CN115314889A - Multi-level security authentication method and system for power regulation and control terminal, memory and equipment - Google Patents

Multi-level security authentication method and system for power regulation and control terminal, memory and equipment Download PDF

Info

Publication number
CN115314889A
CN115314889A CN202210789608.1A CN202210789608A CN115314889A CN 115314889 A CN115314889 A CN 115314889A CN 202210789608 A CN202210789608 A CN 202210789608A CN 115314889 A CN115314889 A CN 115314889A
Authority
CN
China
Prior art keywords
data
user
sensitive data
identity authentication
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210789608.1A
Other languages
Chinese (zh)
Inventor
朱江
朱世顺
顾智敏
黄伟
韦小刚
姜海涛
王黎明
高鹏
黄天明
王梓
陕大诚
韩勇
郭静
周超
王梓莹
赵新冬
郭雅娟
朱道华
孙云晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Nari Information and Communication Technology Co
State Grid Electric Power Research Institute
Original Assignee
State Grid Corp of China SGCC
State Grid Jiangsu Electric Power Co Ltd
Nari Information and Communication Technology Co
State Grid Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Jiangsu Electric Power Co Ltd, Nari Information and Communication Technology Co, State Grid Electric Power Research Institute filed Critical State Grid Corp of China SGCC
Priority to CN202210789608.1A priority Critical patent/CN115314889A/en
Publication of CN115314889A publication Critical patent/CN115314889A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a multilevel security authentication method, a system, a memory and equipment for an electric power regulation and control terminal, wherein the method classifies electric power terminal service data into sensitive data and non-sensitive data; encrypting the sensitive data by using a symmetric encryption algorithm SM 4; aiming at non-sensitive data, a lightweight stream encryption algorithm is adopted to ensure the safety of the data transmission process; and finally, storing the data in the public cloud through the gateway equipment, and authorizing the user to access by adopting various identity authentication technologies in order to avoid the attack of malicious users, thereby ensuring the safe and efficient transmission of the service data of the power terminal.

Description

Multi-level security authentication method and system for power regulation and control terminal, memory and equipment
Technical Field
The invention relates to a multilevel security authentication method, a multilevel security authentication system, a multilevel security authentication memory and a multilevel security authentication device for an electric power regulation terminal, and belongs to the technical field of network security.
Background
With the further increase of the types and the number of services in the 5G mobile communication system, the 5G network will support differentiated application services such as enhanced mobile internet application, ultra-low delay application, large-scale machine communication and the like, and the security technology is indispensable as the basis for reliable operation of the 5G mobile communication system. The traditional data encryption is a single algorithm or identity authentication technology, and the data security protection level is insufficient. And the classic encryption algorithm emphasizes on providing high-level encryption performance without considering too much hardware resource overhead, and the hardware resource of the power regulation and control terminal is limited and is not suitable for adopting a high-performance and high-energy-consumption encryption algorithm.
Disclosure of Invention
The invention aims to provide a multistage security authentication method, a system, a memory and equipment for an electric power regulation and control terminal, which are used for classifying data of the electric power regulation and control terminal, encrypting and storing sensitive data and non-sensitive data in different modes, establishing three levels of security authentication modes and ensuring the integrity and credibility of the data in transmission.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the invention provides a multilevel security authentication method for a power regulation and control terminal on one hand, which comprises the following steps:
classifying the service data of the power terminal into sensitive data and non-sensitive data;
respectively encrypting and storing sensitive data and non-sensitive data;
and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
Further, the classifying the service data of the power terminal into sensitive data and non-sensitive data includes:
and classifying the service data of the power terminal into sensitive data and non-sensitive data by adopting a pre-constructed convolutional neural network data classification model.
Further, the convolutional neural network data classification model is constructed as follows:
acquiring historical electric power terminal service data, classifying the data according to data characteristics, and dividing the data into sensitive data and non-sensitive data;
standardizing the two types of data, setting a classification label Lable, and marking sensitive data and non-sensitive data by adopting Lable with different values;
and (4) taking 80% of the data set of the two types of data with the classification labels as a training set, and inputting the data set into the convolutional neural network for training to obtain a convolutional neural network data classification model.
Furthermore, in the training process of the convolutional neural network data classification model, the error between the actual output and the expected output is judged by adopting a cross entropy loss function, and the convolutional neural network parameters are optimized and updated.
Further, the encrypting and storing the sensitive data includes:
and encrypting and storing the sensitive data by adopting an SM4 symmetric encryption algorithm.
Further, the encrypting and storing the non-sensitive data includes:
the ciphertext stream is obtained by encrypting the data as follows:
for key stream K i And the plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i The encryption is calculated as follows:
Figure BDA0003733342430000021
wherein, K i Keystream for encrypting ith transmission data for data encryptor, C i A cipher text stream obtained by encrypting the ith transmission data for the data encryptor, C i-1 For the ciphertext stream sent i-1 th time by the data encryptor, hash () represents a Hash operation,
Figure BDA0003733342430000022
representing an exclusive OR operation, M i For the i-th transmitted plaintext stream of the data encryptor, M i-1 The Key is a device secret value of the data encryptor, and the Key is a plaintext stream sent by the data encryptor for the (i-1) th time;
keystream
Figure BDA0003733342430000023
Is generated as follows:
when i =1, take C 0 = Hash (IV) and M 0 = IV, get keystream:
Figure BDA0003733342430000024
wherein IV is an initial vector;
when the value of i is greater than 1,
Figure BDA0003733342430000025
further, the initial vector IV is calculated as follows:
Figure BDA0003733342430000026
wherein h is 1 And h 2 Obtaining the ID of the data encryptor equipment and the secret value Key of the equipment through Hash operation in different combination modes;
the device secret value Key is a string of characters uniformly generated by a data decryptor.
Further, the sensitive data and the non-sensitive data are stored as follows:
and storing the encrypted data in the public cloud through the gateway device.
Further, the performing identity authentication by using a corresponding identity authentication method according to the request level of the stored encrypted data includes:
judging the user request level:
if the file is requested to be read from the public cloud, the file is of a first level, user identity authentication is carried out in a first level identity authentication mode, and the user is granted the right to read the file from the public cloud after the authentication is passed;
if the file is requested to be downloaded from the public cloud, the file is of a second level, user identity authentication is carried out in a second level identity authentication mode, and the user is granted the authority to download the file from the public cloud after the authentication is passed;
and if the file is requested to be read/downloaded from the private cloud, the authentication is carried out in a three-level manner, the user identity authentication is carried out in a three-level identity authentication manner, and the user is granted the right to read/download the file from the private cloud after the authentication is passed.
Further, the primary identity authentication method is as follows: acquiring a user pseudo ID, judging whether the pre-registration information of the user is matched with the acquired pseudo ID, and if so, passing the authentication;
the secondary identity authentication mode is as follows: acquiring the biological characteristics of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics of the user, and if so, passing the authentication;
the three-level identity authentication mode is as follows: and acquiring the biological characteristics and the verification code of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics, and if the pre-registration information of the user is matched with the acquired biological characteristics and the verification code is consistent, passing the authentication.
The second aspect of the present invention provides a multistage security authentication system for a power regulation and control terminal, including:
the data classification system is used for classifying the service data of the power terminal into sensitive data and non-sensitive data;
the sensitive data encryption system is used for encrypting the sensitive data;
the non-sensitive data encryption system is used for encrypting the non-sensitive data;
and the multi-stage identity authentication system is used for providing a multi-stage identity authentication mode and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
Further, the data classification system is particularly useful for,
and constructing a convolutional neural network data classification model, and dividing the service data of the power terminal into sensitive data and non-sensitive data.
Further, the sensitive data encryption system is particularly useful for,
and encrypting the sensitive data by adopting an SM4 symmetric encryption algorithm.
Further, the non-sensitive data encryption system is particularly useful for,
the encryption is carried out in the following way to obtain a ciphertext flow:
for key stream K i Hash value and plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i The encryption is calculated as follows:
Figure BDA0003733342430000041
wherein, K i Keystream for encrypting ith transmission data for data encryptor, C i A cipher text stream obtained by encrypting the ith transmission data for the data encryptor, C i-1 For the ciphertext stream sent i-1 th time by the data encryptor, hash () represents a Hash operation,
Figure BDA0003733342430000042
representing an exclusive OR operation, M i For the i-th transmitted plaintext stream of the data encryptor, M i-1 The plaintext stream is sent by the data encryptor for the (i-1) th time, and Key is an equipment secret value of the data encryptor;
keystream
Figure BDA0003733342430000043
Is generated as follows:
when i =1, take C 0 = Hash (IV) and M 0 = IV, get the keyFlow of
Figure BDA0003733342430000044
Wherein IV is an initial vector;
when the value of i is greater than 1,
Figure BDA0003733342430000045
the initial vector IV is calculated as follows:
Figure BDA0003733342430000046
wherein h is 1 And h 2 Obtaining the ID of the data encryptor equipment and the secret value Key of the equipment through Hash operation in different combination modes;
the device secret value Key is a string of characters that is generated uniformly by a data decryptor.
Further, the multi-level identity authentication system comprises:
the registration module is used for acquiring registration information of the user, wherein the registration information comprises a user ID/password and biological characteristics; and providing each user with a pseudo-ID;
the judging module is used for judging the user request level: if the file is requested to be read from the public cloud, the file is the first level; if the file is requested to be downloaded from the public cloud, the file is in a second level; if the file is requested to be read/downloaded from the private cloud, the file is in three levels;
the primary identity authentication submodule is used for acquiring a user pseudo ID, judging whether the pre-registration information of the user is matched with the acquired pseudo ID, if so, passing the authentication and granting the user the right to read the file from the public cloud; otherwise, rejecting the user request;
the secondary identity authentication sub-module is used for acquiring the biological characteristics of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics of the user or not, if so, passing the authentication and granting the user the authority to download the file from the public cloud; otherwise, rejecting the user request;
the third-level identity authentication sub-module is used for acquiring the biological characteristics and the verification codes of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics or not, if the pre-registration information of the user is matched with the acquired biological characteristics and the verification codes are consistent, passing the authentication and granting the user the authority to read/download files from the private cloud user; otherwise, the user request is denied.
A third aspect of the invention provides a memory storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform a method according to any of the methods described previously.
A fourth aspect of the invention provides an apparatus comprising,
one or more processors, memory, and one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing any of the foregoing methods.
The invention has the beneficial effects that:
the invention provides a multistage safety authentication method for an electric power regulation and control terminal, which is used for solving the problems of high energy consumption and insecurity in electric power service data transmission.
Drawings
Fig. 1 is a multi-level security authentication system architecture of an electric power regulation and control terminal according to an embodiment of the present invention;
fig. 2 is a flow of a multistage security authentication method for an electric power regulation and control terminal according to an embodiment of the present invention;
fig. 3 is an example of SM4 algorithm in an embodiment of the present invention;
fig. 4 is a schematic diagram of a multi-level identity authentication system according to an embodiment of the present invention.
Detailed Description
The invention is further described below. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.
Example 1
The embodiment provides a multistage security authentication method for a power regulation and control terminal, which comprises the following steps:
classifying the service data of the power terminal into sensitive data and non-sensitive data;
respectively encrypting and storing sensitive data and non-sensitive data;
and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
In this embodiment, the service data of the power terminal is classified into sensitive data and non-sensitive data by the convolutional neural network training data classification model.
In the embodiment, sensitive data is encrypted by using an SM4 algorithm, and a key is updated regularly by combining an asymmetric RSA encryption algorithm, so that tampering and stealing behaviors in the data transmission process are prevented.
In this embodiment, the encrypted data is stored in the public cloud through the gateway device.
Example 2
The embodiment provides a multistage security authentication method for a power regulation and control terminal, referring to fig. 2, including:
(1) Acquiring and preprocessing service data of the power terminal;
(2) Constructing a convolutional neural network data classification model, and automatically dividing the acquired power terminal service data into sensitive data and non-sensitive data by adopting the model;
(3) Encrypting the sensitive data by using an SM4 symmetric encryption algorithm;
(4) For non-sensitive data, a lightweight stream encryption scheme key is created for encryption;
(5) Carrying out cloud storage on the encrypted data;
(6) And acquiring the required data by adopting a multi-stage identity authentication mode.
In step (1) of this embodiment, the preprocessing the data includes:
the data were normalized as follows:
Figure BDA0003733342430000061
wherein, X ij And the ith power terminal data characteristics acquired in the time interval j are represented, and the power terminal data characteristics comprise acquired data, operation state data, user power utilization data and the like. E (X) i ) Mathematical expectation for the ith power terminal data characteristic, S i Is the characteristic standard deviation, Z, of the ith power terminal data ij Is X ij The values are normalized.
The classification data was labeled Lable,0,1.
In step (2) of this embodiment, a convolutional neural network data classification model is constructed, which specifically includes:
acquiring a large amount of electric power terminal service data, classifying the data into sensitive data and non-sensitive data according to data characteristics, carrying out standardized processing on the two types of data, setting a classification label Lable, and labeling the sensitive data and the non-sensitive data by adopting Lable with different values;
in this embodiment, let 0 be non-sensitive data, and let 1 be sensitive data;
taking 80% of the data sets of the two types of data with the classification labels as training sets, inputting the training sets into a convolutional neural network training classification model, and testing the 20% of the data sets;
regression processing output y 'by using a Softmax function, wherein y' corresponds to the output probability of the marker 0,1;
judging the error between the actual output and the expected output by adopting a cross entropy loss function;
and continuously training to obtain a trained convolutional neural network data classification model.
In step (3) of this embodiment, the SM4 symmetric encryption algorithm is used to encrypt the sensitive data, and the specific implementation process is as follows with reference to fig. 3:
the original data and the encrypted data are averagely divided into 128 bits and four parts, 32 rounds of nonlinear iteration are adopted, and the last time, the reverse order transformation is carried out, and the ciphertext is output.
In the encryption and decryption processes, the keys are consistent, the data packets and the key lengths of the plaintext and the ciphertext are 128 bits, and the encryption algorithm and the key expansion algorithm both adopt 32-round nonlinear iteration structures.
Let the plaintext input be
Figure BDA0003733342430000071
The ciphertext is output as
Figure BDA0003733342430000072
The round key is
Figure BDA0003733342430000073
X i Is a plaintext input and is made up of consecutive bytes of length 4 bytes.
The cryptographic transformation is: x i+4 =F(X i ,X i+1 ,X i+2 ,X i+3 ,rk i ),
And (3) outputting a ciphertext: (Y) 0 ,Y 1 ,Y 2 ,Y 3 )=R(X 32 ,X 33 ,X 34 ,X 35 ,)=(X 35 ,X 34 ,X 33 ,X 32 ) Wherein, R is the inversion operation.
In a preferred embodiment, in the SM4 encryption process, the key is updated regularly by adopting an RSA asymmetric encryption algorithm, so that the data transmission security level is improved.
In step (4) of this embodiment, a lightweight stream encryption scheme key is created for non-sensitive data to be encrypted, and the specific implementation process is as follows:
the secret Key consists of an equipment ID and an equipment secret value Key, wherein the equipment ID is a unique identification code, and the equipment secret value Key is a string of characters uniformly generated by a data decryption party. Device refers to a device that collects non-sensitive data.
H is obtained by Hash operation of different combination modes of equipment ID and equipment secret value Key 1 And h 2 And pass through h 1 And h 2 XOR is carried out to obtain an initial vector IV;
Figure BDA0003733342430000074
the encryptor passes the key stream K i And the plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i And transmitting a ciphertext stream C i The specific encryption algorithm formula is as follows:
Figure BDA0003733342430000075
wherein the key stream
Figure BDA0003733342430000081
Is divided into two cases:
(a) When i =1, it indicates that the data encryptor first sends a message to the data decryptor, and then takes C 0 = Hash (IV) and M 0 = IV, get key stream
Figure BDA0003733342430000082
(b) When i is more than 1, the device data encryptor sends a message to the data decryptor for the first time, and the ciphertext stream C sent last time is taken i-1 And a plaintext stream M i-1 Obtaining a key stream K through operation i
In this embodiment, the acquiring of the required data by using the multi-level identity authentication method, as shown in fig. 4, includes:
judging the user request level:
if the file is requested to be read from the public cloud, the file is the first level, user identity authentication is carried out in a first level identity authentication mode, and the user is granted the right to read the file from the public cloud after the authentication is passed;
if the file is requested to be downloaded from the public cloud, the file is subjected to secondary authentication, user identity authentication is carried out in a secondary identity authentication mode, and the user is granted the authority to download the file from the public cloud after the authentication is passed;
and if the file is requested to be read/downloaded from the private cloud, the authentication is carried out in a three-level manner, the user identity authentication is carried out in a three-level identity authentication manner, and the user is granted the right to read/download the file from the private cloud after the authentication is passed.
The first-level identity authentication mode is that the user sends a pseudo ID to the trust authority, and the trust authority judges whether the pre-registration information of the user is matched with the provided pseudo ID information. If the matching is successful, the authentication is passed;
the second-level identity authentication mode is that the user sends the biological characteristics to the trust authority, and the trust authority judges whether the pre-registration information of the user is matched with the provided biological characteristic information. If the matching is successful, the authentication is successful;
the third-level identity authentication mode is that the user sends a certificate to the trust authority, the certificate comprises biological characteristics and a verification code, the trust authority judges whether the pre-registration information of the user is matched with the acquired biological characteristics, and if the pre-registration information of the user is matched with the acquired biological characteristics and the verification code is consistent, the authentication is passed.
In this embodiment, the user biometric feature is a fingerprint.
Example 3
The embodiment provides a multistage safety certification system of power regulation and control terminal, refer to fig. 1, including:
a data classification system: the data processing device is used for dividing the service data of the power terminal into sensitive data and non-sensitive data;
sensitive data encryption system: for encrypting the sensitive data;
non-sensitive data encryption system: for encrypting non-sensitive data;
the multi-stage identity authentication system comprises: and the system is used for providing a multi-level identity authentication mode and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
In this embodiment, the data classification system is configured to construct a convolutional neural network data classification model, and classify service data of the power terminal into sensitive data and non-sensitive data.
In this embodiment, the data classification system is specifically configured to,
acquiring a large amount of electric power terminal service data, classifying the data into sensitive data and non-sensitive data according to data characteristics, standardizing the two types of data, setting a classification label Lable, and labeling the sensitive data and the non-sensitive data by adopting Lable with different values;
in this embodiment, let 0 be non-sensitive data, and let 1 be sensitive data;
taking 80% of the data sets of the two types of data with the classification labels as training sets, inputting the training sets into a convolutional neural network training classification model, and testing the 20% of the data sets;
regression processing output y 'by using a Softmax function, wherein y' corresponds to the output probability of the marker 0,1;
judging the error between the actual output and the expected output by adopting a cross entropy loss function;
and continuously training to obtain a trained convolutional neural network data classification model.
In this embodiment, the sensitive data encryption system is configured to encrypt the sensitive data by using an SM4 symmetric encryption algorithm.
In this embodiment, the sensitive data encryption system is further configured to, in the SM4 encryption process, update the key at regular time by using the RSA asymmetric encryption algorithm to improve the data transmission security level.
In this embodiment, the non-sensitive data encryption system is used to,
for non-sensitive data, converting a time stamp into characters by using HASH coding, and marking the data;
creating a lightweight encryption scheme to generate a Key, wherein the Key consists of an equipment ID and an equipment secret value Key, the equipment ID is a unique identification code, and the equipment secret value Key is a string of characters uniformly generated by a data decryption party;
by pairing key streams K i Hash value and plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i And transmitting a ciphertext stream C i The encryption algorithm formula is as follows:
Figure BDA0003733342430000091
wherein the key stream
Figure BDA0003733342430000092
The generation of (c) is divided into two cases:
(a) When i =1, it indicates that the data encryptor sends the message to the data decryptor for the first time, and then takes C 0 = Hash (IV) and M 0 = IV, get key stream
Figure BDA0003733342430000093
(b) When i is more than 1, the device data encryptor sends a message to the data decryptor for the first time, and the ciphertext stream C sent last time is taken i-1 And a plaintext stream M i-1 Obtaining a key stream K through operation i
Wherein the content of the first and second substances,
h is obtained by Hash operation of different combination modes of equipment ID and equipment secret value Key 1 And h 2 And through h 1 And h 2 XOR is carried out to obtain an initial vector IV;
Figure BDA0003733342430000101
in this embodiment, the multi-stage identity authentication system includes:
the registration module is used for acquiring registration information of the user, wherein the registration information comprises a user ID/password and biological characteristics; and providing each user with a pseudo-ID;
the judging module is used for judging the user request level: if the file is requested to be read from the public cloud, the file is the first level; if the file is requested to be downloaded from the public cloud, the file is in a second level; if the file is requested to be read/downloaded from the private cloud, the file is in three levels;
the primary identity authentication submodule is used for acquiring a user pseudo ID, judging whether the pre-registration information of the user is matched with the acquired pseudo ID, if so, passing the authentication and granting the user the right to read the file from the public cloud; otherwise, rejecting the user request;
the secondary identity authentication sub-module is used for acquiring the biological characteristics of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics of the user or not, if so, passing the authentication and granting the user the authority to download the file from the public cloud; otherwise, rejecting the user request;
the third-level identity authentication sub-module is used for acquiring the biological characteristics and the verification codes of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics or not, if the pre-registration information of the user is matched with the acquired biological characteristics and the verification codes are consistent, passing the authentication and granting the user the authority to read/download files from the private cloud user; otherwise, the user request is denied.
Example 4
The present embodiment provides a memory storing one or more programs, the one or more programs including instructions, which when executed by a computing device, cause the computing device to perform any one of the power regulation and control terminal multi-level security authentication methods according to embodiment 1 or embodiment 2.
Example 5
The present embodiment provides an apparatus comprising one or more processors, memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing any one of the power regulation terminal multi-level security authentication methods according to embodiment 1 or embodiment 2.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (17)

1. A multi-stage security authentication method for a power regulation and control terminal is characterized by comprising the following steps:
classifying the service data of the power terminal into sensitive data and non-sensitive data;
respectively encrypting and storing sensitive data and non-sensitive data;
and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
2. The multi-stage security authentication method for the power regulation and control terminal according to claim 1, wherein the classifying the service data of the power terminal into sensitive data and non-sensitive data comprises:
and classifying the service data of the power terminal into sensitive data and non-sensitive data by adopting a pre-constructed convolutional neural network data classification model.
3. The multi-stage security authentication method for the power regulation and control terminal as claimed in claim 2, wherein the convolutional neural network data classification model is constructed as follows:
acquiring historical electric power terminal service data, classifying the data according to data characteristics, and dividing the data into sensitive data and non-sensitive data;
standardizing the two types of data, setting a classification label Lable, and marking sensitive data and non-sensitive data by adopting Lable with different values;
and (4) taking 80% of the data set of the two types of data with the classification labels as a training set, and inputting the data set into the convolutional neural network for training to obtain a convolutional neural network data classification model.
4. The multi-stage security certification method for the power regulation terminal as claimed in claim 3, wherein in the training process of the convolutional neural network data classification model, a cross entropy loss function is adopted to judge the error between the actual output and the expected output, and the parameters of the convolutional neural network are optimized and updated.
5. The multi-stage security authentication method for the power regulation and control terminal according to claim 1, wherein encrypting and storing sensitive data comprises:
and encrypting and storing the sensitive data by adopting an SM4 symmetric encryption algorithm.
6. The multi-stage security authentication method for the power regulation and control terminal according to claim 1, wherein encrypting and storing non-sensitive data comprises:
for key stream K i And the plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i The encryption is calculated as follows:
Figure FDA0003733342420000011
wherein, K i A key stream for encrypting the ith transmission data for the data encryptor, C i A cipher text stream obtained by encrypting the ith transmission data for the data encryptor, C i-1 For the ciphertext stream sent i-1 th time by the data encryptor, hash () represents a Hash operation,
Figure FDA0003733342420000025
representing an exclusive OR operation, M i For the i-th transmitted plaintext stream of the data encryptor, M i-1 The plaintext stream is sent by the data encryptor for the (i-1) th time, and Key is an equipment secret value of the data encryptor;
keystream
Figure FDA0003733342420000021
Is generated as follows:
when i =1, take C 0 = Hash (IV) and M 0 = IV, get keystream:
Figure FDA0003733342420000022
wherein IV is an initial vector;
when the value of i is greater than 1,
Figure FDA0003733342420000023
7. the multi-stage security authentication method for the power regulation and control terminal according to claim 6, wherein the initial vector IV is calculated as follows:
Figure FDA0003733342420000024
wherein h is 1 And h 2 Obtaining the ID of the data encryptor equipment and the secret value Key of the equipment through Hash operation in different combination modes;
the device secret value Key is a string of characters uniformly generated by a data decryptor.
8. The multi-stage security authentication method for the power regulation and control terminal according to claim 1, wherein sensitive data and non-sensitive data are stored as follows:
and storing the encrypted data in the public cloud through the gateway device.
9. The multi-stage security authentication method for the power regulation and control terminal according to claim 8, wherein the identity authentication according to the request level of the stored encrypted data by adopting a corresponding identity authentication mode comprises:
judging the user request level:
if the file is requested to be read from the public cloud, the file is of a first level, user identity authentication is carried out in a first level identity authentication mode, and the user is granted the right to read the file from the public cloud after the authentication is passed;
if the file is requested to be downloaded from the public cloud, the file is of a second level, user identity authentication is carried out in a second level identity authentication mode, and the user is granted the authority to download the file from the public cloud after the authentication is passed;
and if the file is requested to be read/downloaded from the private cloud, the file is subjected to three-level authentication, the user identity authentication is carried out in a three-level identity authentication mode, and the user is granted the right to read/download the file from the private cloud after the authentication is passed.
10. The multi-stage security authentication method for the power conditioning terminal according to claim 9,
the primary identity authentication mode is as follows: acquiring a user pseudo ID, judging whether the pre-registration information of the user is matched with the acquired pseudo ID, and if so, passing the authentication;
the secondary identity authentication mode is as follows: acquiring the biological characteristics of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics of the user, and if so, passing the authentication;
the three-level identity authentication mode is as follows: and acquiring the biological characteristics and the verification code of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics, and if the pre-registration information of the user is matched with the acquired biological characteristics and the verification code is consistent, passing the authentication.
11. The utility model provides a multistage safety certification system of electric power regulation and control terminal which characterized in that includes:
the data classification system is used for classifying the service data of the power terminal into sensitive data and non-sensitive data;
the sensitive data encryption system is used for encrypting the sensitive data;
the non-sensitive data encryption system is used for encrypting the non-sensitive data;
and the multi-stage identity authentication system is used for providing a multi-stage identity authentication mode and performing identity authentication by adopting a corresponding identity authentication mode according to the request level of the stored encrypted data.
12. The multi-stage security certification system for the power regulation terminal according to claim 11, wherein the data classification system is specifically configured to,
and constructing a convolutional neural network data classification model, and dividing the service data of the power terminal into sensitive data and non-sensitive data.
13. The multi-stage security authentication system for the power regulation terminal according to claim 11, wherein the sensitive data encryption system is specifically configured to,
and encrypting the sensitive data by adopting an SM4 symmetric encryption algorithm.
14. The multi-stage security authentication system for the power regulation terminal as claimed in claim 11, wherein the non-sensitive data encryption system is specifically configured to,
the encryption is carried out in the following way to obtain a ciphertext flow:
for key stream K i Hash value and plaintext stream M i Carrying out XOR operation encryption to obtain ciphertext stream C i The encryption is calculated as follows:
Figure FDA0003733342420000031
wherein, K i Keystream for encrypting ith transmission data for data encryptor, C i A ciphertext stream obtained by encrypting the ith transmission data for a data encryptor, C i-1 For the ciphertext stream sent i-1 th time by the data encryptor, hash () represents a Hash operation,
Figure FDA0003733342420000032
representing an exclusive OR operation, M i For the i-th transmitted plaintext stream of the data encryptor, M i-1 The plaintext stream is sent by the data encryptor for the (i-1) th time, and Key is an equipment secret value of the data encryptor;
keystream
Figure FDA0003733342420000041
Is generated as follows:
when i =1, take C 0 = Hash (IV) and M 0 = IV, get keystream
Figure FDA0003733342420000042
Wherein IV is an initial vector;
when the value of i is greater than 1,
Figure FDA0003733342420000043
the initial vector IV is calculated as follows:
Figure FDA0003733342420000044
wherein h is 1 And h 2 Obtaining the ID of the data encryptor and the secret value Key of the equipment through Hash operation in different combination modes;
the device secret value Key is a string of characters uniformly generated by a data decryptor.
15. The multi-stage security authentication system for the power conditioning terminal according to claim 11, wherein the multi-stage identity authentication system comprises:
the registration module is used for acquiring registration information of the user, wherein the registration information comprises a user ID/password and biological characteristics; and providing each user with a pseudo-ID;
the judging module is used for judging the user request level: if the file is requested to be read from the public cloud, the file is the first level; if the file is requested to be downloaded from the public cloud, the file is in a second level; if the file is requested to be read/downloaded from the private cloud, the file is in three levels;
the primary identity authentication submodule is used for acquiring a user pseudo ID, judging whether the pre-registration information of the user is matched with the acquired pseudo ID, if so, passing the authentication and granting the user the right to read the file from the public cloud; otherwise, rejecting the user request;
the secondary identity authentication sub-module is used for acquiring the biological characteristics of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics of the user or not, if so, passing the authentication and granting the user the authority to download the file from the public cloud; otherwise, rejecting the user request;
the third-level identity authentication sub-module is used for acquiring the biological characteristics and the verification codes of the user, judging whether the pre-registration information of the user is matched with the acquired biological characteristics or not, if the pre-registration information of the user is matched with the acquired biological characteristics and the verification codes are consistent, passing the authentication and granting the user the authority to read/download files from the private cloud user; otherwise, the user request is denied.
16. A memory storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform any of the methods of claims 1-10.
17. An apparatus, comprising,
one or more processors, memory, and one or more programs stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing any of the methods of claims 1-10.
CN202210789608.1A 2022-07-06 2022-07-06 Multi-level security authentication method and system for power regulation and control terminal, memory and equipment Pending CN115314889A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210789608.1A CN115314889A (en) 2022-07-06 2022-07-06 Multi-level security authentication method and system for power regulation and control terminal, memory and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210789608.1A CN115314889A (en) 2022-07-06 2022-07-06 Multi-level security authentication method and system for power regulation and control terminal, memory and equipment

Publications (1)

Publication Number Publication Date
CN115314889A true CN115314889A (en) 2022-11-08

Family

ID=83857072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210789608.1A Pending CN115314889A (en) 2022-07-06 2022-07-06 Multi-level security authentication method and system for power regulation and control terminal, memory and equipment

Country Status (1)

Country Link
CN (1) CN115314889A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115589586A (en) * 2022-12-12 2023-01-10 中建照明有限公司 Power distribution 5G communication encryption system and communication encryption method based on Internet of things
CN116033295A (en) * 2022-11-11 2023-04-28 国家电网有限公司 Communication processing system based on electric power mobile operation terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116033295A (en) * 2022-11-11 2023-04-28 国家电网有限公司 Communication processing system based on electric power mobile operation terminal
CN116033295B (en) * 2022-11-11 2023-12-29 国家电网有限公司 Communication processing system based on electric power mobile operation terminal
CN115589586A (en) * 2022-12-12 2023-01-10 中建照明有限公司 Power distribution 5G communication encryption system and communication encryption method based on Internet of things

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
CN100536393C (en) Secret shared key mechanism based user management method
CN109559122A (en) Block chain data transmission method and block chain data transmission system
CN115314889A (en) Multi-level security authentication method and system for power regulation and control terminal, memory and equipment
CN112543187B (en) Industrial Internet of things safety data sharing method based on edge block chain
WO2010099603A1 (en) Split key secure access system
CN105743645A (en) PUF (Physical Unclonable Function)-based stream key generation device and method and data encryption and decryption method
CN113489591B (en) Traceable comparison attribute encryption method based on multiple authorization centers
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN109754322A (en) A kind of data service system
CN115037556A (en) Authorized sharing method for encrypted data in smart city system
CN113079177B (en) Remote sensing data sharing method based on time and decryption frequency limitation
CN110661816B (en) Cross-domain authentication method based on block chain and electronic equipment
CN112398861B (en) Encryption system and method for sensitive data in web configuration system
Abiega-L’Eglisse et al. A New Fuzzy Vault based Biometric System robust to Brute-Force Attack
CN112423295B (en) Lightweight security authentication method and system based on block chain technology
Qader et al. A new algorithm for implementing message authentication and integrity in software implementations
Chen et al. Privacy-Preserving Anomaly Detection of Encrypted Smart Contract for Blockchain-Based Data Trading
CN114726503A (en) Privacy protection data subscription method in block chain Internet of vehicles
Libed et al. Enhancing MD5 Collision Susceptibility
CN114172710B (en) Data decryption method, device, equipment and storage medium
Touil et al. Efficient Braille Transformation for Secure Password Hashing
CN117896079B (en) Efficient authentication method based on PUF and revocable biological characteristics
CN104022871B (en) Encryption method based on symmetrical expression
Sharfuddin et al. A Novel Cryptographic Technique for Cloud Environment Based on Feedback DNA

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination