CN113783868B - Method and system for protecting Internet of things safety of gate based on commercial password - Google Patents
Method and system for protecting Internet of things safety of gate based on commercial password Download PDFInfo
- Publication number
- CN113783868B CN113783868B CN202111048070.0A CN202111048070A CN113783868B CN 113783868 B CN113783868 B CN 113783868B CN 202111048070 A CN202111048070 A CN 202111048070A CN 113783868 B CN113783868 B CN 113783868B
- Authority
- CN
- China
- Prior art keywords
- gate
- internet
- things
- security
- commercial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for protecting the safety of a gate Internet of things based on a commercial password, which relates to the technical field of gate communication and solves the technical problem of the safety of the gate Internet of things, and comprises the following steps: adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate; the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated by a non-network mode; and a secure encryption tunnel is established by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and the gate Internet of things security system gateway. The invention also discloses a system for protecting the Internet of things safety of the gate based on the commercial password. According to the invention, the gate equipment and the gateway of the security system of the internet of things of the rear-end gate are authenticated based on a commercial cryptographic algorithm, and the problem that the gate equipment lacks of security protection capability can be effectively solved by highly combining the network isolation technology with the IPSec VPN technology.
Description
Technical Field
The invention relates to the technical field of gate communication, in particular to a method and a system for protecting the security of the Internet of things based on a commercial password.
Background
The endpoints of the communication of the internet of things are not traditional servers or PC terminals, but unique terminal types with the characteristics of the terminals of the internet of things such as gate equipment, and the protection capability of an operating system and computing resources of the terminals have certain limitations. How to implement security protection mechanisms such as identity authentication and data encryption on such an internet of things terminal is one of the technical difficulties.
Secondly, the number of the gate devices is more, the requirement on the number of concurrent connections of network communication is higher, and the higher requirement on the availability and the stability is provided, so that on the premise that the system performance and the stability are not affected as much as possible, the problem of network safety is solved, and the method also becomes an important link to be considered in the construction process.
In addition, as the environment where the gate equipment is located is an open construction site environment, the physical security protection measures are limited, so that malicious personnel can easily contact the gate equipment so as to invade normal network interaction communication, and the counterfeit gate equipment initiates network attack to platform service. This also puts forward higher security requirements on the identity authentication mechanism of the system, especially on the identity authentication of the gate device.
Disclosure of Invention
The invention aims to solve the technical problems in the prior art, and provides a method for improving the safety of the Internet of things based on the commercial password protection gate.
The invention aims to provide a system for improving the safety of the Internet of things based on the commercial password protection gate.
In order to achieve the above object, the present invention provides a method for protecting internet of things security based on a commercial password, comprising:
adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate;
the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode;
and establishing a secure encryption tunnel by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and the gate Internet of things security system gateway.
As a further improvement, the authentication includes:
carrying out security authentication on the gate equipment through linkage with a digital certificate system;
and carrying out security authentication on the module and the administrator.
Further, an X.509 certificate is employed for authentication of the module.
Further, a USBKEY/IC card, a certificate and a password triple authentication mechanism is adopted for the administrator.
Further, fingerprint authentication is performed on the gate equipment, and the fingerprint at least comprises one of network card hardware information, equipment mainboard information and system operation information.
Further, the gate internet of things security system gateway supports network access control based on an IP address, a protocol and a port and works separately and independently from an encryption mechanism, and the gate internet of things security system gateway utilizes a WEB interface to manage and configure a secure encryption communication interface, a security protocol, a port, working time and an encryption channel through an HTTPS protocol, can monitor encryption state and perform authorization management on applications.
Further, after the gate equipment is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway according to the security policy information of the equipment until success.
Further, the method also comprises the step of remotely managing the running state of the gate equipment, including equipment registration, equipment running, equipment position and equipment software upgrading.
Further, the method further comprises the step of carrying out security management on the gateway of the gate Internet of things security system, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and equipment self monitoring.
In order to achieve the second purpose, the invention provides a system for protecting the security of the gate Internet of things based on a commercial password, which comprises gate equipment, a service platform and a gate Internet of things security system gateway connected with the gate equipment through a network, wherein the gate Internet of things security system gateway is deployed at the boundary between a network to which an application system of the service platform belongs and the Internet; the method for protecting the security of the gate Internet of things based on the commercial password is used for authentication and protecting transmission data between the gate Internet of things security system gateway and the gate equipment.
Advantageous effects
Compared with the prior art, the invention has the advantages that:
according to the invention, the national commercial password technology is highly combined with the gate equipment system software, so that a gate which does not originally have any safety protection capability is formed into high-safety Internet of things terminal equipment with domestic password operation capability and corresponding safety protection mechanism; by highly combining the network isolation technology and the IPSec VPN technology, the high-performance gate Internet of things security gateway equipment which not only supports the network isolation function, but also has fingerprint identity authentication, password authentication and data encryption and decryption mechanisms is formed, the legal identity of the gate equipment can be verified through a digital certificate, and the internal parts of the gate equipment can be prevented from being tampered maliciously in a mode of extracting hardware information, so that the defect that the physical security protection mechanism of the gate equipment is not sound is fully overcome.
Drawings
FIG. 1 is a functional schematic of the present invention;
FIG. 2 is a diagram of an ESP protocol format according to the present invention;
FIG. 3 is a diagram of an ESP protocol data package according to the present invention;
fig. 4 is a schematic diagram of the system in the present invention.
Detailed Description
The invention will be further described with reference to specific embodiments in the drawings.
Referring to fig. 1-4, a method for protecting security of a gate internet of things based on a commercial password includes:
the gate equipment 1 and the gateway 3 of the security system of the internet of things of the rear gate are authenticated by adopting a commercial cryptographic algorithm SM2, and the high-strength algorithm authentication mechanism ensures the access authentication security of the gate equipment 1;
the gate internet of things safety system gateway 3 adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode, so that the safety isolation between the platform application and the Internet can be realized;
the commercial cryptographic algorithm SM4 and the IPSecVPN protocol are adopted to establish a secure encryption tunnel to protect transmission data of the gate device 1 and the gate Internet of things security system gateway 3, so that the security of the gate device 1 data transmission on the Internet can be ensured, the confidentiality and the integrity of the transmission data are ensured, and the data is prevented from being tampered or destroyed.
The authentication includes:
the gate equipment 1 is subjected to security authentication by being linked with a digital certificate system, the digital certificate is a corresponding digital certificate issued by a PKI/CA system for a gate and a platform application system, and the security mode and data transmission can be performed only after the authentication is passed according with security requirements and authority management, so that the validity of a gate terminal is ensured;
and carrying out security authentication on the module and the administrator, authenticating the module by adopting an X.509 certificate, and adopting a USBKEY/IC card, certificate and password triple authentication mechanism for the administrator.
The invention also comprises the step of carrying out fingerprint authentication on the gate equipment 1, wherein the fingerprint at least comprises one of network card hardware information, equipment mainboard information and system operation information, specific hardware fingerprint information is generated for different gate equipment 1, and the gate equipment 1 can be accessed to a service platform 2 for real-name management of construction workers after password authentication and equipment fingerprint authentication are carried out on the gate equipment 1. The bidirectional identity authentication between the platform application and the gate device 1 is realized by adopting IPSec VPN technology, PKI/CA system and device fingerprint technology.
The gate internet of things security system gateway 3 supports network access control based on IP addresses, protocols and ports and works separately and independently from an encryption mechanism, the gate internet of things security system gateway 3 utilizes a WEB interface to manage and configure a security encryption communication interface, a security protocol, ports, working time and encryption channels through an HTTPS protocol, can monitor encryption states and perform authorization management on applications, has a network layer firewall function, achieves an access control function based on the IP addresses and the ports, prevents various network attacks, blocks hackers from invading by utilizing network protocol holes and operating system holes, and prevents illegal data from entering.
After the gate equipment 1 is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway 3 according to the security policy information of the equipment until success. And in the running process, the key negotiation initiated by the gateway 3 of the gate Internet of things security system is passively accepted, and if the key is out of step, the key negotiation can be actively carried out with the gateway 3 of the gate Internet of things security system according to the decryption error threshold until the key negotiation is successful.
The invention also comprises remote management of the running state of the gate equipment 1, including equipment registration, equipment running, equipment position and equipment software upgrading, and can remotely maintain and monitor the gate equipment 1 from the rear end.
The invention also comprises the step of carrying out security management on the gateway 3 of the gate Internet of things security system, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and self monitoring of equipment. The gate Internet of things safety system mainly comprises the following technical indexes:
1) The access control function with IP address and port;
2) Support commercial cryptographic algorithms and IPSec VPN technical Specification;
3) The gateway of the gate Internet of things security system 3 supports the management capability of 1000 gate devices 1 and the concurrent access capability of 500 gate devices 1.
The password authentication function is realized by an ISAKMP protocol in IPSec VPN technical Specification. ISAKMP is a method for performing authentication, key generation, and key exchange between peer devices.
The ISAKMP protocol includes a first phase and a second phase.
In the first phase exchange, both parties establish an ISAKMP SA. The SA is a shared policy and key that both parties negotiate to use to secure communications between them. This SA is used to protect the negotiation process of IPSec SA. One ISAKMP SA may be used to establish multiple IPSec SAs.
In the second phase exchange, the communicating parties negotiate to establish an IPSec SA, which is a shared policy and key used to secure data communications between them, using the first phase ISAKMP SA.
The ISAKMP protocol includes two switching modes, a main mode and a fast mode. The exchange uses standard ISAKMP payload syntax, attribute coding, timeout and retransmission of messages and notification messages.
The main mode is used for the exchange of the first stage, the identity authentication and key exchange of both communication parties are realized, and a working key is obtained, wherein the working key is used for protecting the negotiation process of the second stage. The exchange procedure consists of 6 messages. The identity of both parties is authenticated by adopting a digital certificate mode. The exchange process is as follows.
TABLE 1
The fast mode is used for the exchange of the second stage, realizes the negotiation of IPSec SA of both communication parties, and determines the IPSec security policy and session key of both communication parties. The exchange procedure consists of 3 messages. The exchange process is as follows:
message sequence initiator I direction responder R
1 HDR*,HASH(1),SA,Ni[,IDci,IDcr]---->
2<----HDR*,HASH(2),SA,Nr[,IDci,IDcr]
3 HDR*,HASH(3)---->
TABLE 2
The security protection function of the gate Internet of things security system is realized by adopting an ESP protocol in IPSec VPN technical Specification. The ESP protocol is a protocol belonging to IPSec and is used to provide confidentiality, data integrity, and authentication of data sources and protection against replay attacks for IP packets. The protocol header format is shown in fig. 2.
The meaning of each field is as follows:
1) Security parameter index
The security parameter index SPI is a 4 byte value that, together with the destination IP address and security protocol, identifies the security association for this data message. SPI values ranging from 1 to 255 are reserved for future use, a "0" value is reserved for local specific implementations and cannot be transmitted over the network, and the negotiated SPI value cannot be less than 256.
2) Sequence number
The sequence number is an unsigned 4-byte monotonically increasing counter that the sender counts every data message that uses the SA, which the receiver must detect to implement the replay attack resistant service of the SA. The sender's counter and the receiver's counter are initialized to 0 when a SA is established, the sequence number cannot be recycled for a SA lifetime, and before the counter overflows, the two communicating parties should negotiate a new SA to reset this field to 0.
3) Load data
Payload data is a variable length field containing the initialization vector IV and the data described by the next header field in bytes.
IV should be placed in the payload data header.
4) Filling in fields
If the length of the payload data is not an integer multiple of the packet length of the encryption algorithm, then the insufficient portion needs to be padded in bytes. More padding data may be provided if desired, but the requirements of the encryption algorithm packet length must be met. The method and content of the padding should be specified by the specified encryption algorithm. If the encryption algorithm does not specify, the first byte appended to the message is 1 and the subsequent stuff bytes are pieced together in monotonically increasing order.
5) Filling length
The stuff length field indicates the number of stuff bytes. The effective value range is 0 to 255, where 0 indicates no stuff bytes.
6) The next head
The next header is a 1 byte field that specifies the type of the next payload following the ESP header. The value of this field is assigned by the IP protocol number set defined in the latest "assigned number" of the Internet Assigned Number Agency (IANA) [ STD-2 ].
7) Authentication data
The authentication data is a variable length field, which is an integrity check value ICV, and is a value obtained by performing an integrity check calculation on the rest of the ESP message except the ICV. The length of this field is determined by the selected integrity check algorithm. The authentication data field is optional and is included only when the SA selects the integrity check service.
Safety protection package
The ESP protocol includes a transmission mode and a tunnel mode, which is used by the gate Internet of things security system. The encapsulation format of the user service data IP packet in the ESP protocol is shown in fig. 3.
Management mode
The gate Internet of things security system adopts a C/S mode architecture, uses TCP protocol to bear and uses serial numbers to resist replay attacks.
When the equipment is managed, the communication data is encrypted and transmitted and the integrity is protected, so that an attacker can be prevented from analyzing the management data protocol format through network packet capturing, and further, the management data is tampered or forged.
The device management operation has overtime logout protection, and if no operation is performed within a specified time, an administrator will automatically logout and need to log in again to continue management.
Role management
In order to reduce hidden dangers caused by excessively concentrated management authorities, the access authentication system of the Internet of things carries out authority division management on administrators, and the administrators are divided into system administrators, security administrators and audit administrators according to the management authorities.
TABLE 3 Table 3
The system for protecting the gate Internet of things safety based on the commercial password comprises gate equipment 1, a service platform 2 and a gate Internet of things safety system gateway 3 connected with the gate equipment 1 in a network mode, wherein the gate Internet of things safety system gateway 3 is deployed at the boundary of a network to which an application system of the service platform 2 belongs and the Internet; the method for protecting the security of the gate Internet of things based on the commercial password between the gate Internet of things security system gateway 3 and the gate equipment 1 is used for authentication and protecting transmission data.
The gate Internet of things security system hardware gateway equipment is deployed in the data, and as the number of the gate equipment increases, the gate Internet of things security system gateway can perform cluster expansion to meet the requirement of accessing the gate equipment, and the hardware gateway equipment can locally update and upgrade system software due to business reasons.
All the site gate devices can perform gate device communication initialization registration and authentication at the site. Because of the update of the service functions of the system software, the remote pushing, upgrading and updating of the client software functions can be performed on the back-end hardware gateway equipment.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and improvements can be made by those skilled in the art without departing from the structure of the present invention, and these do not affect the effect of the implementation of the present invention and the utility of the patent.
Claims (9)
1. The method for protecting the Internet of things safety of the gate based on the commercial password is characterized by comprising the following steps of:
adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate;
the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode;
establishing a secure encryption tunnel by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and a gate Internet of things security system gateway;
after the gate equipment is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway according to the security policy information of the equipment until success;
and in the running process, passively receiving the key negotiation initiated by the gateway of the gate Internet of things security system, and if the key is out of step, actively performing the key negotiation with the gateway of the gate Internet of things security system according to the decryption error threshold until the key negotiation is successful.
2. The method for protecting gate internet of things security based on commercial passwords as claimed in claim 1, wherein the authentication comprises:
carrying out security authentication on the gate equipment through linkage with a digital certificate system;
and carrying out security authentication on the module and the administrator.
3. The method for protecting gate internet of things security based on commercial passwords as claimed in claim 2, wherein the module is authenticated by using an x.509 certificate.
4. The method for protecting the internet of things based on the commercial passwords as claimed in claim 2, wherein a USBKEY/IC card, a certificate and a password triple authentication mechanism is adopted for the administrator.
5. The method for protecting the internet of things security of the gate based on the commercial password as claimed in claim 1, further comprising performing fingerprint authentication on the gate device, wherein the fingerprint at least comprises one of network card hardware information, device motherboard information and system operation information.
6. The method for protecting the internet of things safety of the gate based on the commercial password according to claim 1, wherein the gate internet of things safety system gateway supports network access control based on an IP address, a protocol and a port and works separately and independently from an encryption mechanism, and the gate internet of things safety system gateway manages and configures a safety encryption communication interface, a safety protocol, a port, working time and an encryption channel through an HTTPS protocol by utilizing a WEB interface, can monitor encryption state and performs authorization management on applications.
7. The method for protecting the internet of things security of a gate device based on a commercial password according to claim 1, further comprising remotely managing an operation state of the gate device, including device registration, device operation, device location, and device software upgrade.
8. The method for protecting the security of the gate internet of things based on the commercial password according to claim 1, further comprising the step of performing security management on the gate internet of things security system gateway, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and equipment self monitoring.
9. The system for protecting the gate Internet of things safety based on the commercial password comprises gate equipment and a service platform, and is characterized by further comprising a gate Internet of things safety system gateway connected with the gate equipment through a network, wherein the gate Internet of things safety system gateway is deployed at the boundary between a network to which an application system of the service platform belongs and the Internet; the method for protecting the gate internet of things safety based on the commercial password, which is disclosed in any one of claims 1-8, is used for authentication between the gate internet of things safety system gateway and the gate equipment, and for protecting transmission data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111048070.0A CN113783868B (en) | 2021-09-08 | 2021-09-08 | Method and system for protecting Internet of things safety of gate based on commercial password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111048070.0A CN113783868B (en) | 2021-09-08 | 2021-09-08 | Method and system for protecting Internet of things safety of gate based on commercial password |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113783868A CN113783868A (en) | 2021-12-10 |
CN113783868B true CN113783868B (en) | 2023-09-01 |
Family
ID=78841967
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111048070.0A Active CN113783868B (en) | 2021-09-08 | 2021-09-08 | Method and system for protecting Internet of things safety of gate based on commercial password |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113783868B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114448681A (en) * | 2022-01-04 | 2022-05-06 | 珠海横琴能源发展有限公司 | Energy station user data wireless communication system and experimental platform |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL1015501C2 (en) * | 2000-06-22 | 2001-12-28 | Tele Id Nl B V | System for verifying data carrier objects, e.g. membership cards, access passes, etc., uses local scanner or other checking system, which is linked to a central verification station |
WO2013081441A1 (en) * | 2011-12-02 | 2013-06-06 | Mimos Berhad | A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn) |
WO2018121572A1 (en) * | 2016-12-28 | 2018-07-05 | 珠海国芯云科技有限公司 | Cloud platform-based internet-of-things terminal communication management and control system and method |
CN109088870A (en) * | 2018-08-14 | 2018-12-25 | 国网甘肃省电力公司电力科学研究院 | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform |
US10346614B1 (en) * | 2019-03-01 | 2019-07-09 | Hajoon Ko | Security system and method for internet of things |
CN110061991A (en) * | 2019-04-22 | 2019-07-26 | 陈喆 | A kind of gateway setting method for realizing expressway tol lcollection private network security access internet |
CN110401530A (en) * | 2019-07-25 | 2019-11-01 | 金卡智能集团股份有限公司 | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium |
CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
CN110971407A (en) * | 2019-12-19 | 2020-04-07 | 江苏亨通工控安全研究院有限公司 | Internet of things security gateway communication method based on quantum key |
CN111277607A (en) * | 2020-02-14 | 2020-06-12 | 南京南瑞信息通信科技有限公司 | Communication tunnel module, application monitoring module and mobile terminal security access system |
CN111835510A (en) * | 2020-05-28 | 2020-10-27 | 无锡航天江南数据系统科技有限公司 | ETC safety management method |
CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
CN112383557A (en) * | 2020-11-17 | 2021-02-19 | 北京明朝万达科技股份有限公司 | Security access gateway and industrial equipment communication management method |
-
2021
- 2021-09-08 CN CN202111048070.0A patent/CN113783868B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NL1015501C2 (en) * | 2000-06-22 | 2001-12-28 | Tele Id Nl B V | System for verifying data carrier objects, e.g. membership cards, access passes, etc., uses local scanner or other checking system, which is linked to a central verification station |
WO2013081441A1 (en) * | 2011-12-02 | 2013-06-06 | Mimos Berhad | A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn) |
WO2018121572A1 (en) * | 2016-12-28 | 2018-07-05 | 珠海国芯云科技有限公司 | Cloud platform-based internet-of-things terminal communication management and control system and method |
CN109088870A (en) * | 2018-08-14 | 2018-12-25 | 国网甘肃省电力公司电力科学研究院 | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform |
US10346614B1 (en) * | 2019-03-01 | 2019-07-09 | Hajoon Ko | Security system and method for internet of things |
CN110061991A (en) * | 2019-04-22 | 2019-07-26 | 陈喆 | A kind of gateway setting method for realizing expressway tol lcollection private network security access internet |
CN110401530A (en) * | 2019-07-25 | 2019-11-01 | 金卡智能集团股份有限公司 | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium |
CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
CN110971407A (en) * | 2019-12-19 | 2020-04-07 | 江苏亨通工控安全研究院有限公司 | Internet of things security gateway communication method based on quantum key |
CN111277607A (en) * | 2020-02-14 | 2020-06-12 | 南京南瑞信息通信科技有限公司 | Communication tunnel module, application monitoring module and mobile terminal security access system |
CN111835510A (en) * | 2020-05-28 | 2020-10-27 | 无锡航天江南数据系统科技有限公司 | ETC safety management method |
CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
CN112383557A (en) * | 2020-11-17 | 2021-02-19 | 北京明朝万达科技股份有限公司 | Security access gateway and industrial equipment communication management method |
Non-Patent Citations (1)
Title |
---|
应用于智慧社区的安全接入网关设计与实现;薛艺泽等;《中国安全防范技术与应用》;20210430;第1-4节 * |
Also Published As
Publication number | Publication date |
---|---|
CN113783868A (en) | 2021-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108429730B (en) | Non-feedback safety authentication and access control method | |
US9781114B2 (en) | Computer security system | |
US7386889B2 (en) | System and method for intrusion prevention in a communications network | |
US9026784B2 (en) | System and method for innovative management of transport layer security session tickets in a network environment | |
CN102347870B (en) | A kind of flow rate security detection method, equipment and system | |
US7454785B2 (en) | Proxy method and system for secure wireless administration of managed entities | |
US8886934B2 (en) | Authorizing physical access-links for secure network connections | |
US20040107360A1 (en) | System and Methodology for Policy Enforcement | |
JP2005503047A (en) | Apparatus and method for providing a secure network | |
CN111918284B (en) | Safe communication method and system based on safe communication module | |
EP1574009B1 (en) | Systems and apparatuses using identification data in network communication | |
WO2023174143A1 (en) | Data transmission method, device, medium and product | |
CN114844730A (en) | Network system constructed based on trusted tunnel technology | |
Cho et al. | Securing ethernet-based optical fronthaul for 5g network | |
CN113612790B (en) | Data security transmission method and device based on equipment identity pre-authentication | |
CN113783868B (en) | Method and system for protecting Internet of things safety of gate based on commercial password | |
CN113904826A (en) | Data transmission method, device, equipment and storage medium | |
Cho et al. | Secure open fronthaul interface for 5G networks | |
CN114614984A (en) | Time-sensitive network secure communication method based on state cryptographic algorithm | |
Chen et al. | Research on meteorological information network security system based on VPN Technology | |
Mohamed et al. | Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis | |
CN115835194B (en) | NB-IOT terminal safety access system and access method | |
CN115314262B (en) | Design method of trusted network card and networking method thereof | |
Aboba et al. | RFC3579: RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP) | |
KR20110087972A (en) | Method for blocking abnormal traffic using session table |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |