1 (en) | Method of accessing functions of an embedded device | |
| Hu et al. | Enhancing Account Privacy in Blockchain-based IoT Access Control via Zero Knowledge Proof | |
| CN105653928B (en) | A kind of refusal service detection method towards big data platform | |
| CN104580997A (en) | Video monitoring management system | |
| CN104581006A (en) | Video monitoring management method | |
| Khurshid et al. | ShieLD: Shielding Cross-zone Communication within Limited-resourced IoT Devices running Vulnerable Software Stack | |
| Vyas et al. | SPLinux: An Information Flow Secure Linux | |
| CN201403103Y (en) | Network fixation safety management system | |
| CN204576522U (en) | A kind of physical isolation formula USB interface guard system | |
| RU2334272C1 (en) | Device protecting against unauthorised access to information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |