CN113709119A - Password security gateway, system and use method - Google Patents
Password security gateway, system and use method Download PDFInfo
- Publication number
- CN113709119A CN113709119A CN202110923359.6A CN202110923359A CN113709119A CN 113709119 A CN113709119 A CN 113709119A CN 202110923359 A CN202110923359 A CN 202110923359A CN 113709119 A CN113709119 A CN 113709119A
- Authority
- CN
- China
- Prior art keywords
- security
- management
- channel
- communication channel
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Abstract
The invention discloses a password security gateway, a system and a use method, wherein the password security gateway comprises an interface module, a network protocol processing module and a password security module, wherein the interface module comprises at least one USB interface and two Ethernet interfaces and is used for being connected with terminal equipment; the network protocol processing module comprises a TCP/IP protocol and an SSL protocol; the password security module comprises an encryption algorithm and establishes a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together with the network protocol processing module; the safety management channel receives and processes a management command sent by an external management entity and controls the establishment and the closing of a safety communication channel; and the secure communication channel is used for realizing data transmission and control between the terminal equipment and the background business machine. The invention can provide complete password security function for the industrial terminal equipment.
Description
Technical Field
The invention particularly relates to a password security gateway, a password security system and a using method.
Background
With the development of intellectualization and networking of industrial systems, security attacks against industrial systems are rapidly growing. The security attack of the industrial system damages equipment and causes personnel and environmental hazards, and a security protection system is urgently needed to be established. The cryptographic algorithm is the core of information security, and the cryptographic technology is used for carrying out security protection on the industrial system, so that endogenous and complete security protection can be established for the industrial system. The industrial terminal equipment is a boundary node of an industrial system and has the characteristics of less computing resources, compact system and closed function. The password security protection is realized on the industrial terminal equipment, and one method is to integrate the password security function in the equipment, but the equipment needs to be thoroughly modified, so that the cost is high, and the method is not suitable for the deployed industrial terminal; one is to pre-arrange embedded VPN equipment such as IPSec and the like outside the equipment, but VPN can only provide channel encryption, and has limited functions, and cannot realize password security functions such as system update security, key command security and the like.
The industrial system comprises a field execution device, a field control device, an engineer station/operator station and other service upper computers, and the three types of devices have different resources and technical systems, so corresponding safety protection methods are different. The safety protection method comprises address filtering, flow control, VPN and other conventional network boundary protection methods, but the methods are based on a logic control mechanism, have insufficient tightness and completeness and are easy to crack. The password is a gene for information security, and China already forms an SM series password algorithm (SM2/SM3/SM4) and can reconstruct and form a scientific and rigorous information security technical system.
The industrial terminal equipment comprises field execution equipment and field control equipment, is a boundary node of an industrial system, and has the characteristics of less computing resources, compact system and closed function. The password security protection is realized on the industrial terminal equipment, and one method is to integrate the password security function in the equipment, but the equipment needs to be thoroughly modified, so that the cost is high, and the method is not suitable for the deployed industrial terminal; one is to pre-arrange embedded VPN equipment such as IPSec/SSL and the like outside the equipment, but VPN can only provide channel encryption, has limited functions, is the same for all data protection mechanisms, has limited functions, and cannot provide enhanced cryptographic security functions for system updates, critical operation commands and the like.
In the scheme of pre-arranging embedded VPN devices such as IPSec/SSL and the like outside the industrial terminal device, the industrial terminal device is connected with the VPN device through an interface, the industrial terminal device seals other interfaces, and external communication of the industrial terminal device needs to be forwarded through the VPN device firstly. The VPN device generally includes two pairs, which are denoted as an a-side and a B-side, and a data communication channel is formed between the a-side and the B-side for protection. The method comprises the following specific steps:
(1) presetting keys, IP addresses and ports in VPN equipment of the A end and the B end; the A end is arranged in front of the industrial terminal equipment and serves as a communication client; the B-side equipment is deployed to a communication background and serves as a communication server;
(2) after the equipment at the A end is electrified, the equipment at the B end is connected to the B end according to the preset IP address and port of the equipment at the B end, and a security channel of an IPsec layer or an SSL is established;
(3) when data sent to the industrial terminal equipment passes through the B-end equipment, the B-end equipment encrypts the data at an IP layer or a TCP layer and then sends the data to the A-end;
(4) the A-end equipment receives the data protected by the password, decrypts the data and forwards the decrypted data to the industrial terminal equipment;
(5) when data sent to the background by the industrial terminal equipment passes through the A-end equipment, the data is encrypted by the A-end equipment on an IP layer or a TCP layer and then sent to the B-end;
(6) and the B-side equipment receives the data protected by the password, decrypts the data and forwards the data to the service background.
The existing external security protection of industrial terminal equipment adopts the scheme of embedded VPN equipment such as a front-end IPSec/SSL and the like, because VPN can only provide encryption protection of a communication channel, the protection mechanism aiming at all data is the same, the function is limited, and the enhanced password security function can not be provided aiming at system updating, key operation commands and the like. In addition, the existing embedded VPN devices such as IPSec/SSL and the like use foreign algorithms such as RSA, AES and the like, and do not conform to the regulations of the cryptographic algorithm application in China.
Disclosure of Invention
Aiming at the problems, the invention provides a password security gateway, a system and a use method, which can provide a complete password security function for industrial terminal equipment.
In order to achieve the technical purpose and achieve the technical effects, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides a cryptographic security gateway, comprising:
the interface module comprises at least one USB interface and two Ethernet interfaces and is used for being connected with the terminal equipment;
the network protocol processing module comprises a TCP/IP protocol and an SSL protocol;
the password security module comprises an encryption algorithm and establishes a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together with the network protocol processing module; the safety management channel receives and processes a management command sent by an external management entity and controls the establishment and the closing of a safety communication channel; and the secure communication channel is used for realizing data transmission and control between the terminal equipment and the background business machine.
Optionally, the secure management channel and the secure communication channel are both established and obtained based on an IP address and a port preset in the network protocol processing module and an encryption algorithm in the cryptographic security module.
Optionally, the secure management channel is configured to connect to a specified external management entity, receive a management command sent by the external management entity, issue a control command to the secure communication channel, and control establishment and closing of the secure communication channel.
Optionally, the secure communication channel is controlled to be established and closed by the secure management channel, and is used for connecting the industrial terminal device and the background service, establishing a network connection, and transmitting data.
Optionally, the secure management channel and the secure communication channel use different keys.
Optionally, the encryption algorithm is an SM series cryptographic algorithm.
In a second aspect, the present invention provides a cryptographic security system comprising:
the cryptographic security gateway of any of the first aspect;
the external management entity is connected with the password security gateway and sends a management command to the password security gateway;
and the password security gateway controls data transmission and control between the background service machine and the terminal equipment based on the received management command.
Optionally, the background service machine sends the management command and the attached data thereof to an external management entity;
the external management entity preprocesses the received data and constructs an operation authorization Token; the operation authorization Token is a signature value, is obtained by using a private key of an external management entity to calculate and obtain by using { command ID, data packet Hash value } as an input field;
the external management entity issues an operation authorization Token to the password security module through the security management channel, the password security module verifies the authorization Token by using a preset public key of the external management entity, and prepares to receive a subsequent data packet after passing, otherwise, returns failure;
the external management entity sends a data packet to the password security module through a security management channel, the password security module calculates a Hash value of the data packet, verifies a signature in the data packet, and recovers a management command and accessory data thereof from the data packet after the Hash value passes the verification;
the password security gateway forwards the recovered management command and the auxiliary data thereof to the terminal equipment;
and the terminal equipment executes the received management command to complete the control of the background business machine on the terminal equipment.
In a third aspect, the present invention provides a method for using a cryptographic security gateway according to any one of the first aspect, including:
the interface module is used for connecting with terminal equipment;
establishing a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together by utilizing the password security module and the network protocol processing module;
receiving and processing a management command sent by an external management entity by using the secure management channel, and controlling the establishment and the closing of a secure communication channel;
and realizing data transmission and control between the terminal equipment and the background business machine by utilizing the secure communication channel.
Compared with the prior art, the invention has the beneficial effects that:
the password security gateway provided by the invention avoids the problem of reconstruction of industrial terminal equipment in an external mode. In the invention, a security management channel and a security communication channel in the password security gateway both conform to SSL protocol, wherein the security management channel is used for connecting an external management entity and only transmitting a management command; the secure communication channel is used for connecting a background business machine, transmitting various data and issuing key operations of the terminal equipment through the secure management channel, so that an enhanced password security function is provided, and the problems that the traditional VPN equipment can only provide a mechanism of indifferent channel encryption and the password security function is incomplete are solved.
Drawings
In order that the present disclosure may be more readily and clearly understood, reference is now made to the following detailed description of the present disclosure taken in conjunction with the accompanying drawings, in which:
fig. 1 is a schematic structural diagram of a cryptographic security gateway according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a cryptographic security system according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a connection between an interface module and a terminal device according to an embodiment of the present invention;
fig. 4 is a second schematic diagram illustrating a connection between an interface module and a terminal device according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the scope of the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
Example 1
An embodiment of the present invention provides a password security gateway, as shown in fig. 1, including:
the interface module comprises at least one USB interface and two Ethernet interfaces and is used for being connected with the terminal equipment;
the network protocol processing module comprises a TCP/IP protocol and an SSL protocol;
the password security module comprises an encryption algorithm, provides a main control function of the password security gateway, and establishes a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together with the network protocol processing module, wherein the security management channel and the security communication channel use different keys; the safety management channel receives and processes a management command sent by an external management entity and controls the establishment and the closing of a safety communication channel; and the secure communication channel is used for realizing data transmission and control between the terminal equipment and the background business machine. In a specific implementation manner of the embodiment of the invention, the encryption algorithm is an SM series cryptographic algorithm, and meets the application regulation of the cryptographic algorithm in China.
The security management channel and the security communication channel are both established and obtained based on the preset IP address and port in the network protocol processing module and the encryption algorithm in the password security module. Specifically, the secure management channel and the secure communication channel are established by the following processes:
and establishing an SSL1 protocol to an external management entity by using the password security module according to the preset IP address and port, forming a logic security management channel on the basis of the SSL1 protocol, and waiting for receiving a management command of the external management entity. At the moment, the secure communication channel is closed, and the situation that the industrial terminal equipment cannot be directly connected with the background business machine through the network is blocked.
After the password security module receives a 'start security communication' command sent by an external management entity through a security management channel, the password security module establishes an SSL2 protocol to background service according to a preset IP address and a preset port, and a logic security communication channel is formed on the basis of an SSL2 protocol. The industrial terminal equipment and the background business machine can establish network connection and transmit data, and the transmitted data is protected through SSL communication.
After the password security module receives a command of closing the security communication sent by an external management entity through the security management channel, the password security module closes the security communication channel, namely closes the SSL2, thereby blocking the direct network connection between the industrial terminal equipment and the background service machine.
The safety management channel is used for connecting to a designated external management entity, receiving a management command sent by the external management entity, issuing a control command to the safety communication channel and controlling the establishment and the closing of the safety communication channel. The secure communication channel is controlled to be established and closed by the secure management channel and is used for connecting the industrial terminal equipment and background services, establishing network connection and transmitting data.
Example 2
An embodiment of the present invention provides a password security system, as shown in fig. 2, including:
the cryptographic security gateway described in embodiment 1;
the external management entity is connected with the password security gateway and sends a management command to the password security gateway;
and the password security gateway controls data transmission and control between the background service machine and the terminal equipment based on the received management command.
As shown in fig. 3 and 4, the (industrial) terminal device is connected to the cryptographic security gateway in embodiment 1 via a USB interface or an ethernet interface, and applies physical fastening protection to the interface to prevent disassembly. The industrial terminal equipment seals other exposed interfaces, and all external communication is forwarded through the password security gateway.
The background service machine sends the management command and the attached data thereof to an external management entity;
the external management entity preprocesses the received data and constructs an operation authorization Token; the operation authorization Token is a signature value, is obtained by using a private key of an external management entity to calculate and obtain by using { command ID, data packet Hash value } as an input field;
the external management entity issues an operation authorization Token to the password security module through the security management channel, the password security module verifies the authorization Token by using a preset public key of the external management entity, and prepares to receive a subsequent data packet after passing, otherwise, returns failure;
the external management entity sends a data packet to the password security module through a security management channel, the password security module calculates a Hash value of the data packet, verifies a signature in the data packet, and recovers a management command and accessory data thereof from the data packet after the Hash value passes the verification;
the password security gateway forwards the recovered management command and the auxiliary data thereof to the terminal equipment;
and the terminal equipment executes the received management command to complete the control of the background business machine on the terminal equipment.
Example 3
The embodiment of the present invention provides a method for using a cryptographic security gateway described in embodiment 1, including:
the interface module is used for connecting with terminal equipment;
establishing a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together by utilizing the password security module and the network protocol processing module;
receiving and processing a management command sent by an external management entity by using the secure management channel, and controlling the establishment and the closing of a secure communication channel;
and realizing data transmission and control between the terminal equipment and the background business machine by utilizing the secure communication channel.
In summary, the present invention provides a cryptographic security gateway and a system, where the cryptographic security gateway is disposed in front of an industrial terminal device, and provides a complete cryptographic security function for the industrial terminal device. The cipher safety gateway uses China SM series algorithm, and comprises an interface module, a network protocol processing module and a cipher safety module. The password security gateway can establish two logic security channels based on SSL, one is a security management channel, and the other is a security communication channel; each logical channel uses a different key. The security management channel provides an enhanced password security mechanism, receives and processes specific management commands sent by an external management entity, wherein the specific management commands comprise a management command aiming at the password security gateway and a key management command issued by an upper computer aiming at the industrial terminal equipment; the safety management channel controls the establishment and the closing of the safety communication channel, and the safety communication channel realizes the transmission protection of general data.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (9)
1. A cryptographic security gateway, comprising:
the interface module comprises at least one USB interface and two Ethernet interfaces and is used for being connected with the terminal equipment;
the network protocol processing module comprises a TCP/IP protocol and an SSL protocol;
the password security module comprises an encryption algorithm and establishes a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together with the network protocol processing module; the safety management channel receives and processes a management command sent by an external management entity and controls the establishment and the closing of a safety communication channel; and the secure communication channel is used for realizing data transmission and control between the terminal equipment and the background business machine.
2. A cryptographic security gateway as claimed in claim 1, wherein: the security management channel and the security communication channel are both established and obtained based on the preset IP address and port in the network protocol processing module and the encryption algorithm in the password security module.
3. A cryptographic security gateway as claimed in claim 1, wherein: the safety management channel is used for connecting to a designated external management entity, receiving a management command sent by the external management entity, issuing a control command to the safety communication channel and controlling the establishment and the closing of the safety communication channel.
4. A cryptographic security gateway as claimed in claim 1, wherein: the secure communication channel is controlled to be established and closed by the secure management channel and is used for connecting the industrial terminal equipment and background services, establishing network connection and transmitting data.
5. A cryptographic security gateway as claimed in claim 1, wherein: the secure management channel and the secure communication channel use different keys.
6. A cryptographic security gateway as claimed in claim 1, wherein: the encryption algorithm is SM series national encryption algorithm.
7. A cryptographic security system, comprising:
the cryptographic security gateway of any one of claims 1-6;
the external management entity is connected with the password security gateway and sends a management command to the password security gateway;
and the password security gateway controls data transmission and control between the background service machine and the terminal equipment based on the received management command.
8. The cryptographic security system of claim 7, wherein the back office machine sends management commands and their associated data to an external management entity;
the external management entity preprocesses the received data and constructs an operation authorization Token; the operation authorization Token is a signature value, is obtained by using a private key of an external management entity to calculate and obtain by using { command ID, data packet Hash value } as an input field;
the external management entity issues an operation authorization Token to the password security module through the security management channel, the password security module verifies the authorization Token by using a preset public key of the external management entity, and prepares to receive a subsequent data packet after passing, otherwise, returns failure;
the external management entity sends a data packet to the password security module through a security management channel, the password security module calculates a Hash value of the data packet, verifies a signature in the data packet, and recovers a management command and accessory data thereof from the data packet after the Hash value passes the verification;
the password security gateway forwards the recovered management command and the auxiliary data thereof to the terminal equipment;
and the terminal equipment executes the received management command to complete the control of the background business machine on the terminal equipment.
9. A method of using the cryptographic security gateway of any of claims 1-6, comprising:
the interface module is used for connecting with terminal equipment;
establishing a security management channel and a security communication channel based on an SSL (secure socket layer) protocol together by utilizing the password security module and the network protocol processing module;
receiving and processing a management command sent by an external management entity by using the secure management channel, and controlling the establishment and the closing of a secure communication channel;
and realizing data transmission and control between the terminal equipment and the background business machine by utilizing the secure communication channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110923359.6A CN113709119B (en) | 2021-08-12 | 2021-08-12 | Password security gateway, system and use method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110923359.6A CN113709119B (en) | 2021-08-12 | 2021-08-12 | Password security gateway, system and use method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709119A true CN113709119A (en) | 2021-11-26 |
| CN113709119B CN113709119B (en) | 2023-02-03 |
Family
ID=78652411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110923359.6A Active CN113709119B (en) | 2021-08-12 | 2021-08-12 | Password security gateway, system and use method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709119B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114301705A (en) * | 2021-12-31 | 2022-04-08 | 公安部第三研究所 | Industrial control defense method and system based on trusted computing |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101136777A (en) * | 2007-10-18 | 2008-03-05 | 网经科技(苏州)有限公司 | Security management method of dual-encryption channel cooperation in network management system |
| WO2012022145A1 (en) * | 2010-08-20 | 2012-02-23 | 成都市华为赛门铁克科技有限公司 | Method, equipment and network system for terminal communicating with ip multimedia subsystem(ims) core network server by traversing private network |
| US8566452B1 (en) * | 2006-08-03 | 2013-10-22 | F5 Networks, Inc. | Intelligent HTTP based load-balancing, persistence, and application traffic management of SSL VPN tunnels |
| CN103763301A (en) * | 2013-10-31 | 2014-04-30 | 广东电网公司电力科学研究院 | System employing ppp protocol packaging-based IPsec frame structure and method |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
| CN108141897A (en) * | 2016-01-30 | 2018-06-08 | 华为技术有限公司 | A kind of terminal device, the network equipment and data transmission method |
-
2021
- 2021-08-12 CN CN202110923359.6A patent/CN113709119B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8566452B1 (en) * | 2006-08-03 | 2013-10-22 | F5 Networks, Inc. | Intelligent HTTP based load-balancing, persistence, and application traffic management of SSL VPN tunnels |
| CN101136777A (en) * | 2007-10-18 | 2008-03-05 | 网经科技(苏州)有限公司 | Security management method of dual-encryption channel cooperation in network management system |
| WO2012022145A1 (en) * | 2010-08-20 | 2012-02-23 | 成都市华为赛门铁克科技有限公司 | Method, equipment and network system for terminal communicating with ip multimedia subsystem(ims) core network server by traversing private network |
| CN103763301A (en) * | 2013-10-31 | 2014-04-30 | 广东电网公司电力科学研究院 | System employing ppp protocol packaging-based IPsec frame structure and method |
| CN108141897A (en) * | 2016-01-30 | 2018-06-08 | 华为技术有限公司 | A kind of terminal device, the network equipment and data transmission method |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114301705A (en) * | 2021-12-31 | 2022-04-08 | 公安部第三研究所 | Industrial control defense method and system based on trusted computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709119B (en) | 2023-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10547594B2 (en) | Systems and methods for implementing data communication with security tokens | |
| CN107018134B (en) | Power distribution terminal safety access platform and implementation method thereof | |
| US8886934B2 (en) | Authorizing physical access-links for secure network connections | |
| WO2005020041A1 (en) | System and method for secure remote access | |
| EP1384370B1 (en) | Method and system for authenticating a personal security device vis-a-vis at least one remote computer system | |
| CN112350826A (en) | Industrial control system digital certificate issuing management method and encrypted communication method | |
| CN110999223A (en) | Secure encrypted heartbeat protocol | |
| CN111935213B (en) | Distributed trusted authentication-based virtual networking system and method | |
| CN107181716A (en) | A kind of secure communication of network system and method based on national commercial cipher algorithm | |
| CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
| CN113709119B (en) | Password security gateway, system and use method | |
| CN114422256B (en) | High-performance security access method and device based on SSAL/SSL protocol | |
| KR101448866B1 (en) | Security apparatus for decrypting data encrypted according to the web security protocol and operating method thereof | |
| WO2016065787A1 (en) | Rdp data collection apparatus and method | |
| CN106713338A (en) | Long connection tunnel establishment method based on server hardware information | |
| CN100376092C (en) | Firewall and invasion detecting system linkage method | |
| CN111245604B (en) | Server data security interaction system | |
| Cho et al. | Secure open fronthaul interface for 5G networks | |
| CN110417706B (en) | Switch-based secure communication method | |
| CN113783868B (en) | Method and system for protecting Internet of things safety of gate based on commercial password | |
| CN100583891C (en) | Communication encryption method and system | |
| KR101448711B1 (en) | security system and security method through communication encryption | |
| CN115277125B (en) | Substation remote control method and system with bidirectional credibility and safety | |
| CN113300845B (en) | Intelligent heat supply network data transmission safety protection system and method | |
| US20040158635A1 (en) | Secure terminal transmission system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: No. 38, New Model Road, Gulou District, Nanjing City, Jiangsu Province, 210000 Patentee after: Nanjing Nanzi Huadun Digital Technology Co.,Ltd. Address before: 210003, 38 new model street, Gulou District, Jiangsu, Nanjing Patentee before: NANJING HUADUN POWER INFORMATION SECURITY EVALUATION CO.,LTD. |