CN113783868B - Method and system for protecting Internet of things safety of gate based on commercial password - Google Patents

Method and system for protecting Internet of things safety of gate based on commercial password Download PDF

Info

Publication number
CN113783868B
CN113783868B CN202111048070.0A CN202111048070A CN113783868B CN 113783868 B CN113783868 B CN 113783868B CN 202111048070 A CN202111048070 A CN 202111048070A CN 113783868 B CN113783868 B CN 113783868B
Authority
CN
China
Prior art keywords
gate
internet
things
security
commercial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111048070.0A
Other languages
Chinese (zh)
Other versions
CN113783868A (en
Inventor
陈驹远
周东
陈廉
王安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi Dongxin Digital Construction Information Technology Co ltd
Original Assignee
Guangxi Dongxin Digital Construction Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi Dongxin Digital Construction Information Technology Co ltd filed Critical Guangxi Dongxin Digital Construction Information Technology Co ltd
Priority to CN202111048070.0A priority Critical patent/CN113783868B/en
Publication of CN113783868A publication Critical patent/CN113783868A/en
Application granted granted Critical
Publication of CN113783868B publication Critical patent/CN113783868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for protecting the safety of a gate Internet of things based on a commercial password, which relates to the technical field of gate communication and solves the technical problem of the safety of the gate Internet of things, and comprises the following steps: adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate; the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated by a non-network mode; and a secure encryption tunnel is established by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and the gate Internet of things security system gateway. The invention also discloses a system for protecting the Internet of things safety of the gate based on the commercial password. According to the invention, the gate equipment and the gateway of the security system of the internet of things of the rear-end gate are authenticated based on a commercial cryptographic algorithm, and the problem that the gate equipment lacks of security protection capability can be effectively solved by highly combining the network isolation technology with the IPSec VPN technology.

Description

Method and system for protecting Internet of things safety of gate based on commercial password
Technical Field
The invention relates to the technical field of gate communication, in particular to a method and a system for protecting the security of the Internet of things based on a commercial password.
Background
The endpoints of the communication of the internet of things are not traditional servers or PC terminals, but unique terminal types with the characteristics of the terminals of the internet of things such as gate equipment, and the protection capability of an operating system and computing resources of the terminals have certain limitations. How to implement security protection mechanisms such as identity authentication and data encryption on such an internet of things terminal is one of the technical difficulties.
Secondly, the number of the gate devices is more, the requirement on the number of concurrent connections of network communication is higher, and the higher requirement on the availability and the stability is provided, so that on the premise that the system performance and the stability are not affected as much as possible, the problem of network safety is solved, and the method also becomes an important link to be considered in the construction process.
In addition, as the environment where the gate equipment is located is an open construction site environment, the physical security protection measures are limited, so that malicious personnel can easily contact the gate equipment so as to invade normal network interaction communication, and the counterfeit gate equipment initiates network attack to platform service. This also puts forward higher security requirements on the identity authentication mechanism of the system, especially on the identity authentication of the gate device.
Disclosure of Invention
The invention aims to solve the technical problems in the prior art, and provides a method for improving the safety of the Internet of things based on the commercial password protection gate.
The invention aims to provide a system for improving the safety of the Internet of things based on the commercial password protection gate.
In order to achieve the above object, the present invention provides a method for protecting internet of things security based on a commercial password, comprising:
adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate;
the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode;
and establishing a secure encryption tunnel by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and the gate Internet of things security system gateway.
As a further improvement, the authentication includes:
carrying out security authentication on the gate equipment through linkage with a digital certificate system;
and carrying out security authentication on the module and the administrator.
Further, an X.509 certificate is employed for authentication of the module.
Further, a USBKEY/IC card, a certificate and a password triple authentication mechanism is adopted for the administrator.
Further, fingerprint authentication is performed on the gate equipment, and the fingerprint at least comprises one of network card hardware information, equipment mainboard information and system operation information.
Further, the gate internet of things security system gateway supports network access control based on an IP address, a protocol and a port and works separately and independently from an encryption mechanism, and the gate internet of things security system gateway utilizes a WEB interface to manage and configure a secure encryption communication interface, a security protocol, a port, working time and an encryption channel through an HTTPS protocol, can monitor encryption state and perform authorization management on applications.
Further, after the gate equipment is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway according to the security policy information of the equipment until success.
Further, the method also comprises the step of remotely managing the running state of the gate equipment, including equipment registration, equipment running, equipment position and equipment software upgrading.
Further, the method further comprises the step of carrying out security management on the gateway of the gate Internet of things security system, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and equipment self monitoring.
In order to achieve the second purpose, the invention provides a system for protecting the security of the gate Internet of things based on a commercial password, which comprises gate equipment, a service platform and a gate Internet of things security system gateway connected with the gate equipment through a network, wherein the gate Internet of things security system gateway is deployed at the boundary between a network to which an application system of the service platform belongs and the Internet; the method for protecting the security of the gate Internet of things based on the commercial password is used for authentication and protecting transmission data between the gate Internet of things security system gateway and the gate equipment.
Advantageous effects
Compared with the prior art, the invention has the advantages that:
according to the invention, the national commercial password technology is highly combined with the gate equipment system software, so that a gate which does not originally have any safety protection capability is formed into high-safety Internet of things terminal equipment with domestic password operation capability and corresponding safety protection mechanism; by highly combining the network isolation technology and the IPSec VPN technology, the high-performance gate Internet of things security gateway equipment which not only supports the network isolation function, but also has fingerprint identity authentication, password authentication and data encryption and decryption mechanisms is formed, the legal identity of the gate equipment can be verified through a digital certificate, and the internal parts of the gate equipment can be prevented from being tampered maliciously in a mode of extracting hardware information, so that the defect that the physical security protection mechanism of the gate equipment is not sound is fully overcome.
Drawings
FIG. 1 is a functional schematic of the present invention;
FIG. 2 is a diagram of an ESP protocol format according to the present invention;
FIG. 3 is a diagram of an ESP protocol data package according to the present invention;
fig. 4 is a schematic diagram of the system in the present invention.
Detailed Description
The invention will be further described with reference to specific embodiments in the drawings.
Referring to fig. 1-4, a method for protecting security of a gate internet of things based on a commercial password includes:
the gate equipment 1 and the gateway 3 of the security system of the internet of things of the rear gate are authenticated by adopting a commercial cryptographic algorithm SM2, and the high-strength algorithm authentication mechanism ensures the access authentication security of the gate equipment 1;
the gate internet of things safety system gateway 3 adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode, so that the safety isolation between the platform application and the Internet can be realized;
the commercial cryptographic algorithm SM4 and the IPSecVPN protocol are adopted to establish a secure encryption tunnel to protect transmission data of the gate device 1 and the gate Internet of things security system gateway 3, so that the security of the gate device 1 data transmission on the Internet can be ensured, the confidentiality and the integrity of the transmission data are ensured, and the data is prevented from being tampered or destroyed.
The authentication includes:
the gate equipment 1 is subjected to security authentication by being linked with a digital certificate system, the digital certificate is a corresponding digital certificate issued by a PKI/CA system for a gate and a platform application system, and the security mode and data transmission can be performed only after the authentication is passed according with security requirements and authority management, so that the validity of a gate terminal is ensured;
and carrying out security authentication on the module and the administrator, authenticating the module by adopting an X.509 certificate, and adopting a USBKEY/IC card, certificate and password triple authentication mechanism for the administrator.
The invention also comprises the step of carrying out fingerprint authentication on the gate equipment 1, wherein the fingerprint at least comprises one of network card hardware information, equipment mainboard information and system operation information, specific hardware fingerprint information is generated for different gate equipment 1, and the gate equipment 1 can be accessed to a service platform 2 for real-name management of construction workers after password authentication and equipment fingerprint authentication are carried out on the gate equipment 1. The bidirectional identity authentication between the platform application and the gate device 1 is realized by adopting IPSec VPN technology, PKI/CA system and device fingerprint technology.
The gate internet of things security system gateway 3 supports network access control based on IP addresses, protocols and ports and works separately and independently from an encryption mechanism, the gate internet of things security system gateway 3 utilizes a WEB interface to manage and configure a security encryption communication interface, a security protocol, ports, working time and encryption channels through an HTTPS protocol, can monitor encryption states and perform authorization management on applications, has a network layer firewall function, achieves an access control function based on the IP addresses and the ports, prevents various network attacks, blocks hackers from invading by utilizing network protocol holes and operating system holes, and prevents illegal data from entering.
After the gate equipment 1 is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway 3 according to the security policy information of the equipment until success. And in the running process, the key negotiation initiated by the gateway 3 of the gate Internet of things security system is passively accepted, and if the key is out of step, the key negotiation can be actively carried out with the gateway 3 of the gate Internet of things security system according to the decryption error threshold until the key negotiation is successful.
The invention also comprises remote management of the running state of the gate equipment 1, including equipment registration, equipment running, equipment position and equipment software upgrading, and can remotely maintain and monitor the gate equipment 1 from the rear end.
The invention also comprises the step of carrying out security management on the gateway 3 of the gate Internet of things security system, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and self monitoring of equipment. The gate Internet of things safety system mainly comprises the following technical indexes:
1) The access control function with IP address and port;
2) Support commercial cryptographic algorithms and IPSec VPN technical Specification;
3) The gateway of the gate Internet of things security system 3 supports the management capability of 1000 gate devices 1 and the concurrent access capability of 500 gate devices 1.
The password authentication function is realized by an ISAKMP protocol in IPSec VPN technical Specification. ISAKMP is a method for performing authentication, key generation, and key exchange between peer devices.
The ISAKMP protocol includes a first phase and a second phase.
In the first phase exchange, both parties establish an ISAKMP SA. The SA is a shared policy and key that both parties negotiate to use to secure communications between them. This SA is used to protect the negotiation process of IPSec SA. One ISAKMP SA may be used to establish multiple IPSec SAs.
In the second phase exchange, the communicating parties negotiate to establish an IPSec SA, which is a shared policy and key used to secure data communications between them, using the first phase ISAKMP SA.
The ISAKMP protocol includes two switching modes, a main mode and a fast mode. The exchange uses standard ISAKMP payload syntax, attribute coding, timeout and retransmission of messages and notification messages.
The main mode is used for the exchange of the first stage, the identity authentication and key exchange of both communication parties are realized, and a working key is obtained, wherein the working key is used for protecting the negotiation process of the second stage. The exchange procedure consists of 6 messages. The identity of both parties is authenticated by adopting a digital certificate mode. The exchange process is as follows.
TABLE 1
The fast mode is used for the exchange of the second stage, realizes the negotiation of IPSec SA of both communication parties, and determines the IPSec security policy and session key of both communication parties. The exchange procedure consists of 3 messages. The exchange process is as follows:
message sequence initiator I direction responder R
1 HDR*,HASH(1),SA,Ni[,IDci,IDcr]---->
2<----HDR*,HASH(2),SA,Nr[,IDci,IDcr]
3 HDR*,HASH(3)---->
TABLE 2
The security protection function of the gate Internet of things security system is realized by adopting an ESP protocol in IPSec VPN technical Specification. The ESP protocol is a protocol belonging to IPSec and is used to provide confidentiality, data integrity, and authentication of data sources and protection against replay attacks for IP packets. The protocol header format is shown in fig. 2.
The meaning of each field is as follows:
1) Security parameter index
The security parameter index SPI is a 4 byte value that, together with the destination IP address and security protocol, identifies the security association for this data message. SPI values ranging from 1 to 255 are reserved for future use, a "0" value is reserved for local specific implementations and cannot be transmitted over the network, and the negotiated SPI value cannot be less than 256.
2) Sequence number
The sequence number is an unsigned 4-byte monotonically increasing counter that the sender counts every data message that uses the SA, which the receiver must detect to implement the replay attack resistant service of the SA. The sender's counter and the receiver's counter are initialized to 0 when a SA is established, the sequence number cannot be recycled for a SA lifetime, and before the counter overflows, the two communicating parties should negotiate a new SA to reset this field to 0.
3) Load data
Payload data is a variable length field containing the initialization vector IV and the data described by the next header field in bytes.
IV should be placed in the payload data header.
4) Filling in fields
If the length of the payload data is not an integer multiple of the packet length of the encryption algorithm, then the insufficient portion needs to be padded in bytes. More padding data may be provided if desired, but the requirements of the encryption algorithm packet length must be met. The method and content of the padding should be specified by the specified encryption algorithm. If the encryption algorithm does not specify, the first byte appended to the message is 1 and the subsequent stuff bytes are pieced together in monotonically increasing order.
5) Filling length
The stuff length field indicates the number of stuff bytes. The effective value range is 0 to 255, where 0 indicates no stuff bytes.
6) The next head
The next header is a 1 byte field that specifies the type of the next payload following the ESP header. The value of this field is assigned by the IP protocol number set defined in the latest "assigned number" of the Internet Assigned Number Agency (IANA) [ STD-2 ].
7) Authentication data
The authentication data is a variable length field, which is an integrity check value ICV, and is a value obtained by performing an integrity check calculation on the rest of the ESP message except the ICV. The length of this field is determined by the selected integrity check algorithm. The authentication data field is optional and is included only when the SA selects the integrity check service.
Safety protection package
The ESP protocol includes a transmission mode and a tunnel mode, which is used by the gate Internet of things security system. The encapsulation format of the user service data IP packet in the ESP protocol is shown in fig. 3.
Management mode
The gate Internet of things security system adopts a C/S mode architecture, uses TCP protocol to bear and uses serial numbers to resist replay attacks.
When the equipment is managed, the communication data is encrypted and transmitted and the integrity is protected, so that an attacker can be prevented from analyzing the management data protocol format through network packet capturing, and further, the management data is tampered or forged.
The device management operation has overtime logout protection, and if no operation is performed within a specified time, an administrator will automatically logout and need to log in again to continue management.
Role management
In order to reduce hidden dangers caused by excessively concentrated management authorities, the access authentication system of the Internet of things carries out authority division management on administrators, and the administrators are divided into system administrators, security administrators and audit administrators according to the management authorities.
TABLE 3 Table 3
The system for protecting the gate Internet of things safety based on the commercial password comprises gate equipment 1, a service platform 2 and a gate Internet of things safety system gateway 3 connected with the gate equipment 1 in a network mode, wherein the gate Internet of things safety system gateway 3 is deployed at the boundary of a network to which an application system of the service platform 2 belongs and the Internet; the method for protecting the security of the gate Internet of things based on the commercial password between the gate Internet of things security system gateway 3 and the gate equipment 1 is used for authentication and protecting transmission data.
The gate Internet of things security system hardware gateway equipment is deployed in the data, and as the number of the gate equipment increases, the gate Internet of things security system gateway can perform cluster expansion to meet the requirement of accessing the gate equipment, and the hardware gateway equipment can locally update and upgrade system software due to business reasons.
All the site gate devices can perform gate device communication initialization registration and authentication at the site. Because of the update of the service functions of the system software, the remote pushing, upgrading and updating of the client software functions can be performed on the back-end hardware gateway equipment.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and improvements can be made by those skilled in the art without departing from the structure of the present invention, and these do not affect the effect of the implementation of the present invention and the utility of the patent.

Claims (9)

1. The method for protecting the Internet of things safety of the gate based on the commercial password is characterized by comprising the following steps of:
adopting a commercial cryptographic algorithm SM2 to authenticate the gate equipment and the gateway of the security system of the internet of things of the rear-end gate;
the gate Internet of things security system gateway adopts an internal and external network double-host mode, and the internal network host and the external network host are isolated in a non-network mode;
establishing a secure encryption tunnel by adopting a commercial cryptographic algorithm SM4 and an IPSecVPN protocol mode to protect transmission data of the gate equipment and a gate Internet of things security system gateway;
after the gate equipment is started and operated, actively attempting to carry out key negotiation with the gate internet of things security system gateway according to the security policy information of the equipment until success;
and in the running process, passively receiving the key negotiation initiated by the gateway of the gate Internet of things security system, and if the key is out of step, actively performing the key negotiation with the gateway of the gate Internet of things security system according to the decryption error threshold until the key negotiation is successful.
2. The method for protecting gate internet of things security based on commercial passwords as claimed in claim 1, wherein the authentication comprises:
carrying out security authentication on the gate equipment through linkage with a digital certificate system;
and carrying out security authentication on the module and the administrator.
3. The method for protecting gate internet of things security based on commercial passwords as claimed in claim 2, wherein the module is authenticated by using an x.509 certificate.
4. The method for protecting the internet of things based on the commercial passwords as claimed in claim 2, wherein a USBKEY/IC card, a certificate and a password triple authentication mechanism is adopted for the administrator.
5. The method for protecting the internet of things security of the gate based on the commercial password as claimed in claim 1, further comprising performing fingerprint authentication on the gate device, wherein the fingerprint at least comprises one of network card hardware information, device motherboard information and system operation information.
6. The method for protecting the internet of things safety of the gate based on the commercial password according to claim 1, wherein the gate internet of things safety system gateway supports network access control based on an IP address, a protocol and a port and works separately and independently from an encryption mechanism, and the gate internet of things safety system gateway manages and configures a safety encryption communication interface, a safety protocol, a port, working time and an encryption channel through an HTTPS protocol by utilizing a WEB interface, can monitor encryption state and performs authorization management on applications.
7. The method for protecting the internet of things security of a gate device based on a commercial password according to claim 1, further comprising remotely managing an operation state of the gate device, including device registration, device operation, device location, and device software upgrade.
8. The method for protecting the security of the gate internet of things based on the commercial password according to claim 1, further comprising the step of performing security management on the gate internet of things security system gateway, wherein the security management comprises personnel roles, operation authorities, operation logs, key management and equipment self monitoring.
9. The system for protecting the gate Internet of things safety based on the commercial password comprises gate equipment and a service platform, and is characterized by further comprising a gate Internet of things safety system gateway connected with the gate equipment through a network, wherein the gate Internet of things safety system gateway is deployed at the boundary between a network to which an application system of the service platform belongs and the Internet; the method for protecting the gate internet of things safety based on the commercial password, which is disclosed in any one of claims 1-8, is used for authentication between the gate internet of things safety system gateway and the gate equipment, and for protecting transmission data.
CN202111048070.0A 2021-09-08 2021-09-08 Method and system for protecting Internet of things safety of gate based on commercial password Active CN113783868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111048070.0A CN113783868B (en) 2021-09-08 2021-09-08 Method and system for protecting Internet of things safety of gate based on commercial password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111048070.0A CN113783868B (en) 2021-09-08 2021-09-08 Method and system for protecting Internet of things safety of gate based on commercial password

Publications (2)

Publication Number Publication Date
CN113783868A CN113783868A (en) 2021-12-10
CN113783868B true CN113783868B (en) 2023-09-01

Family

ID=78841967

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111048070.0A Active CN113783868B (en) 2021-09-08 2021-09-08 Method and system for protecting Internet of things safety of gate based on commercial password

Country Status (1)

Country Link
CN (1) CN113783868B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114448681A (en) * 2022-01-04 2022-05-06 珠海横琴能源发展有限公司 Energy station user data wireless communication system and experimental platform

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1015501C2 (en) * 2000-06-22 2001-12-28 Tele Id Nl B V System for verifying data carrier objects, e.g. membership cards, access passes, etc., uses local scanner or other checking system, which is linked to a central verification station
WO2013081441A1 (en) * 2011-12-02 2013-06-06 Mimos Berhad A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn)
WO2018121572A1 (en) * 2016-12-28 2018-07-05 珠海国芯云科技有限公司 Cloud platform-based internet-of-things terminal communication management and control system and method
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
US10346614B1 (en) * 2019-03-01 2019-07-09 Hajoon Ko Security system and method for internet of things
CN110061991A (en) * 2019-04-22 2019-07-26 陈喆 A kind of gateway setting method for realizing expressway tol lcollection private network security access internet
CN110401530A (en) * 2019-07-25 2019-11-01 金卡智能集团股份有限公司 A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN110971407A (en) * 2019-12-19 2020-04-07 江苏亨通工控安全研究院有限公司 Internet of things security gateway communication method based on quantum key
CN111277607A (en) * 2020-02-14 2020-06-12 南京南瑞信息通信科技有限公司 Communication tunnel module, application monitoring module and mobile terminal security access system
CN111835510A (en) * 2020-05-28 2020-10-27 无锡航天江南数据系统科技有限公司 ETC safety management method
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation
CN112383557A (en) * 2020-11-17 2021-02-19 北京明朝万达科技股份有限公司 Security access gateway and industrial equipment communication management method

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NL1015501C2 (en) * 2000-06-22 2001-12-28 Tele Id Nl B V System for verifying data carrier objects, e.g. membership cards, access passes, etc., uses local scanner or other checking system, which is linked to a central verification station
WO2013081441A1 (en) * 2011-12-02 2013-06-06 Mimos Berhad A system and method for establishing mutual remote attestation in internet protocol security (ipsec) based virtual private network (vpn)
WO2018121572A1 (en) * 2016-12-28 2018-07-05 珠海国芯云科技有限公司 Cloud platform-based internet-of-things terminal communication management and control system and method
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
US10346614B1 (en) * 2019-03-01 2019-07-09 Hajoon Ko Security system and method for internet of things
CN110061991A (en) * 2019-04-22 2019-07-26 陈喆 A kind of gateway setting method for realizing expressway tol lcollection private network security access internet
CN110401530A (en) * 2019-07-25 2019-11-01 金卡智能集团股份有限公司 A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN110971407A (en) * 2019-12-19 2020-04-07 江苏亨通工控安全研究院有限公司 Internet of things security gateway communication method based on quantum key
CN111277607A (en) * 2020-02-14 2020-06-12 南京南瑞信息通信科技有限公司 Communication tunnel module, application monitoring module and mobile terminal security access system
CN111835510A (en) * 2020-05-28 2020-10-27 无锡航天江南数据系统科技有限公司 ETC safety management method
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation
CN112383557A (en) * 2020-11-17 2021-02-19 北京明朝万达科技股份有限公司 Security access gateway and industrial equipment communication management method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
应用于智慧社区的安全接入网关设计与实现;薛艺泽等;《中国安全防范技术与应用》;20210430;第1-4节 *

Also Published As

Publication number Publication date
CN113783868A (en) 2021-12-10

Similar Documents

Publication Publication Date Title
CN108429730B (en) Non-feedback safety authentication and access control method
US9781114B2 (en) Computer security system
US7386889B2 (en) System and method for intrusion prevention in a communications network
US9026784B2 (en) System and method for innovative management of transport layer security session tickets in a network environment
CN102347870B (en) A kind of flow rate security detection method, equipment and system
US7454785B2 (en) Proxy method and system for secure wireless administration of managed entities
US8886934B2 (en) Authorizing physical access-links for secure network connections
US20040107360A1 (en) System and Methodology for Policy Enforcement
JP2005503047A (en) Apparatus and method for providing a secure network
CN111918284B (en) Safe communication method and system based on safe communication module
EP1574009B1 (en) Systems and apparatuses using identification data in network communication
WO2023174143A1 (en) Data transmission method, device, medium and product
CN114844730A (en) Network system constructed based on trusted tunnel technology
Cho et al. Securing ethernet-based optical fronthaul for 5g network
CN113612790B (en) Data security transmission method and device based on equipment identity pre-authentication
CN113783868B (en) Method and system for protecting Internet of things safety of gate based on commercial password
CN113904826A (en) Data transmission method, device, equipment and storage medium
Cho et al. Secure open fronthaul interface for 5G networks
CN114614984A (en) Time-sensitive network secure communication method based on state cryptographic algorithm
Chen et al. Research on meteorological information network security system based on VPN Technology
Mohamed et al. Extending hybrid approach to secure Trivial File Transfer Protocol in M2M communication: a comparative analysis
CN115835194B (en) NB-IOT terminal safety access system and access method
CN115314262B (en) Design method of trusted network card and networking method thereof
Aboba et al. RFC3579: RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)
KR20110087972A (en) Method for blocking abnormal traffic using session table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant