CN114666368A - Access control method, device, equipment and storage medium of power internet of things - Google Patents
Access control method, device, equipment and storage medium of power internet of things Download PDFInfo
- Publication number
- CN114666368A CN114666368A CN202210314914.XA CN202210314914A CN114666368A CN 114666368 A CN114666368 A CN 114666368A CN 202210314914 A CN202210314914 A CN 202210314914A CN 114666368 A CN114666368 A CN 114666368A
- Authority
- CN
- China
- Prior art keywords
- communication
- things
- access control
- request packet
- power internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004891 communication Methods 0.000 claims abstract description 141
- 238000011217 control strategy Methods 0.000 claims abstract description 19
- 230000006798 recombination Effects 0.000 claims abstract description 10
- 238000005215 recombination Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000007689 inspection Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012857 repacking Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an access control method, device, equipment and storage medium of an electric power Internet of things.A network card drive is installed on computer equipment of an agent electric power Internet of things application device, and a communication request packet of the electric power Internet of things application device is intercepted based on the network card drive so as to carry out access control on network communication of an electric power physical application device; and analyzing the communication request packet based on a preset access control strategy to obtain an information source ID of the communication request packet, verifying the request content of the communication request packet according to the information source ID, and finally, if the request content is verified to pass, performing plaintext recombination on the communication request packet to obtain communication plaintext information, so that a network card driving layer is realized, equipment-level network access control and application-oriented transparent communication authentication are realized, and the safety of the power internet of things is improved.
Description
Technical Field
The invention relates to the technical field of communication of the Internet of things, in particular to an access control method, device, equipment and storage medium of an electric power Internet of things.
Background
In the field of power industry, a large number of intelligent sensing devices are generally applied to power grid operation processes such as power generation, power transmission, power transformation, power distribution, power utilization and the like. In order to ensure the normal work of a large amount of intelligent sensing equipment and the accuracy of information reporting, the safety protection of the power internet of things is required.
At present, the security protection for the internet of things mainly includes a security protection method based on an operating system and a software cryptographic machine. The IPv4 of the operating system communication framework only has packet inspection, and the algorithm is open, does not participate in a secret key, and is easy to intercept, decrypt and tamper. The software cipher machine needs the intervention of a key management system, especially the first communication authentication and the key exchange need to accord with the cipher management standard, is suitable for the secret communication with the participation of people, and is not suitable for the encryption communication among equipment.
Disclosure of Invention
The invention provides an access control method, device, equipment and storage medium of an electric power Internet of things, and aims to solve the technical problem that safety of the existing safety protection for the electric power Internet of things is insufficient.
In order to solve the technical problem, in a first aspect, the present invention provides an access control method for an electric power internet of things, which is applied to a computer device, where the computer device is used as a proxy for an electric power internet of things application device, and the computer device is provided with a network card driver, and the method includes:
intercepting a communication request packet of the power Internet of things application equipment based on network card driving;
analyzing the communication request packet based on a preset access control strategy to obtain an information source ID of the communication request packet;
verifying the request content of the communication request packet according to the information source ID;
and if the request content passes the verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment.
According to the method, a network card driver is installed on a computer device of the proxy power Internet of things application device (namely, intelligent sensing device), and a communication request packet of the power Internet of things application device is intercepted based on the network card driver so as to perform access control on power physical application device network communication; the communication request packet is analyzed based on a preset access control strategy to obtain an information source ID of the communication request packet, and the request content of the communication request packet is verified according to the information source ID, so that the network card drives the layer, the equipment-level network access control and the application-oriented transparent communication authentication are realized, and the safety of the power internet of things is improved; and finally, if the request content passes the verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, so that the communication plaintext information flows in the power internet of things, and the access control strategy of the central server and the sub-central server is implemented.
Preferably, the verifying the request content of the communication request packet according to the source ID includes:
accessing a local sub-center server, and reading a lightweight directory access protocol LDAP tree of the local sub-center server;
if the LDAP tree has the information source ID, inquiring an information source public key of the information source ID from the local sub-center server;
and verifying the request content of the communication request packet based on the source public key.
Preferably, the verifying the request content of the communication request packet based on the source public key includes:
decrypting the communication request packet by using the information source public key to obtain the request content of the communication request packet;
and performing content verification on the request content.
Preferably, after accessing the local decentralized server and reading the LDAP tree of the local decentralized server, the method further includes:
and if the LDAP tree does not have the information source ID, accessing a higher-level sub-center server of the local sub-center server, and reading an information source public key corresponding to the information source ID in the higher-level sub-center server.
Preferably, accessing a superior decentralization server of the local decentralization server, and reading an information source public key corresponding to the information source ID in the superior decentralization server comprises:
accessing a communication addressing interface of a local sub-center server, and inquiring a communication address of a superior sub-center server;
and accessing the upper-level sub-center server based on the communication address, and reading the information source public key corresponding to the information source ID in the upper-level sub-center server.
Preferably, after the plaintext reassembly of the communication request packet to obtain the communication plaintext information if the request content verification passes, the method further includes:
and forwarding the communication plaintext information to a virtual network card of the local sub-center server, and reading the communication plaintext information from the virtual network card by other electric power Internet of things application equipment.
Preferably, the method further includes, before analyzing the communication request packet based on a preset access control policy and obtaining the source ID of the communication request packet:
accessing an upper-level sub-center server, and reading a preset access control strategy in the upper-level sub-center server;
and locally storing the preset access control strategy.
In a second aspect, the present invention provides an access control device for an electric power internet of things, which is mounted on a computer device, the computer device is used for acting on an electric power internet of things application device, the computer device is provided with a network card driver, and the device includes:
the intercepting module is used for intercepting a communication request packet of the power Internet of things application equipment based on network card driving;
the analysis module is used for analyzing the communication request packet based on a preset access control strategy to obtain the information source ID of the communication request packet;
the verification module is used for verifying the request content of the communication request packet according to the information source ID;
and the recombination module is used for performing plaintext recombination on the communication request packet to obtain communication plaintext information if the request content passes the verification, and the communication plaintext information is used for being read by other electric power Internet of things application equipment.
In a third aspect, the present invention provides a computer device comprising a processor and a memory for storing a computer program which, when executed by the processor, implements the access control method for the power internet of things as in the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the access control method for the power internet of things according to the first aspect.
Please refer to the relevant description of the first aspect for the beneficial effects of the second to fourth aspects, which are not repeated herein.
Drawings
Fig. 1 is a schematic flow chart illustrating an access control method for an electric power internet of things according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an electric power internet of things according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an access control device of an electric power internet of things according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
As described in the related art, the security protection for the internet of things mainly includes a security protection method based on an operating system and a software cryptographic machine. The IPv4 of the operating system communication framework only has packet inspection, and the algorithm is open, does not participate in a secret key, and is easy to intercept, decrypt and tamper. The software cipher machine needs the intervention of a key management system, especially the first communication authentication and the key exchange need to accord with the cipher management standard, is suitable for the secret communication with the participation of people, and is not suitable for the encryption communication among equipment.
Therefore, the embodiment of the invention provides an access control method of an electric power internet of things, which comprises the steps of installing a network card driver on a computer device of an agent electric power internet of things application device, intercepting a communication request packet of the electric power internet of things application device based on the network card driver, and carrying out access control on network communication of an electric power physical application device; the communication request packet is analyzed based on a preset access control strategy to obtain an information source ID of the communication request packet, the request content of the communication request packet is verified according to the information source ID, equipment-level network access control and application-oriented transparent communication authentication are realized from a network card driving layer, and the safety of the power internet of things is improved; and finally, if the request content passes the verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, so that the communication plaintext information flows in the power internet of things, and the access control strategy of the central server and the sub-central server is implemented.
Referring to fig. 1, fig. 1 is a schematic flow chart of an access control method for an electric power internet of things according to an embodiment of the present invention. The access control method of the power internet of things can be applied to computer equipment which is provided with a network card drive, and the computer equipment comprises but is not limited to equipment such as a smart phone, a notebook computer, a tablet computer, a desktop computer, a physical server and a cloud server. Fig. 2 is a schematic structural diagram of an electric power internet of things provided by an embodiment of the present invention, and as shown in fig. 2, a computer device is used for acting on an application device of the electric power internet of things, and the computer device is in communication connection with a local sub-center server and a superior sub-center server. As shown in fig. 1, the access control method of the power internet of things of the present embodiment includes steps S101 to S104, which are detailed as follows:
and S101, intercepting a communication request packet of the power Internet of things application equipment based on the network card drive.
In this step, after receiving a communication request of the power internet of things application device, the network card driver on the computer device intercepts a communication request packet of the communication request, where the communication request packet is a data packet.
And step S102, analyzing the communication request packet based on a preset access control strategy to obtain the information source ID of the communication request packet.
In this step, the access control policy is a data processing logic for performing data analysis, verification, extraction and data packet reassembly on the communication request packet intercepted by the network card driver, and may be formulated by the superior sub-center server, and the access control policy is obtained from the superior sub-center server and is locally stored. Specifically, accessing an upper-level sub-center server, and reading a preset access control strategy in the upper-level sub-center server; and locally storing the preset access control strategy.
Optionally, the access control policy is established on the basis of network card drive interception, and the quintuple of the communication request packet is analyzed to obtain the information source ID, where the information source ID includes, but is not limited to, an information source IP address, an information source port, and the like.
Step S103, verifying the request content of the communication request packet according to the information source ID.
In this step, the verification may be to verify information such as integrity and validity of the requested content, and if the requested content meets requirements such as integrity and validity, it is determined that the requested content passes the verification.
And step S104, if the request content passes the verification, performing plaintext recombination on the communication request packet to obtain communication plaintext information, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment.
In the step, communication plaintext information can be transmitted in the power internet of things, so that smooth communication in the power internet of things is guaranteed. According to the invention, through interception, information extraction and repacking based on the network card driving layer, the non-inductive transparent encryption and decryption of the application system are realized, and the communication safety of the power Internet of things is improved.
In an embodiment, based on the embodiment shown in fig. 1, the step S101 includes:
accessing a local sub-center server, and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
if the information source ID exists in the LDAP tree, inquiring an information source public key of the information source ID from the local sub-center server;
and verifying the request content of the communication request packet based on the source public key.
In this embodiment, a network connection with the decentralized center may be established through the decentralized center public key and the decentralized center IP address set on the management interface, the LDAP tree and the communication addressing interface of the decentralized center are read, and after the connection with the decentralized center is established, the software agent of the computer device may be incorporated into the entire secure trusted network.
Optionally, verifying the request content of the communication request packet based on the source public key includes: decrypting the communication request packet by using the information source public key to obtain the request content of the communication request packet; and performing content verification on the request content.
In this optional embodiment, before the communication request packet is sent, the communication request packet is encrypted by using the private key of the application device of the power internet of things, so that decryption needs to be performed by using the corresponding public key, so as to improve the communication security of the power internet of things. Meanwhile, the decryption operation has higher performance requirement, and the existence of the preset access control strategy can enable the whole agent to have stronger capability of defending DOS/DDOS attack.
In an embodiment, on the basis of the embodiment shown in fig. 1, after the accessing the local sub-center server and reading the LDAP tree of the local sub-center server, the accessing further includes:
and if the LDAP tree does not have the information source ID, accessing a superior sub-center server of the local sub-center server, and reading an information source public key corresponding to the information source ID in the superior sub-center server.
In this embodiment, the source public key is stored in the upper-level decentralized server in advance, so that the source public key is queried through an upward addressing function. Optionally, accessing a communication addressing interface of the local sub-center server, and querying a communication address of the superior sub-center server; and accessing the superior sub-center server based on the communication address, and reading an information source public key corresponding to the information source ID in the superior sub-center server.
In an embodiment, on the basis of the embodiment shown in fig. 1, after the step S104, the method further includes:
and forwarding the communication plaintext information to a virtual network card of a local sub-center server, wherein the other electric power Internet of things application equipment reads the communication plaintext information from the virtual network card.
In this embodiment, the communication plaintext information is sent to the virtual network card, so that communication verification can be performed on other electric power internet-of-things application devices which read the communication plaintext information according to a communication verification manner similar to the above steps S101 to S103, and the communication security inside the electric power internet-of-things is further ensured.
In order to execute the access control method of the power internet of things corresponding to the method embodiment, corresponding functions and technical effects are achieved. Referring to fig. 3, fig. 3 is a block diagram illustrating a structure of an access control device of an electric power internet of things according to an embodiment of the present invention. For convenience of description, only the portions related to the present embodiment are shown, and an access control apparatus for an electric power internet of things according to an embodiment of the present invention is mounted on a computer device, the computer device being used for acting on an application device of the electric power internet of things, the computer device being provided with a network card driver, the apparatus including:
the intercepting module 301 is used for intercepting a communication request packet of the power internet of things application equipment based on the network card drive;
an analysis module 302, configured to analyze the communication request packet based on a preset access control policy to obtain an information source ID of the communication request packet;
a verification module 303, configured to verify the request content of the communication request packet according to the information source ID;
the restructuring module 304 is configured to, if the request content passes verification, perform plaintext restructuring on the communication request packet to obtain communication plaintext information, where the communication plaintext information is used for being read by other power internet of things application devices.
In an embodiment, based on the embodiment shown in fig. 3, the verification module 303 includes:
the first access submodule is used for accessing the local sub-center server and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
the query submodule is used for querying the information source public key of the information source ID from the local sub-center server if the information source ID exists in the LDAP tree;
and the verification sub-module is used for verifying the request content of the communication request packet based on the information source public key.
In one embodiment, the verification sub-module includes:
the decryption unit is used for decrypting the communication request packet by using the information source public key to obtain the request content of the communication request packet;
and the verification unit is used for verifying the content of the request content.
In an embodiment, based on the embodiment shown in fig. 3, the verification module 303 further includes:
and the second access submodule is used for accessing a higher-level sub-center server of the local sub-center server and reading an information source public key corresponding to the information source ID in the higher-level sub-center server if the information source ID does not exist in the LDAP tree.
In one embodiment, the second access submodule includes:
the first access unit is used for accessing a communication addressing interface of the local branch center server and inquiring a communication address of the superior branch center server;
and the second access unit is used for accessing the superior sub-center server based on the communication address and reading the information source public key corresponding to the information source ID in the superior sub-center server.
In an embodiment, based on the embodiment shown in fig. 3, the apparatus further includes:
and the forwarding module is used for forwarding the communication plaintext information to a virtual network card, and the other electric power internet of things application equipment reads the communication plaintext information from the virtual network card.
In an embodiment, based on the embodiment shown in fig. 3, the apparatus further includes:
the access module is used for accessing the superior sub-center server and reading a preset access control strategy in the superior sub-center server;
and the storage module is used for locally storing the preset access control strategy.
The access control device of the power internet of things can implement the access control method of the power internet of things of the embodiment of the method. The alternatives in the above-described method embodiments are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present invention may refer to the contents of the above method embodiments, and in this embodiment, details are not repeated.
Fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention. As shown in fig. 4, the computer device 4 of this embodiment includes: at least one processor 40 (only one shown in fig. 4), a memory 41, and a computer program 42 stored in the memory 41 and executable on the at least one processor 40, the processor 40 implementing the steps of any of the method embodiments described above when executing the computer program 42.
The computer device 4 may be a computing device such as a smart phone, a tablet computer, a desktop computer, and a cloud server. The computer device may include, but is not limited to, a processor 40, a memory 41. Those skilled in the art will appreciate that fig. 4 is merely an example of the computer device 4 and does not constitute a limitation of the computer device 4, and may include more or less components than those shown, or combine certain components, or different components, such as input output devices, network access devices, etc.
The Processor 40 may be a Central Processing Unit (CPU), and the Processor 40 may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may in some embodiments be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. The memory 41 may also be an external storage device of the computer device 4 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the computer device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the computer device 4. The memory 41 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of the computer program. The memory 41 may also be used to temporarily store data that has been output or is to be output.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in any of the method embodiments described above.
Embodiments of the present invention provide a computer program product, which when running on a computer device, enables the computer device to implement the steps in the above method embodiments when executed.
In several embodiments provided by the present invention, it will be understood that each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present application and are not intended to limit the scope of the present application. It should be understood that any modifications, equivalents, improvements and the like, which come within the spirit and principle of the present application, may occur to those skilled in the art and are intended to be included within the scope of the present application.
Claims (10)
1. An access control method of an electric power internet of things is applied to computer equipment, the computer equipment is used for acting on application equipment of the electric power internet of things, the computer equipment is provided with a network card drive, and the method comprises the following steps:
intercepting a communication request packet of the power Internet of things application equipment based on the network card drive;
analyzing the communication request packet based on a preset access control strategy to obtain an information source ID of the communication request packet;
verifying the request content of the communication request packet according to the information source ID;
and if the request content passes the verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment.
2. The access control method of the power internet of things as claimed in claim 1, wherein the verifying the request content of the communication request packet according to the source ID comprises:
accessing a local sub-center server, and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
if the information source ID exists in the LDAP tree, inquiring an information source public key of the information source ID from the local sub-center server;
and verifying the request content of the communication request packet based on the source public key.
3. The access control method of the power internet of things as claimed in claim 2, wherein the verifying the request content of the communication request packet based on the source public key comprises:
decrypting the communication request packet by using the information source public key to obtain the request content of the communication request packet;
and performing content verification on the request content.
4. The access control method of the power internet of things as claimed in claim 2, wherein the accessing the local sub-center server further comprises, after reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server:
and if the LDAP tree does not have the information source ID, accessing a superior sub-center server of the local sub-center server, and reading an information source public key corresponding to the information source ID in the superior sub-center server.
5. The access control method of the power internet of things as claimed in claim 4, wherein accessing a superior decentralized server of the local decentralized server and reading a source public key corresponding to the source ID in the superior decentralized server comprises:
accessing a communication addressing interface of the local sub-center server and inquiring a communication address of the superior sub-center server;
and accessing the superior sub-center server based on the communication address, and reading an information source public key corresponding to the information source ID in the superior sub-center server.
6. The access control method of the power internet of things according to claim 1, wherein if the request content passes verification, the method further comprises, after plaintext reassembly of the communication request packet to obtain communication plaintext information:
and forwarding the communication plaintext information to a virtual network card of a local sub-center server, wherein the other electric power Internet of things application equipment reads the communication plaintext information from the virtual network card.
7. The access control method of the power internet of things as claimed in claim 1, wherein before the analyzing the communication request packet based on a preset access control policy to obtain the source ID of the communication request packet, the method further comprises:
accessing an upper-level sub-center server, and reading a preset access control strategy in the upper-level sub-center server;
and locally storing the preset access control strategy.
8. An access control device of an electric power internet of things is characterized by being carried on a computer device, wherein the computer device is used for acting on an electric power internet of things application device, the computer device is provided with a network card drive, and the access control device comprises:
the intercepting module is used for intercepting a communication request packet of the power Internet of things application equipment based on the network card drive;
the analysis module is used for analyzing the communication request packet based on a preset access control strategy to obtain an information source ID of the communication request packet;
the verification module is used for verifying the request content of the communication request packet according to the information source ID;
and the recombination module is used for performing plaintext recombination on the communication request packet to obtain communication plaintext information if the request content passes the verification, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment.
9. A computer device comprising a processor and a memory for storing a computer program which, when executed by the processor, implements the access control method of the power internet of things of any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the access control method of the power internet of things as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210314914.XA CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210314914.XA CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666368A true CN114666368A (en) | 2022-06-24 |
| CN114666368B CN114666368B (en) | 2024-01-30 |
Family
ID=82032722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210314914.XA Active CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666368B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208918A (en) * | 2022-06-28 | 2022-10-18 | 广东电网有限责任公司 | Communication method, device, storage medium and system of global Internet of things |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571434A (en) * | 2012-01-11 | 2012-07-11 | 清华大学 | Data access control method for network driver layer in operating system |
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| US20160119374A1 (en) * | 2014-10-28 | 2016-04-28 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
| CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
| CN114143068A (en) * | 2021-11-25 | 2022-03-04 | 广东电网有限责任公司 | Electric power internet of things gateway equipment container safety protection system and method thereof |
-
2022
- 2022-03-28 CN CN202210314914.XA patent/CN114666368B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571434A (en) * | 2012-01-11 | 2012-07-11 | 清华大学 | Data access control method for network driver layer in operating system |
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| US20160119374A1 (en) * | 2014-10-28 | 2016-04-28 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
| CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
| CN114143068A (en) * | 2021-11-25 | 2022-03-04 | 广东电网有限责任公司 | Electric power internet of things gateway equipment container safety protection system and method thereof |
Non-Patent Citations (1)
| Title |
|---|
| 杨震斌;王平;王发茂;: "EPA安全网关原理与应用设计", 单片机与嵌入式系统应用, no. 09, pages 12 - 14 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208918A (en) * | 2022-06-28 | 2022-10-18 | 广东电网有限责任公司 | Communication method, device, storage medium and system of global Internet of things |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666368B (en) | 2024-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757641B2 (en) | Decentralized data authentication | |
| CN113890727B (en) | Key exchange by partially trusted third party | |
| US10333903B1 (en) | Provisioning network keys to devices to allow them to provide their identity | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| CN106899571B (en) | Information interaction method and device | |
| Shaikh | Attacks on cloud computing and its countermeasures | |
| US20180007021A1 (en) | Public key pinning for private networks | |
| CN114003559A (en) | Log access method, device and equipment and computer readable storage medium | |
| CN114781006B (en) | Outsourcing data integrity auditing method and system based on block chain and SGX | |
| CN113849797B (en) | Method, device, equipment and storage medium for repairing data security hole | |
| CN114666368B (en) | Access control method, device, equipment and storage medium of electric power Internet of things | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN113055357B (en) | Method and device for verifying credibility of communication link by single packet, computing equipment and storage medium | |
| US20030046532A1 (en) | System and method for accelerating cryptographically secured transactions | |
| CN111490876B (en) | Communication method based on USB KEY and USB KEY | |
| CN117632099A (en) | Multi-language calling method, device, equipment and medium based on application program interface | |
| EP3836478A1 (en) | Method and system of data encryption using cryptographic keys | |
| CN112995119A (en) | Data monitoring method and device | |
| CN113242214B (en) | Device, system and method for encryption authentication between boards of power secondary equipment | |
| US20220345292A1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| CN114598724A (en) | Safety protection method, device, equipment and storage medium for power internet of things | |
| CN112822217A (en) | Server access method, device, equipment and storage medium | |
| CN116846682B (en) | Communication channel establishment method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |