CN114448681A - Energy station user data wireless communication system and experimental platform - Google Patents
Energy station user data wireless communication system and experimental platform Download PDFInfo
- Publication number
- CN114448681A CN114448681A CN202210006530.1A CN202210006530A CN114448681A CN 114448681 A CN114448681 A CN 114448681A CN 202210006530 A CN202210006530 A CN 202210006530A CN 114448681 A CN114448681 A CN 114448681A
- Authority
- CN
- China
- Prior art keywords
- module
- user
- wireless communication
- user data
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 70
- 230000003993 interaction Effects 0.000 claims abstract description 14
- 230000010365 information processing Effects 0.000 claims abstract description 5
- 238000012545 processing Methods 0.000 claims description 18
- 238000005538 encapsulation Methods 0.000 claims description 8
- 238000004088 simulation Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 7
- 230000002452 interceptive effect Effects 0.000 claims description 4
- 238000002474 experimental method Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000013210 evaluation model Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 230000008054 signal transmission Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention provides an energy station user data wireless communication system and an experimental platform, which comprise a security gateway hardware end and a security gateway software end: the security gateway hardware end comprises a main station end and a user end; the master station end comprises an intranet module and an extranet module, and the intranet module is communicated with the extranet module through a one-way communication module; the internal network module is connected with an internal network, and the external network module is connected with an external network; the intranet module is connected with an encryption module; the user side comprises a communication module and a functional module which are in communication connection; the communication module interacts with the external network module through an external network; and the functional module executes information processing and storage before or after interaction of the communication module. The system realizes a system based on a domestic password system, ensures that the user side and the master station side interact in a trusted network, and can safely protect user data.
Description
Technical Field
The invention belongs to the field of information communication, and particularly relates to a wireless communication system and an experimental platform for user data of an energy station.
Background
At present, the industrial control automation technology is developing in the direction of intellectualization, networking and integration, and the problem facing to the present is that the information security problem which is not solved in the traditional information system also begins to appear in the industrial control system and has a more and more intense trend.
The energy station monitoring system and the user side are networked by using a wireless communication network, and sensitive operation information and control operation can be exposed in the internet by using the wireless communication network under the condition that user data has no safety protection mechanism, so that the energy station monitoring system can be monitored by a hacker.
The energy station monitoring system is lack of reliable safe communication mechanism and data confidentiality measure, the network security defense capability is very limited, and the perfect communication encryption technology is adopted as a necessary condition for enhancing the security defense capability, so that the wireless transmission security protection technology and the network isolation technology based on a domestic password system are researched according to the running condition of the energy station monitoring system, the security protection of key service data at a user side and a main station side is realized, the data is prevented from being stolen and tampered in the transmission process, and the confidentiality, the integrity and the non-repudiation of instructions are ensured.
Disclosure of Invention
Therefore, the invention provides an energy station user data wireless communication system and an experimental platform.
The invention provides a wireless communication system for user data of an energy station, which comprises:
the method comprises a security gateway hardware end and a security gateway software end:
the security gateway hardware end comprises a main station end and a user end;
the master station end comprises an internal network module and an external network module, and the internal network module and the external network module are communicated through a one-way communication module;
the internal network module is connected with an internal network, and the external network module is connected with an external network; the intranet module is connected with an encryption module;
the user side comprises a communication module and a function module which are in communication connection; the communication module interacts with the external network module through an external network; the functional module executes information processing and storage before or after interaction of the communication module;
the security gateway software end comprises an IPSec negotiation module, a VPN encapsulation module and a cryptographic algorithm module;
the IPSec negotiation module initiates IPSec negotiation when the main station end interacts with the user end;
the VPN encapsulation module realizes encapsulation of interaction information when the main station end interacts with the user end;
the cryptographic algorithm module provides an algorithm for the encryption module to generate a key and a password.
Further, the intranet module and the extranet module are both computers, and a north bridge of the computer is connected with a USB interface; the internal network module and the external network module are connected with a one-way communication module through the USB interface.
Furthermore, the computer is provided with a PCI-E interface, and the intranet module is connected with the encryption module through the PCI-E interface.
The functional module comprises a central processing unit, a storage module and a user encryption module;
the central processing unit is connected with the communication module and the user encryption module and is used for processing interactive information before or after interaction.
The storage module is connected with the central processing unit and stores the interaction information processed by the central processing unit.
Further, the unidirectional communication module stores a unidirectional communication protocol.
Further, the security gateway software end further includes a log recording module, which records log data when IPSec negotiation is initiated each time.
Further, the security gateway software end further includes a parameter configuration module, and when the IPSec negotiation module initiates IPSec negotiation, the parameter configuration module configures parameters of the master station end and the user end.
Further, the encryption module is a password card.
The invention also provides an energy station user data wireless communication experimental platform, which comprises the energy station user data wireless communication system, and further comprises:
the test end is connected with the intranet module;
and the analog end is connected with the external network module.
Further, the simulation end is a PLC tester, and the PLC tester is connected with the simulation test point.
Compared with the prior art, the technical scheme of the invention has the following advantages:
(1) the system provided by the invention is based on the network security risk analysis of the energy station, the acquisition and isolation of user data are subjected to blocking and protocol conversion processing, merging transmission synchronization is carried out after the processing is finished, and the risk of utilized attack is reduced by blocking a port intercepting non-service data and service through the unicity of the user data. And (3) constructing a network isolation risk evaluation model, introducing a time dimension, and promoting data security protection from the characteristic of user data.
(2) The system of the invention ensures three important network security factors of confidentiality, confidentiality and data integrity of user data wireless transmission by adopting the research and development of a public key password SM1 algorithm, a symmetric password SM2 algorithm, a password hash SM3 algorithm and a random number generation algorithm of the national password administration for the main station side equipment and the user side equipment; in addition, the security gateway also has various anti-attack characteristics, such as network isolation technology, replay attack resistance, DOS attack resistance and the like. By implementing the algorithm and the technology, the security gateway hardware end has higher safety and reliability in commercial VPN gateway products.
Drawings
Fig. 1 is a schematic diagram of a master station according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a user side according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a security gateway software side provided by an embodiment of the present invention;
fig. 4 is a schematic diagram of an energy station user data wireless communication experimental platform according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The embodiment provides an energy station user data wireless communication system.
The wireless communication system for the user data of the energy station comprises a security gateway hardware end and a security gateway software end.
The master station end comprises an internal network module and an external network module, and the internal network module and the external network module are communicated through a one-way communication module; the internal network module is connected with an internal network, and the external network module is connected with an external network; the intranet module is connected with an encryption module; the user side comprises a communication module and a functional module which are in communication connection; the communication module interacts with the external network module through an external network; and the functional module executes information processing and storage before or after interaction of the communication module.
Specifically, the intranet module and the extranet module are both computers, as shown in fig. 1, on a motherboard of a computer, a cpu and a memory are connected to a south bridge of the motherboard, and serial ports, a network card, a magnetic disk and USB connectors are connected to a north bridge of the motherboard, and the south bridge is connected to the north bridge.
The internal network module and the external network module are connected with a one-way communication module through the USB interface. The one-way communication module is used for storing a one-way communication protocol, when the intranet module and the extranet module are transmitted through the one-way communication module, data transmitted on special hardware comprise a network data packet and a private command, the protocol field of the network data packet is modified by a main program, an internal communication private protocol head is added, only the other end of content sent by the main program of the intranet/extranet host can be identified, and the unidentified data packet can be effectively prevented from being transmitted through the special hardware.
The external network module is connected with the public network and directly exposed on the internet, and firstly resists general network attacks, such as 'Ping Of Death' and the like, and does not store any relevant data Of passwords such as certificates, keys and the like so as to protect key information from being leaked on the public network.
The intranet module is connected with the encryption module through the PCI-E. In this embodiment, the encryption module is an encryption card with a model number of
The intranet host is connected with the intranet, stores the certificate, the private key, the working key negotiated by the IPSec, the session key and other key information, and completes the VPN encapsulation/decapsulation function; the product software comprises a Linux kernel, a Linux file system, a product main program, an encrypted library file, a configuration program under Windows and the like.
The user side comprises a communication module and a functional module which are in communication connection; the communication module interacts with the external network module through an external network; and the functional module executes information processing and storage before or after interaction of the communication module.
The functional module comprises a central processing unit, a storage module and a user encryption module; the central processing unit is connected with the communication module and the user encryption module and is used for processing interactive information before or after interaction. The storage module is connected with the central processing unit and stores the interaction information processed by the central processing unit. Specifically, in this embodiment, as shown in fig. 2, the central processing unit is an ARM cpu, the user encryption module is a TCM password chip, and the storage module is a storage chip.
The functional module also comprises an antenna for signal transmission, and the antenna is connected with the communication module; the functional module also comprises a serial port and an RJ45 expansion interface.
In the embodiment, network isolation is realized by constructing a hardware end of the security gateway, and the network isolation technology is to physically and completely separate an internal network from an external network, block the connection between the internal network and the external network, and prevent the internal network from being connected with the external network in various direct or indirect ways, including through a firewall or a proxy server. The core of network isolation is physical isolation. One characteristic of physical isolation is that networks of different security levels are never connected, and at most one of the intranet and the extranet establishes a non-eight-protocol data connection with the isolation device at the same time. The user cannot use both the internal network system and the external network system at the same time and in the same space. Physical isolation is a simple and effective means to prevent network attacks such as hacker intrusion and denial of service. For industrial control systems to connect to the internet, physical isolation techniques must be employed in order to prevent attacks from the internet and to ensure these high levels of security, requiring confidentiality, integrity, denial, and availability of the network.
The security gateway software end, as shown in fig. 3, includes an IPSec negotiation module, a VPN encapsulation module, and a cryptographic algorithm module; the IPSec negotiation module initiates IPSec negotiation when the main station end interacts with the user end; the VPN packaging module realizes the packaging of the interactive information when the main station end interacts with the user end; the cryptographic algorithm module provides an algorithm for the encryption module to generate a key and a password; the security gateway software end also comprises a log recording module which records log data when IPSec negotiation is initiated each time; the security gateway software end also comprises a parameter configuration module, and when the IPSec negotiation module initiates IPSec negotiation, the parameters of the main station end and the user end are configured.
The IPsec VPN protocol consists of the internet key exchange protocol IKE and a protocol that protects the packet flow. The protocols that protect packet flows include the ESP protocol, which cryptographically protects packet flows, and the AH protocol, which authenticates data. The security services used by the IPsec VPN protocol consist of:
and (3) access control: and controlling the access capability of the user to the resource through authorization.
Data source verification: the sender is authenticated to ensure that the opposite end of the communication is locally trusted.
Confidentiality: the ciphertext data packet is used for replacing the original plaintext data packet for transmission in the network, so that the data security is improved.
Integrity: and checking whether the network data is modified or not to ensure that the arrival number is not tampered.
Anti-replay: the method and the device prevent the malicious or redundant IP data packets from being repeatedly received and damage to the IP data packets.
The security gateway software end solves the management and deployment of key infrastructure through SM3 cryptographic algorithm in the actual working process, and the SM3 cryptographic algorithm is designed based on the idea that effective identifications (such as user addresses, IP addresses, device IDs, MAC addresses and the like) of entities serve as public keys, so that the complexity of a security system is greatly reduced. A trusted Private Key Generator (PKG) is used as the center of a system based on a domestic password system, and when a user and a device are added into the system for the first time or a condition required by the system for updating a private key is met, the center can generate a private key for the user and the device. This center, also called the key generation center, acts like an issuer of identification cards in real life. The user and the device select identification information such as user address, IP address, MAC or the combination of the information as their public key, and the user can not deny the identification representing the user and the identification information can be published. The private key corresponding to the identification information selected by the user, namely the public key, is generated by the key generation center, and like the card issuing organizations of other authoritative identification cards, the key generation center needs to strictly check the identity of the user who needs to apply for the private key so as to avoid the illegal user from stealing the identification/identity of the legal user; meanwhile, the key generation center also protects the privilege information used by the user private key to prevent the user private key from being leaked. For the general users, the private key of the general users should be prevented from being leaked out or illegally copied during use.
The system of the invention ensures three important network security factors of confidentiality, confidentiality and data integrity of user data wireless transmission by adopting the research and development of a public key password SM1 algorithm, a symmetric password SM2 algorithm, a password hash SM3 algorithm and a random number generation algorithm of the national password administration for the main station side equipment and the user side equipment; in addition, the security gateway also has various anti-attack characteristics, such as network isolation technology, replay attack resistance, DOS attack resistance and the like. By implementing the algorithm and the technology, the security gateway hardware end has higher safety and reliability in commercial VPN gateway products.
Example two
The embodiment provides an energy station user data wireless communication experimental platform, as shown in fig. 4, including the energy station user data wireless communication experimental system in the first embodiment.
The experiment platform comprises a test end and a simulation end, and the test end is connected with the intranet module; the analog end is connected with the external network module. The simulation end is a PLC tester, the PLC tester is connected with the simulation test point, and the PLC tester is connected with the external network module through an RJ45 expansion interface.
And (4) establishing an experimental platform by combining the energy station user data wireless communication system and the user data interaction condition. And (3) researching the data flow in the network, and attacking the experimental platform in a network attack mode, such as means of denial of service, IP contact, flooding attack and the like, so as to verify the security of the user data.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. The energy station user data wireless communication system is characterized by comprising a security gateway hardware end and a security gateway software end:
the security gateway hardware end comprises a main station end and a user end;
the master station end comprises an internal network module and an external network module, and the internal network module and the external network module are communicated through a one-way communication module;
the internal network module is connected with an internal network, and the external network module is connected with an external network; the intranet module is connected with an encryption module;
the user side comprises a communication module and a functional module which are in communication connection; the communication module interacts with the external network module through an external network; the functional module executes information processing and storage before or after interaction of the communication module;
the security gateway software end comprises an IPSec negotiation module, a VPN encapsulation module and a cryptographic algorithm module;
the IPSec negotiation module initiates IPSec negotiation when the main station end interacts with the user end;
the VPN encapsulation module realizes encapsulation of interaction information when the main station end interacts with the user end;
the cryptographic algorithm module provides an algorithm for the encryption module to generate a key and a password.
2. The wireless communication system for user data of the energy station according to claim 1, wherein the internal network module and the external network module are both computers, and a north bridge of the computer is connected with a USB interface; the internal network module and the external network module are connected with a one-way communication module through the USB interface.
3. The wireless communication system for user data in an energy station according to claim 2, wherein the computer is provided with a PCI-E interface, and the intranet module is connected to the encryption module through the PCI-E interface.
4. The wireless communication system according to claim 1, wherein the functional module comprises a central processing unit, a storage module, a user encryption module;
the central processing unit is connected with the communication module and the user encryption module and is used for processing interactive information before or after interaction.
The storage module is connected with the central processing unit and stores the interaction information processed by the central processing unit.
5. The energy station user data wireless communication system of claim 1, wherein said unidirectional communication module stores a unidirectional communication protocol.
6. The wireless communication system for user data of an energy station according to claim 1, wherein the security gateway software end further comprises a log recording module for recording log data each time IPSec negotiation is initiated.
7. The wireless communication system for user data of an energy station according to claim 1, wherein the security gateway software end further includes a parameter configuration module, and when the IPSec negotiation module initiates IPSec negotiation, the parameters of the main station end and the user end are configured.
8. The energy station user data wireless communication system according to claim 1, wherein the encryption module is a cryptocard.
9. An energy station user data wireless communication experiment platform, which is characterized by comprising the energy station user data wireless communication system according to any one of claims 1 to 8, and further comprising:
the test end is connected with the intranet module;
and the analog end is connected with the external network module.
10. The wireless communication experiment platform for the user data of the energy station as claimed in claim 9, wherein the simulation terminal is a PLC tester, and the PLC tester is connected to the simulation test point.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210006530.1A CN114448681A (en) | 2022-01-04 | 2022-01-04 | Energy station user data wireless communication system and experimental platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210006530.1A CN114448681A (en) | 2022-01-04 | 2022-01-04 | Energy station user data wireless communication system and experimental platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114448681A true CN114448681A (en) | 2022-05-06 |
Family
ID=81364975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210006530.1A Pending CN114448681A (en) | 2022-01-04 | 2022-01-04 | Energy station user data wireless communication system and experimental platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448681A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN204392296U (en) * | 2015-02-10 | 2015-06-10 | 杭州优稳自动化系统有限公司 | Secure isolation gateway in a kind of industrial control network |
| CN205847326U (en) * | 2016-08-08 | 2016-12-28 | 中国南方电网有限责任公司电网技术研究中心 | The electric power monitoring system safety access device that layering is disposed |
| CN106341404A (en) * | 2016-09-09 | 2017-01-18 | 西安工程大学 | IPSec VPN system based on many-core processor and encryption and decryption processing method |
| CN113783868A (en) * | 2021-09-08 | 2021-12-10 | 广西东信数建信息科技有限公司 | Method and system for protecting security of gate Internet of things based on commercial password |
-
2022
- 2022-01-04 CN CN202210006530.1A patent/CN114448681A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN204392296U (en) * | 2015-02-10 | 2015-06-10 | 杭州优稳自动化系统有限公司 | Secure isolation gateway in a kind of industrial control network |
| CN205847326U (en) * | 2016-08-08 | 2016-12-28 | 中国南方电网有限责任公司电网技术研究中心 | The electric power monitoring system safety access device that layering is disposed |
| CN106341404A (en) * | 2016-09-09 | 2017-01-18 | 西安工程大学 | IPSec VPN system based on many-core processor and encryption and decryption processing method |
| CN113783868A (en) * | 2021-09-08 | 2021-12-10 | 广西东信数建信息科技有限公司 | Method and system for protecting security of gate Internet of things based on commercial password |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2487482C2 (en) | Method and apparatus for generating security data and computer program product | |
| CN106603487B (en) | Method for improving security of TLS protocol processing based on CPU space-time isolation mechanism | |
| CN112235235B (en) | SDP authentication protocol implementation method based on cryptographic algorithm | |
| Adeel et al. | A multi‐attack resilient lightweight IoT authentication scheme | |
| Baitha et al. | Session hijacking and prevention technique | |
| US10263782B2 (en) | Soft-token authentication system | |
| CN107508847A (en) | One kind connection method for building up, device and equipment | |
| CN114584343B (en) | Data protection method and system for cloud computing center and readable storage medium | |
| CN113904767A (en) | System for establishing communication based on SSL | |
| Atighetchi et al. | Safe configuration of TLS connections | |
| CN116248405A (en) | Network security access control method based on zero trust and gateway system and storage medium adopting same | |
| CN105790932A (en) | Encryption method through using machine codes as bases | |
| CN113783868B (en) | Method and system for protecting Internet of things safety of gate based on commercial password | |
| CN114448681A (en) | Energy station user data wireless communication system and experimental platform | |
| CN113261255B (en) | Device authentication by quarantine and verification | |
| Jo et al. | A secure user authentication protocol based on one-time-password for home network | |
| KR20040088137A (en) | Method for generating encoded transmission key and Mutual authentication method using the same | |
| CN117424742B (en) | Session key restoring method of non-perception transmission layer security protocol | |
| TWI706281B (en) | Device verification method | |
| Xie et al. | Research and Application of FTU Distribution Network Automation Security Protection Scheme Based on Embedded Security Chip | |
| CN218499149U (en) | Gate type security gateway embedded into service server | |
| CN115835194B (en) | NB-IOT terminal safety access system and access method | |
| KR100744603B1 (en) | Authentification method for packet level user by use of bio data | |
| CN115562906A (en) | Backup method, system and device for data access authority control | |
| CN117319080A (en) | Mobile terminal for isolating secret communication and communication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |