CN116599770A - Practical training platform for commercial password application of industrial Internet - Google Patents
Practical training platform for commercial password application of industrial Internet Download PDFInfo
- Publication number
- CN116599770A CN116599770A CN202310860555.2A CN202310860555A CN116599770A CN 116599770 A CN116599770 A CN 116599770A CN 202310860555 A CN202310860555 A CN 202310860555A CN 116599770 A CN116599770 A CN 116599770A
- Authority
- CN
- China
- Prior art keywords
- data
- protection
- attack
- password
- scene
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012549 training Methods 0.000 title claims abstract description 86
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 238000004519 manufacturing process Methods 0.000 claims abstract description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 27
- 238000001514 detection method Methods 0.000 claims description 27
- 238000004364 calculation method Methods 0.000 claims description 26
- 238000012795 verification Methods 0.000 claims description 25
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 6
- 238000004088 simulation Methods 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 3
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09B—EDUCATIONAL OR DEMONSTRATION APPLIANCES; APPLIANCES FOR TEACHING, OR COMMUNICATING WITH, THE BLIND, DEAF OR MUTE; MODELS; PLANETARIA; GLOBES; MAPS; DIAGRAMS
- G09B9/00—Simulators for teaching or training purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Educational Technology (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an industrial Internet commercial password application practical training platform, which relates to the technical field of information security, and comprises the following operation steps: s1, three training scenes; s2, an industrial Internet video monitoring password training scene; s3, a production line quality monitoring password training scene; s4, a password training scene of the unmanned logistics warehouse; s5, a password service module. The practical training platform is applied to the commercial passwords of the industrial Internet, the practical training scene simulates an attacker to attack a risk point, shows the successful result of the attack, encrypts data through each commercial password to protect the data from being tampered and stolen, and is convenient for personnel to understand the commercial password technology based on the practical training scene because the practical training scene does not have any influence on the practical scene due to the fact that the practical training scene is simulated operation.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an industrial Internet commercial password application training platform.
Background
The industrial Internet password application training platform is used for simulating an industrial Internet commercial password application environment, pushing industrial Internet password application security assessment test, teaching exercise and exhibition display, and can display an industrial control scene basic environment, a digital certificate service password module, a security authentication password module, password basic service and other component modules, and can demonstrate information security guarantee effects of access security authentication, data transmission confidentiality protection and integrity protection through password technology.
The conventional industrial Internet password application training platform cannot directly show the importance of commercial password application when teaching and practicing, only can roughly show the commercial password application through the simulation result, and is inconvenient for learners to impress.
Accordingly, in view of the above, research and improvement are performed on the existing structure and the existing defects, and an industrial internet commercial password application training platform is provided.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an industrial Internet commercial password application training platform, which solves the problems in the background art.
In order to achieve the above purpose, the invention is realized by the following technical scheme: an industrial internet commercial password application training platform, which comprises the following operation steps:
s1, three training scenes:
after the front page of the practical training platform is opened, the front page of the practical training platform comprises three practical training scenes, wherein the three practical training scenes are respectively: the method comprises the steps of monitoring password training scenes through an industrial Internet video, monitoring password training scenes through production line quality, and monitoring password training scenes through an unmanned logistics warehouse;
s2, industrial Internet video monitoring password training scenes:
displaying an operation flow chart of an industrial Internet video monitoring password training scene after entering the scene, and displaying a red exclamation mark on a path or a node with potential safety hazard in the scene, wherein the red exclamation mark is a risk point;
in the attack scene, after any risk point is selected and an attack type is added, red alarm is displayed at the attacked node, a popup window displays a corresponding attack means, and a prompt is sent out and damage caused by the attack is displayed after the attack is successful;
in the protection scene, the corresponding attack type has the corresponding protection type, after any protection type is added, the attacked node displays a red alarm, a popup window displays a corresponding attack means, and attack failure and a protection result are displayed;
s3, production line quality monitoring password training scenes:
displaying an operation flow chart of the scene after entering a production line quality monitoring password training field, and displaying a red exclamation mark on a path or a node with potential safety hazard in the graph, wherein the red exclamation mark is a risk point;
the scene comprises an attack scene option and a protection scene option, wherein in the attack scene, the flow is consistent with that in the step S2, but the attack type comprises detection of data tampering attack, equipment instruction tampering attack and important data stealing attack;
in the protection scene, the corresponding attack type has the corresponding protection type, and the flow is consistent with the step S2, but the protection type comprises detection data tamper protection, equipment instruction tamper protection and important data theft protection;
in a protection scene, related password modules can be started for safety configuration through the password card, meanwhile, IP configuration can be carried out through SSL VPN, the password card equipment can start a software password module and a safety chip module, and the two modules can realize functions of digital certificate issue, data signature or signature verification, data hash calculation and encryption and decryption calculation;
s4, password training scenes of the unmanned logistics warehouse:
after entering an unmanned logistics warehouse password practical training scene, displaying an operation flow chart of the scene, and displaying a red exclamation mark on a path or a node with potential safety hazard in the scene, wherein the red exclamation mark is a risk point;
in the attack scene, the flow is consistent with the step S2, but the attack type comprises order data tampering attack, equipment instruction tampering attack and important data stealing attack;
in the protection scene, the corresponding attack type has the corresponding protection type, and the flow is consistent with the step S2, but the protection type comprises detection data tamper protection, equipment instruction tamper protection and important data theft protection;
detecting that the order data cannot be tampered by using a digital certificate for data tamper protection, preventing the equipment instruction tamper from being tampered by using a hash calculation protection equipment instruction, and preventing private data such as personal information from being stolen by using encryption and decryption calculation for important data steal protection;
s5, a password service module:
the front page of the practical training platform also comprises a password service module, wherein the password service module comprises three functions of algorithm verification, random number detection and commercial password CA simulation, and the algorithm verification comprises the following functions:
hash computation and HMAC computation, supporting SM3, MD5, SHA1, SHA256, SHA384 and SHA512;
symmetric encryption and decryption support encryption modes such as ECB, CBC and the like of SM4, AES-128, DES and 3 DES;
generating a key pair, and supporting SM2, RSA, ECC and symmetric key generation;
asymmetric encryption and decryption support SM2 and RSA encryption and decryption;
signature verification, namely supporting the signature verification of SM2, RSA and ECDSA algorithms;
coding and decoding, supporting coding and decoding conversion among original data, hexadecimal Hex, base64 coding and binary Bin;
the random number detection is used for detecting the randomness or confidentiality of the commercial passwords, and when the randomness detection is carried out, a random number file is required to be uploaded, and detection details can be checked in a page after the detection is completed;
commercial crypto CA emulation supports the generation of keys and digital certificates, issuing CSR certificate requests, issuing commercial crypto digital envelopes, and generating international certificates.
Further, in the step S2, the mouse is moved to a different red exclamation mark, and the hidden trouble represented by the red exclamation mark is displayed in a text description manner.
Further, in the step S2, all the red exclamation marks have unique numbers.
Further, in the step S2, the attack type includes a data theft attack, a data tampering attack and a device forgery attack, and the protection type includes a data theft protection, a data tampering protection and a device forgery protection, wherein the data theft protection uses a commercial password SM2 or SM3 to encrypt the SSL VPN gateway channel, the data tampering protection uses the commercial password SM2 or SM3 to sign the transmitted data, and the device forgery protection uses a digital certificate to realize the device identity authentication.
Further, in the step S3, the function of signing or verifying the signature needs to be implemented by completing the issuing of the digital certificate, the integrity of the detection data is protected by using the issuing of the digital certificate to prevent the data from being tampered, the data cannot be tampered by using the hash computation protection instruction data in the equipment instruction tampering protection, and the commercial important data cannot be stolen by using the encryption and decryption computation in the important data stealing protection.
Further, in the step S3, the key types supported by the digital certificate issuance include RSA 2048, SM2 and ECC, the required certificate type is selected and the certificate of the corresponding type can be generated by clicking the issued certificate, and the certificate key information is displayed in the page, the default signature text in the data signature or the signature verification is the device information, the data needing to be signed is input therein and the corresponding signature result can be generated by clicking the signature button on the right side, at this time, the operation of verifying the signature can be performed by clicking the signature verification button, and whether the signature is successfully verified or not can be prompted under the page.
Further, in the step S3, the algorithm types supported by the hash calculation include SM3, SHA1 and SHA256, where the message text for performing the hash calculation is also defaulted to be the device configuration information, and the data to be calculated is input therein and the right hash calculation button is clicked to generate the corresponding hash result.
In the step S3, the symmetric algorithm types supported by the encryption and decryption calculation include AES algorithm and SM4 algorithm, the original text to be calculated is default equipment configuration information, the required algorithm type is selected after the data to be encrypted or decrypted is input, then key information is input or a key generation button can be clicked to generate a key, and finally the data encryption button is clicked to generate a corresponding encryption result.
Furthermore, the industrial Internet commercial password application training platform is applied to the field of information security.
The invention provides an industrial Internet commercial password application training platform, which has the following beneficial effects:
the practical training platform for the commercial passwords of the industrial Internet establishes a practical training scene aiming at an industrial Internet video monitoring password scene, a production line quality monitoring password scene and an unmanned logistics warehouse password scene, the practical training scene simulates an attacker to attack a risk point, shows the successful result of the attack, encrypts data through each commercial password to protect the data from being tampered and stolen, and does not affect the practical scene due to the fact that the practical training scene does not affect the practical training for the simulation operation, so that the practical production is avoided, meanwhile, personnel can understand the commercial password technology based on the practical training scene to deepen the impression of the commercial passwords to facilitate the subsequent practical operation, and performs algorithm verification and generation on the commercial passwords through a password service module to replace the commercial passwords used by the protection type in the practical training scene.
Drawings
FIG. 1 is a schematic diagram of the overall operation flow of an industrial Internet commercial password application training platform.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings and examples. The following examples are illustrative of the invention but are not intended to limit the scope of the invention.
As shown in fig. 1, the present invention provides the following technical solutions: the industrial Internet commercial password application training platform comprises the following operation steps:
s1, three training scenes:
after the front page of the practical training platform is opened, the front page of the practical training platform comprises three practical training scenes, wherein the three practical training scenes are respectively: the method comprises the steps of monitoring password training scenes through an industrial Internet video, monitoring password training scenes through production line quality, and monitoring password training scenes through an unmanned logistics warehouse;
s2, industrial Internet video monitoring password training scenes:
after entering an industrial Internet video monitoring password training scene, displaying an operation flow chart of the scene, displaying red exclamation marks on paths or nodes with potential safety hazards in the scene, wherein the red exclamation marks are risk points, moving a mouse to different red exclamation marks, displaying hidden hazards represented by the red exclamation marks in a text description mode, and all the red exclamation marks have unique numbers;
in the attack scene, after any risk point is selected and an attack type is added, red alarm is displayed at the attacked node, a popup window displays a corresponding attack means, and a prompt is sent out and damage caused by the attack is displayed after the attack is successful;
in the protection scene, the corresponding attack type has the corresponding protection type, after any protection type is added, the attacked node displays a red alarm, a popup window displays a corresponding attack means, and attack failure and a protection result are displayed;
the attack type comprises data theft attack, data tampering attack and equipment counterfeiting attack, and the protection type comprises data theft protection, data tampering protection and equipment counterfeiting protection, wherein commercial passwords SM2 or SM3 are used for encrypting the SSL VPN gateway channel in the data theft protection, commercial passwords SM2 or SM3 are used for signature processing on transmitted data in the data tampering protection, and the equipment counterfeiting protection uses digital certificates for realizing equipment identity authentication;
s3, production line quality monitoring password training scenes:
displaying an operation flow chart of the scene after entering a production line quality monitoring password training field, and displaying a red exclamation mark on a path or a node with potential safety hazard in the graph, wherein the red exclamation mark is a risk point;
the scene comprises an attack scene option and a protection scene option, wherein in the attack scene, after any risk point is selected and an attack type is added, red alarm is displayed at the attacked node, a popup window appears to display a corresponding attack means, and prompt is sent out and damage caused by the attack is displayed after the attack is successful, wherein the attack type comprises detection data tampering attack, equipment instruction tampering attack and important data stealing attack;
in a protection scene, the corresponding attack type has the corresponding protection type, after any protection type is added, a red alarm is displayed at an attacked node, a popup window appears to display a corresponding attack means, and attack failure and protection results are displayed, wherein the protection type comprises detection data tampering protection, equipment instruction tampering protection and important data stealing protection;
in a protection scene, related password modules can be started for safety configuration through the password card, meanwhile, IP configuration can be carried out through SSL VPN, the password card equipment can start a software password module and a safety chip module, and the two modules can realize functions of digital certificate issue, data signature or signature verification, data hash calculation and encryption and decryption calculation;
the function of data signing or signature verification can be realized by completing digital certificate issuing firstly, the integrity of detection data is protected by using digital certificate issuing to prevent the data from being tampered, the device instruction tampering protection cannot tamper the instruction data by using hash calculation, and the important data stealing protection cannot steal the commercial important data by using encryption and decryption calculation.
The key types supported by digital certificate issuance comprise RSA 2048, SM2 and ECC, the required certificate types are selected, the issued certificates are clicked to generate certificates of corresponding types, certificate key information is displayed in a page, the default signature text in data signature or signature verification is equipment information, data needing to be signed is input into the equipment information, a corresponding signature result can be generated by clicking a signature button on the right side, at the moment, the signature verification button is clicked to perform signature verification operation, and whether the signature is successfully verified or not is prompted under the page.
The algorithm types supported by the hash calculation comprise SM3, SHA1 and SHA256, wherein message texts for the hash calculation are also defaulted into equipment configuration information, data needing to be calculated are input into the message texts, and a right hash calculation button is clicked to generate a corresponding hash result.
The symmetric algorithm types supported by encryption and decryption calculation comprise an AES algorithm and an SM4 algorithm, the original text to be calculated is equipment configuration information by default, the required algorithm type is selected after data needing to be encrypted or decrypted is input, then key information is input or a key generation button can be clicked to generate a key, and finally a data encryption button is clicked to generate a corresponding encryption result;
s4, password training scenes of the unmanned logistics warehouse:
after entering an unmanned logistics warehouse password practical training scene, displaying an operation flow chart of the scene, and displaying a red exclamation mark on a path or a node with potential safety hazard in the scene, wherein the red exclamation mark is a risk point;
in the attack scene, after any risk point is selected and an attack type is added, red alarm is displayed at the attacked node, a popup window displays a corresponding attack means, and prompts are sent out and damage caused by the attack is displayed after the attack is successful, wherein the attack type comprises order data falsification attack, equipment instruction falsification attack and important data stealing attack;
in a protection scene, the corresponding attack type has the corresponding protection type, after any protection type is added, a red alarm is displayed at an attacked node, a popup window appears to display a corresponding attack means, and attack failure and protection results are displayed, wherein the protection type comprises detection data tampering protection, equipment instruction tampering protection and important data stealing protection;
detecting that the order data cannot be tampered by using a digital certificate for data tamper protection, preventing the equipment instruction tamper from being tampered by using a hash calculation protection equipment instruction, and preventing private data such as personal information from being stolen by using encryption and decryption calculation for important data steal protection;
s5, a password service module:
the front page of the practical training platform also comprises a password service module, wherein the password service module comprises three functions of algorithm verification, random number detection and commercial password CA simulation, and the algorithm verification comprises the following functions:
hash computation and HMAC computation, supporting SM3, MD5, SHA1, SHA256, SHA384 and SHA512;
symmetric encryption and decryption support encryption modes such as ECB, CBC and the like of SM4, AES-128, DES and 3 DES;
generating a key pair, supporting SM2, RSA, ECC and symmetric key generation, and outputting to a PKCS8 format and a GM or T-0018 format;
asymmetric encryption and decryption support encryption and decryption of SM2 and RSA (PKCS 1_v1.5 and OAEP), and the key content is required to be in PKCS8 format or GM or T-0018 format;
signature verification, namely, supporting the signature verification of SM2, RSA (PKCS 1_v1.5, PSS) and ECDSA algorithms, wherein the key content is required to be in PKCS8 format or GM or T-0018 format;
the algorithm in the functions can be used for protecting data in attack protection;
coding and decoding, supporting coding and decoding conversion among original data (UTF characters), hexadecimal Hex, base64 coding and binary Bin;
the data to be encrypted or decrypted in algorithm verification is input in a 16-system code hex format, the operation result is output in the hex format, and the data format conversion can be carried out by using the functions of encoding and decoding before encryption and after decryption;
the random number detection is used for detecting the randomness or confidentiality of the commercial passwords, when the randomness detection is carried out, a random number file needs to be uploaded, the file size cannot be smaller than 3MB and larger than 2GB, and detection details can be checked in a page after the detection is completed;
commercial crypto CA emulation supports the generation of keys and digital certificates, issuing CSR certificate requests, issuing commercial crypto digital envelopes, and generating international certificates.
The industrial Internet commercial password application training platform is applied to the field of information security.
The embodiments of the invention have been presented for purposes of illustration and description, and are not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
Claims (9)
1. The utility model provides an industry internet commercial password application practical training platform which characterized in that: the industrial Internet commercial password application training platform comprises the following operation steps:
s1, three training scenes:
after the front page of the practical training platform is opened, the front page of the practical training platform comprises three practical training scenes, wherein the three practical training scenes are respectively: the method comprises the steps of monitoring password training scenes through an industrial Internet video, monitoring password training scenes through production line quality, and monitoring password training scenes through an unmanned logistics warehouse;
s2, industrial Internet video monitoring password training scenes:
displaying an operation flow chart of an industrial Internet video monitoring password training scene after entering the scene, and displaying a red exclamation mark on a path or a node with potential safety hazard in the scene, wherein the red exclamation mark is a risk point;
in the attack scene, after any risk point is selected and an attack type is added, red alarm is displayed at the attacked node, a popup window displays a corresponding attack means, and a prompt is sent out and damage caused by the attack is displayed after the attack is successful;
in the protection scene, the corresponding attack type has the corresponding protection type, after any protection type is added, the attacked node displays a red alarm, a popup window displays a corresponding attack means, and attack failure and a protection result are displayed;
s3, production line quality monitoring password training scenes:
displaying an operation flow chart of the scene after entering a production line quality monitoring password training field, and displaying a red exclamation mark on a path or a node with potential safety hazard in the graph, wherein the red exclamation mark is a risk point;
the scene comprises an attack scene option and a protection scene option, wherein in the attack scene, the flow is consistent with that in the step S2, but the attack type comprises detection of data tampering attack, equipment instruction tampering attack and important data stealing attack;
in the protection scene, the corresponding attack type has the corresponding protection type, and the flow is consistent with the step S2, but the protection type comprises detection data tamper protection, equipment instruction tamper protection and important data theft protection;
in a protection scene, related password modules can be started for safety configuration through the password card, meanwhile, IP configuration can be carried out through SSL VPN, the password card equipment can start a software password module and a safety chip module, and the two modules can realize functions of digital certificate issue, data signature or signature verification, data hash calculation and encryption and decryption calculation;
s4, password training scenes of the unmanned logistics warehouse:
after entering an unmanned logistics warehouse password practical training scene, displaying an operation flow chart of the scene, and displaying a red exclamation mark on a path or a node with potential safety hazard in the scene, wherein the red exclamation mark is a risk point;
in the attack scene, the flow is consistent with the step S2, but the attack type comprises order data tampering attack, equipment instruction tampering attack and important data stealing attack;
in the protection scene, the corresponding attack type has the corresponding protection type, and the flow is consistent with the step S2, but the protection type comprises detection data tamper protection, equipment instruction tamper protection and important data theft protection;
detecting that the order data cannot be tampered by using a digital certificate for data tamper protection, preventing the equipment instruction tamper from being tampered by using a hash calculation protection equipment instruction, and preventing private data such as personal information from being stolen by using encryption and decryption calculation for important data steal protection;
s5, a password service module:
the front page of the practical training platform also comprises a password service module, wherein the password service module comprises three functions of algorithm verification, random number detection and commercial password CA simulation, and the algorithm verification comprises the following functions:
hash computation and HMAC computation, supporting SM3, MD5, SHA1, SHA256, SHA384 and SHA512;
symmetric encryption and decryption support encryption modes such as ECB, CBC and the like of SM4, AES-128, DES and 3 DES;
generating a key pair, and supporting SM2, RSA, ECC and symmetric key generation;
asymmetric encryption and decryption support SM2 and RSA encryption and decryption;
signature verification, namely supporting the signature verification of SM2, RSA and ECDSA algorithms;
coding and decoding, supporting coding and decoding conversion among original data, hexadecimal Hex, base64 coding and binary Bin;
the random number detection is used for detecting the randomness or confidentiality of the commercial passwords, and when the randomness detection is carried out, a random number file is required to be uploaded, and detection details can be checked in a page after the detection is completed;
commercial crypto CA emulation supports the generation of keys and digital certificates, issuing CSR certificate requests, issuing commercial crypto digital envelopes, and generating international certificates.
2. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S2, the mouse is moved to a different red exclamation mark, and the hidden trouble represented by the red exclamation mark is displayed in a text description mode.
3. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S2, all the red exclamation marks have unique numbers.
4. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S2, the attack types include data theft attack, data tampering attack and device forgery attack, and the protection types include data theft protection, data tampering protection and device forgery protection, wherein the commercial password SM2 or SM3 is used for encrypting the SSL VPN gateway channel in the data theft protection, the commercial password SM2 or SM3 is used for signature processing on the transmitted data in the data tampering protection, and the device forgery protection uses a digital certificate for realizing device identity authentication.
5. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S3, the function of signing or verifying the signature of the data can be achieved by completing the issuing of the digital certificate, the integrity of the detection data is protected by using the issuing of the digital certificate to prevent the data from being tampered, the data cannot be tampered by using the hash computation protection instruction data in the equipment instruction tampering protection, and the commercial important data cannot be stolen by using the encryption and decryption computation in the important data stealing protection.
6. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S3, the key types supported by digital certificate issuance include RSA 2048, SM2 and ECC, the required certificate type is selected and the issued certificate is clicked to generate the certificate of the corresponding type and the certificate key information is displayed in the page, the default signature text in the data signature or the signature verification is the device information, the data needing to be signed is input into the device information, the corresponding signature result can be generated by clicking the signature button on the right side, at this time, the operation of verifying the signature can be performed by clicking the signature verification button, and whether the signature is successfully verified or not is prompted under the page.
7. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S3, the algorithm types supported by the hash calculation include SM3, SHA1 and SHA256, where the message text for performing the hash calculation is also defaulted to be the device configuration information, and the data to be calculated is input therein and the right hash calculation button is clicked to generate the corresponding hash result.
8. The industrial internet commercial cryptography application training platform of claim 1, wherein: in the step S3, the symmetric algorithm types supported by encryption and decryption calculation include AES algorithm and SM4 algorithm, the original text to be calculated is default equipment configuration information, the required algorithm type is selected after the data to be encrypted or decrypted is input, then key information is input or a key generation button can be clicked to generate a key, and finally the data encryption button is clicked to generate a corresponding encryption result.
9. An industrial internet commercial cryptography application training platform according to any of claims 1-8, wherein: the industrial Internet commercial password application training platform is applied to the field of information security.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310860555.2A CN116599770B (en) | 2023-07-14 | 2023-07-14 | Operation method of industrial Internet commercial password application practical training platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310860555.2A CN116599770B (en) | 2023-07-14 | 2023-07-14 | Operation method of industrial Internet commercial password application practical training platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116599770A true CN116599770A (en) | 2023-08-15 |
CN116599770B CN116599770B (en) | 2023-10-10 |
Family
ID=87594082
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310860555.2A Active CN116599770B (en) | 2023-07-14 | 2023-07-14 | Operation method of industrial Internet commercial password application practical training platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116599770B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190339688A1 (en) * | 2016-05-09 | 2019-11-07 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things |
CN113810489A (en) * | 2021-09-14 | 2021-12-17 | 广东三水合肥工业大学研究院 | Industrial internet control system and method |
CN113986843A (en) * | 2021-11-02 | 2022-01-28 | 青岛海尔工业智能研究院有限公司 | Data risk early warning processing method and device and electronic equipment |
CN115021989A (en) * | 2022-05-25 | 2022-09-06 | 国家工业信息安全发展研究中心 | Mutual trust and mutual recognition method and system for industrial internet heterogeneous identification analysis system |
-
2023
- 2023-07-14 CN CN202310860555.2A patent/CN116599770B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190339688A1 (en) * | 2016-05-09 | 2019-11-07 | Strong Force Iot Portfolio 2016, Llc | Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things |
CN113810489A (en) * | 2021-09-14 | 2021-12-17 | 广东三水合肥工业大学研究院 | Industrial internet control system and method |
CN113986843A (en) * | 2021-11-02 | 2022-01-28 | 青岛海尔工业智能研究院有限公司 | Data risk early warning processing method and device and electronic equipment |
CN115021989A (en) * | 2022-05-25 | 2022-09-06 | 国家工业信息安全发展研究中心 | Mutual trust and mutual recognition method and system for industrial internet heterogeneous identification analysis system |
Also Published As
Publication number | Publication date |
---|---|
CN116599770B (en) | 2023-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102164037B (en) | Digital signing system and method | |
CN103152182B (en) | A kind of electronic data authentication verification method | |
US10333903B1 (en) | Provisioning network keys to devices to allow them to provide their identity | |
WO2019052286A1 (en) | User identity verification method, apparatus and system based on blockchain | |
CN104735068B (en) | Method based on the close SIP safety certification of state | |
CN104008351B (en) | Window application completeness check system, method and device | |
CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
CN109257328B (en) | Safe interaction method and device for field operation and maintenance data | |
CN114900338B (en) | Encryption and decryption method, device, equipment and medium | |
CN103095456A (en) | Method and system for processing transaction messages | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN109547451A (en) | The method of authentic authentication service authentication based on TEE | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN104486087B (en) | A kind of digital signature method based on remote hardware security module | |
CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
CN109560935B (en) | Anti-quantum-computation signature method and signature system based on public asymmetric key pool | |
CN103117857A (en) | Automatic teller machine (ATM) information safety detection method and system based on hardware encryption algorithm | |
CN109586920A (en) | A kind of trust authentication method and device | |
CN107222501A (en) | A kind of information interaction security transmission method and system based on the non-electromagnetic signal of message identification code | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
CN113128999A (en) | Block chain privacy protection method and device | |
CN109586918B (en) | Anti-quantum-computation signature method and signature system based on symmetric key pool | |
CN106375327B (en) | A kind of proxy signature key of anti-malicious attack obscures electronic voting system and method | |
CN116599770B (en) | Operation method of industrial Internet commercial password application practical training platform | |
CN112861156B (en) | Secure communication method and device for display data, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |