CN116346415A - Multi-factor login authentication method and device for industrial control PLC system and PLC system - Google Patents
Multi-factor login authentication method and device for industrial control PLC system and PLC system Download PDFInfo
- Publication number
- CN116346415A CN116346415A CN202310144551.4A CN202310144551A CN116346415A CN 116346415 A CN116346415 A CN 116346415A CN 202310144551 A CN202310144551 A CN 202310144551A CN 116346415 A CN116346415 A CN 116346415A
- Authority
- CN
- China
- Prior art keywords
- password
- user name
- upper computer
- hardware
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 19
- 238000004891 communication Methods 0.000 claims abstract description 6
- 238000004458 analytical method Methods 0.000 claims abstract description 5
- 238000003860 storage Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 abstract description 10
- 230000006399 behavior Effects 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009931 harmful effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/058—Safety, monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses a multi-factor login authentication method of an industrial control PLC system, which comprises the following steps: acquiring a login request of an upper computer; the login request comprises a user name, a password and hardware identity tag information; the corresponding public key is obtained to analyze the login request, and the user name, the password and the hardware identity tag information obtained by analysis are authenticated; under the condition that the user name, the password and the hardware identity tag information pass the authentication, generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule, and sending the challenge code to an upper computer; generating a verification password based on the user name, the random factor and a preset one-way hash function, and carrying out password authentication on the verification password and a dynamic password sent by an upper computer; and allowing the upper computer to log in and perform data communication when the password authentication is passed. The method can effectively solve the problem that illegal external factors execute illegal monitoring, acquisition, control and other dangerous behaviors on the PLC control system through the fake identity.
Description
Technical Field
The invention belongs to the technical field of industrial control, and particularly relates to a multi-factor login authentication method and device of an industrial control PLC system, computer equipment, a storage medium and the PLC system.
Background
Typical application behaviors of the industrial control PLC system include control logic configuration downloading, logic program debugging, real-time data acquisition and the like. The precondition of the operation is that the upper computer software uses legal user name and password to log in the lower computer PLC, and after the lower computer PLC logs in the account authentication, the lower computer PLC can perform the subsequent operation as described above.
With the rapid development of new generation information technologies such as industrial internet and cloud computing, the security incident of industrial control PLC systems also has a rapid increasing trend. Account information is highly sensitive and private. When the account name password logged in the PLC is illegally acquired, external factors can perform illegal monitoring, acquisition, control and other dangerous behaviors on the PLC control system through the fake identity.
The traditional industrial control PLC system uses a single user name password to log in the PLC, so that the safety level is low. If the user name and password are obtained illegally, illegal external factors can impersonate the identity to perform illegal operation on the industrial control PLC system, and immeasurable damage is generated to the industrial control production field environment. The common multi-factor login authentication method is realized by short message verification codes, mails and the like. The method has poor timeliness and safety, is easy to intercept and is difficult to implement in industrial control production sites.
Disclosure of Invention
In order to solve the problems, the invention aims to provide a multi-factor login authentication method, a device, a computer device and a storage medium of an industrial control PLC system, which can effectively solve the problem that illegal external factors execute illegal monitoring, acquisition, control and other dangerous behaviors on the PLC control system through fake identities.
In order to achieve the above purpose, the technical scheme of the invention is as follows: a multi-factor login authentication method of an industrial control PLC system comprises the following steps: acquiring a login request of an upper computer; the login request comprises a user name, a password and hardware identity tag information, and the login request is encrypted by a preset private key and then sent to a lower computer PLC by an upper computer; the corresponding public key is obtained to analyze the login request, and the user name, the password and the hardware identity tag information obtained by analysis are authenticated; under the condition that the user name, the password and the hardware identity tag information pass the authentication, generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule, and sending the challenge code to an upper computer; generating a verification password based on the user name, the random factor and a preset one-way hash function, and carrying out password authentication on the verification password and a dynamic password sent by an upper computer; the dynamic password is generated by the upper computer based on a user name, a random factor and the preset one-way hash function which are sent by the lower computer PLC; and allowing the upper computer to log in and perform data communication when the password authentication is passed.
In a preferred embodiment of the present invention, before obtaining the login request of the upper computer, the method further includes: burning the hardware identity tag into a safety hardware module and safety hardware equipment of a lower computer PLC; the security hardware equipment is integrated in the upper computer or connected to the upper computer through a hardware interface.
In a preferred embodiment of the present invention, a plurality of sets of user names, passwords and hardware identity tag information with unique correspondence are burned in the secure hardware module of the lower computer PLC.
In a preferred embodiment of the present invention, the obtaining the random factor according to the preset rule further includes: and acquiring a login time stamp of the login request, and taking the login time stamp as the random factor.
In a preferred embodiment of the present invention, the generating the challenge code according to the preset algorithm based on the user name and the random factor acquired according to the preset rule further includes: acquiring a user name and a login time stamp of a current login request user; and calling a preset encryption algorithm to process the user name and the login time stamp to generate a challenge code.
In a preferred embodiment of the invention, the method further comprises: receiving newly-added authentication information written in by a preset program through a preset interface; extracting user name, password and hardware identity tag information in the newly-added authentication information; and writing the user name, the password and the hardware identity tag information into a safety hardware module of the lower computer PLC.
Based on the same conception, the invention also provides a multi-factor login authentication device of the industrial control PLC system, which comprises: the acquisition module is used for acquiring a login request of the upper computer; the login request comprises a user name, a password and hardware identity tag information, and the login request is encrypted by a preset private key and then sent to a lower computer PLC by an upper computer; the preliminary verification module is used for acquiring the corresponding public key to analyze the login request and authenticating the user name, the password and the hardware identity tag information acquired by analysis; the challenge code generation module is used for generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule and sending the challenge code to the upper computer under the condition that the user name, the password and the hardware identity tag information pass the authentication; the password authentication module is used for generating a verification password based on the user name, the random factor and a preset one-way hash function, and carrying out password authentication on the verification password and a dynamic password sent by an upper computer; the dynamic password is generated by the upper computer based on a user name, a random factor and the preset one-way hash function which are sent by the lower computer PLC; and allowing the upper computer to log in and perform data communication when the password authentication is passed.
Based on the same conception, the present invention also provides a computer device comprising: a memory for storing a processing program; and the processor is used for realizing the multi-factor login authentication method of the industrial control PLC system when executing the processing program.
Based on the same conception, the invention also provides a readable storage medium, wherein the readable storage medium stores a processing program, and the processing program realizes the multi-factor login authentication method of any one of the industrial control PLC systems when being executed by a processor.
Based on the same concept, the present invention also provides a PLC system including: the PLC system comprises a PLC system safety management platform, an upper computer, safety hardware equipment and a lower computer PLC, wherein the safety hardware equipment is used for being connected to the upper computer, the lower computer PLC is integrated with the safety hardware module, the PLC system safety management platform is used for making and issuing a user hardware identity label of the PLC system, the safety hardware module is used for storing verification information to verify the validity of the user identity, and the safety hardware equipment is used for providing safety storage, encryption and decryption and storage of the hardware identity label information.
By adopting the technical scheme, the invention has the following advantages and positive effects compared with the prior art:
1. according to the invention, by performing triple security authentication including user name password authentication, hardware identity tag and user binding authentication and dynamic password authentication on the upper computer requesting login, the harmful actions of illegal external factors such as illegal monitoring, acquisition, control and the like on the PLC control system through fake identities can be effectively solved.
2. In the process of dynamic password authentication, the current login time stamp dynamic factor is introduced, and different challenge codes are generated by the same user in each login, so that the security is higher. Meanwhile, the upper computer introduces a one-way hash function to generate a dynamic password when receiving the challenge code, so that reverse monitoring and cracking of illegal users can be avoided, and the safety is further improved.
Drawings
The invention is described in further detail below with reference to the attached drawing figures, wherein:
FIG. 1 is a diagram of an industrial control PLC system of the present invention;
fig. 2 is a flow chart of a multi-factor login authentication method of the industrial control PLC system according to the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the specific examples. Advantages and features of the invention will become more apparent from the following description and from the claims. It is noted that the drawings are in a very simplified form and utilize non-precise ratios, and are intended to facilitate a convenient, clear, description of the embodiments of the invention.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the present invention are merely used to explain the relative positional relationship, movement, etc. between the components in a particular posture (as shown in the drawings), and if the particular posture is changed, the directional indicator is changed accordingly.
As shown in fig. 1, the architecture diagram of the industrial control PLC system of the present invention. The industrial control PLC system comprises: the system comprises a PLC system safety management platform, an upper computer, safety hardware equipment connected to the upper computer and a lower computer PLC integrated with the safety hardware module. The PLC system safety management platform is mainly used for manufacturing and issuing the hardware identity tags of the PLC system users. The PLC system integrated with the safety hardware module is used for verifying the legitimacy of the user identity. The safety hardware device mainly provides the functions of safety storage, encryption and decryption, identity authentication and the like.
In the invention, the user name password authentication factor is input by an interface of the upper computer logic configuration software or the monitoring configuration software which initiates the login request. The hardware identity tag is applied to the PLC system safety management platform by a PLC system user, and the PLC system safety management platform burns the hardware identity tag into safety hardware equipment connected to an upper computer after making and issuing a user certificate. The hardware identity tag is bound with the user and can uniquely identify a legal user. Meanwhile, the safety hardware equipment provides a safety and credible storage function, so that the hardware identity tag can be ensured not to be stolen or tampered. And the dynamic password verification of the challenge-response mode based on the dynamic password asynchronous token technology principle is carried out by using a feature sequence obtained by the operation of a one-way hash function as a challenge code according to a user name carried in an upper computer software login request and a current login timestamp of a user by a lower computer PLC.
Preferably, in one embodiment, the secure hardware device may also be integrated with the host computer.
Preferably, the hardware security module may be composed of: the system comprises a trusted chip, an FPGA chip, a configuration chip, a PCI-E protocol chip, an SRAM chip, a clock chip, a power chip, a PCI-E interface and the like. The trusted chip is a trusted root of the upper computer and provides support of trusted measurement, trusted storage and the like for the upper computer.
Fig. 2 is a schematic flow chart of a multi-factor login authentication method of the industrial control PLC system according to the present invention. The login authentication flow is described below.
S1: when logic configuration software or monitoring configuration software of the upper computer initiates a login authentication request to the lower computer PLC, the configuration software firstly requires a user to input a user name and a password of a PLC system account at the client side of the upper computer.
S2: and acquiring a hardware identity tag stored in the security hardware equipment accessed on the upper computer.
S3: and calling the safety hardware equipment to carry out encryption operation by using the user name password and the hardware identity tag by using an upper computer private key to obtain a ciphertext which is used as a login request message and then sending the login request message to a lower computer PLC.
S4: and after receiving the login request message of the upper computer, the lower computer PLC calls the security hardware module to decrypt by using the public key of the upper computer. And matching the decrypted user name and password with account information of a local library, and transmitting the decrypted hardware identity tag into a security hardware module for authentication after the user name and password pass authentication. Specifically, the hardware identity tag is written into the safety hardware module through the PLC system safety management platform in advance,
s5: and after the user name password and the hardware identity tag pass authentication, the lower computer PLC calls the security hardware module to carry out encryption operation based on the user name and the current login time stamp to obtain a random challenge code. Because the dynamic factors of the user login time stamp are introduced in the generation of the challenge code, different challenge codes are generated by the same user in each login, and the security is high.
S6: and (3) using a lower computer PLC private key, calling a security hardware module to encrypt, and sending the ciphertext to a login requester (namely an upper computer).
S7: after the upper computer receives the response message of the lower computer PLC, the public key of the lower computer PLC is used for decryption, and the challenge code is obtained. And secondly, carrying out encryption operation on the challenge code by using a one-way hash function to obtain the dynamic password. And after the dynamic password is encrypted, the dynamic password is sent to a lower computer PLC.
In the process of dynamic password authentication, the current login time stamp dynamic factor is introduced, and different challenge codes are generated by the same user in each login, so that the security is higher. Meanwhile, the upper computer introduces a one-way hash function to generate a dynamic password when receiving the challenge code, so that reverse monitoring and cracking of illegal users can be avoided, and the safety is further improved.
S8: after receiving the dynamic password verification request, the lower computer PLC decrypts the dynamic password, uses the challenge code generated in S5 to carry out encryption operation by using the same one-way hash function as the upper computer software, and the obtained dynamic password is matched with the decrypted dynamic password sent by the upper computer, and if the matching is successful, the dynamic password asynchronous token authentication is successful. The whole multi-factor login authentication process is successful, and the upper computer and the lower computer PLC can safely carry out subsequent communication.
According to the invention, by performing triple security authentication including user name password authentication, hardware identity tag and user binding authentication and dynamic password authentication on the upper computer requesting login, the harmful actions of illegal external factors such as illegal monitoring, acquisition, control and the like on the PLC control system through fake identities can be effectively solved.
The user name password is used as a first basic authentication factor in the present invention. The PLC system safety management platform makes the issued user certificate as a hardware identity tag and binds the user certificate as a second enhanced authentication factor. Secondly, the PLC system and the upper computer software of the integrated safety hardware module are used as a third authentication factor for dynamic password verification of a challenge-response mode based on the dynamic password asynchronous token technology principle. The whole technical scheme has higher safety, and can effectively solve the problem that illegal external factors execute illegal monitoring, acquisition, control and other dangerous behaviors on the PLC control system through the fake identity.
Based on the same inventive concept, the present invention also provides a computer apparatus comprising: a memory for storing a processing program; and the processor is used for realizing the multi-factor login authentication method of any industrial control PLC system when executing the processing program.
Based on the same inventive concept, the invention further provides a readable storage medium, wherein a processing program is stored on the readable storage medium, and the processing program realizes the multi-factor login authentication method of any industrial control PLC system when being executed by a processor.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a removable storage device, a read only memory (ReadOnlyMemory, ROM), a magnetic or optical disk, or other various media capable of storing program code.
Based on the same concept, the present invention also provides a PLC system including: the PLC system comprises a PLC system safety management platform, an upper computer, safety hardware equipment and a lower computer PLC, wherein the safety hardware equipment is used for being connected to the upper computer, the lower computer PLC is integrated with the safety hardware module, the PLC system safety management platform is used for making and issuing a user hardware identity label of the PLC system, the safety hardware module is used for storing verification information to verify the validity of the user identity, and the safety hardware equipment is used for providing safety storage, encryption and decryption and storage of the hardware identity label information.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments. Even if various changes are made to the present invention, it is within the scope of the appended claims and their equivalents to fall within the scope of the invention.
Claims (10)
1. The multi-factor login authentication method of the industrial control PLC system is characterized by comprising the following steps of:
acquiring a login request of an upper computer; the login request comprises a user name, a password and hardware identity tag information, and the login request is encrypted by a preset private key and then sent to a lower computer PLC by an upper computer;
the corresponding public key is obtained to analyze the login request, and the user name, the password and the hardware identity tag information obtained by analysis are authenticated;
under the condition that the user name, the password and the hardware identity tag information pass the authentication, generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule, and sending the challenge code to an upper computer;
generating a verification password based on the user name, the random factor and a preset one-way hash function, and carrying out password authentication on the verification password and a dynamic password sent by an upper computer; the dynamic password is generated by the upper computer based on a user name, a random factor and the preset one-way hash function which are sent by the lower computer PLC;
and allowing the upper computer to log in and perform data communication when the password authentication is passed.
2. The multi-factor login authentication method of an industrial control PLC system according to claim 1, further comprising, before obtaining a login request of the host computer:
burning the hardware identity tag into a safety hardware module and safety hardware equipment of a lower computer PLC; the security hardware equipment is integrated in the upper computer or connected to the upper computer through a hardware interface.
3. The multi-factor login authentication method of the industrial control PLC system according to claim 2, wherein a plurality of groups of user names, passwords and hardware identity tag information with unique corresponding relations are burnt in a safety hardware module of the lower computer PLC.
4. The multi-factor login authentication method of an industrial control PLC system according to claim 1, wherein obtaining the random factor according to a preset rule further comprises:
and acquiring a login time stamp of the login request, and taking the login time stamp as the random factor.
5. The multi-factor login authentication method of an industrial control PLC system according to claim 4, wherein the generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule further comprises:
acquiring a user name and a login time stamp of a current login request user;
and calling a preset encryption algorithm to process the user name and the login time stamp to generate a challenge code.
6. The multi-factor login authentication method of an industrial control PLC system according to claim 1, further comprising:
receiving newly-added authentication information written in by a preset program through a preset interface;
extracting user name, password and hardware identity tag information in the newly-added authentication information;
and writing the user name, the password and the hardware identity tag information into a safety hardware module of the lower computer PLC.
7. The utility model provides an industrial control PLC system's multi-factor login authentication device which characterized in that includes:
the acquisition module is used for acquiring a login request of the upper computer; the login request comprises a user name, a password and hardware identity tag information, and the login request is encrypted by a preset private key and then sent to a lower computer PLC by an upper computer;
the preliminary verification module is used for acquiring the corresponding public key to analyze the login request and authenticating the user name, the password and the hardware identity tag information acquired by analysis;
the challenge code generation module is used for generating a challenge code according to a preset algorithm based on the user name and a random factor acquired according to a preset rule and sending the challenge code to the upper computer under the condition that the user name, the password and the hardware identity tag information pass the authentication;
the password authentication module is used for generating a verification password based on the user name, the random factor and a preset one-way hash function, and carrying out password authentication on the verification password and a dynamic password sent by an upper computer; the dynamic password is generated by the upper computer based on a user name, a random factor and the preset one-way hash function which are sent by the lower computer PLC; and allowing the upper computer to log in and perform data communication when the password authentication is passed.
8. A computer device, comprising:
a memory for storing a processing program;
a processor, when executing the processing program, implementing the multi-factor login authentication method of the industrial control PLC system according to any one of claims 1 to 6.
9. A readable storage medium, wherein a processing program is stored on the readable storage medium, and when the processing program is executed by a processor, the multi-factor login authentication method of the industrial control PLC system according to any one of claims 1 to 6 is implemented.
10. A PLC system, comprising: the PLC system comprises a PLC system safety management platform, an upper computer, safety hardware equipment and a lower computer PLC, wherein the safety hardware equipment is used for being connected to the upper computer, the lower computer PLC is integrated with the safety hardware module, the PLC system safety management platform is used for making and issuing a user hardware identity label of the PLC system, the safety hardware module is used for storing verification information to verify the validity of the user identity, and the safety hardware equipment is used for providing safety storage, encryption and decryption and storage of the hardware identity label information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310144551.4A CN116346415A (en) | 2023-02-21 | 2023-02-21 | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310144551.4A CN116346415A (en) | 2023-02-21 | 2023-02-21 | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116346415A true CN116346415A (en) | 2023-06-27 |
Family
ID=86879896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310144551.4A Pending CN116346415A (en) | 2023-02-21 | 2023-02-21 | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346415A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155704A (en) * | 2023-10-26 | 2023-12-01 | 西安热工研究院有限公司 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
-
2023
- 2023-02-21 CN CN202310144551.4A patent/CN116346415A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117155704A (en) * | 2023-10-26 | 2023-12-01 | 西安热工研究院有限公司 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
| CN117155704B (en) * | 2023-10-26 | 2024-01-16 | 西安热工研究院有限公司 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108092776B (en) | System based on identity authentication server and identity authentication token | |
| CN110493202B (en) | Login token generation and verification method and device and server | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| Todorov | Mechanics of user identification and authentication: Fundamentals of identity management | |
| CN104065652B (en) | A kind of auth method, device, system and relevant device | |
| CN106452772B (en) | Terminal authentication method and device | |
| KR20160138063A (en) | Techniques to operate a service with machine generated authentication tokens | |
| WO2015188424A1 (en) | Key storage device and method for using same | |
| CN109981287B (en) | Code signing method and storage medium thereof | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| CN110430065B (en) | Application service calling method, device and system | |
| US20110069839A1 (en) | Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method | |
| JP7309261B2 (en) | Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program | |
| CN109714176A (en) | Command identifying method, device and storage medium | |
| US10686771B2 (en) | User sign-in and authentication without passwords | |
| CN104426659A (en) | Dynamic password generating method, authentication method, authentication system and corresponding equipment | |
| Ghazizadeh et al. | Trusted computing strengthens cloud authentication | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| CN113515756B (en) | High-credibility digital identity management method and system based on block chain | |
| CN113010874A (en) | Login authentication method and device, electronic equipment and computer readable storage medium | |
| CN108712383A (en) | A kind of generation method and computer readable storage medium of offline secure Quick Response Code | |
| CN116346415A (en) | Multi-factor login authentication method and device for industrial control PLC system and PLC system | |
| CN101552671A (en) | Network identity authentication method based on U-disk and dynamic differential password and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |