CN117155704A - Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes - Google Patents
Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes Download PDFInfo
- Publication number
- CN117155704A CN117155704A CN202311399100.1A CN202311399100A CN117155704A CN 117155704 A CN117155704 A CN 117155704A CN 202311399100 A CN202311399100 A CN 202311399100A CN 117155704 A CN117155704 A CN 117155704A
- Authority
- CN
- China
- Prior art keywords
- trusted
- trusted device
- verification
- computer
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 69
- 238000004590 computer program Methods 0.000 claims description 18
- 230000003993 interaction Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 230000006872 improvement Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses a method, a system, equipment and a medium for rapidly adding a trusted DCS upper computer node, which belong to the field of industrial control safety deployment and comprise the following steps: receiving IP and connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison; receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority; after the verification is passed, the trusted device information is imported into a trusted device IP list; and sending a trusted device state request, acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network under the condition that the trusted state is confirmed to be normal, wherein the node addition is completed. The invention reduces the risk of the equipment invading the trusted network.
Description
Technical Field
The invention belongs to the field of industrial control safety deployment, and relates to a method, a system, equipment and a medium for quickly adding a trusted DCS upper computer node.
Background
The trusted DCS controller has a trusted computing function, and can perform trusted verification on a bootstrap program, an operating system kernel, an application program, a configuration file, a process and the like so as to ensure the credibility of the software and hardware environment of the controller.
With the increasing complexity of industrial systems, industrial management systems manage access communications to field and data unit devices. Otherwise, the whole industrial system may be paralyzed or even data leaked due to unsafe access of node equipment and virus injection.
In the engineering practice of the thermal power plant industrial control system based on the trusted technology, more than 20 computers are arranged in the power plant, and the efficiency of manual verification, input and linkage by means of a trusted management platform is low and the safety is poor. Especially, the existing method needs a power plant safety manager to carry out safety confirmation, the whole confirmation process is complex, and the operation difficulty is high. In order to quickly and safely complete trusted DCS deployment, a quick deployment scheme based on a trusted technology needs to be provided.
Disclosure of Invention
Aiming at the defects, the invention aims to provide a method, a system, equipment and a medium for quickly adding a trusted DCS upper computer node, which solve the safety problem in the existing equipment deployment process.
In order to achieve the above purpose, the invention adopts the following technical means:
the first aspect of the invention provides a method for rapidly adding a trusted DCS upper computer node, which comprises the following steps:
receiving IP and connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison;
receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
after the verification is passed, the trusted device information is imported into a trusted device IP list, and a trusted device state request is sent;
and acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network and completing node addition under the condition of confirming that the trusted state is normal.
As a further improvement of the present invention, before the receiving the IP and connection request of the trusted device, the method further includes: a rights deployment management step, which specifically includes:
creating a security administrator account and creating a device administrator account;
inputting a trusted device list, wherein the trusted device list comprises a device name and an IP list, and the trusted device list is imported after approval by a security administrator; the trusted device contains a trusted verification certificate.
As a further improvement of the invention, the login request also comprises an encryption algorithm and a computer name, and the computer name is sent in the form of ciphertext;
the encryption algorithm adopts an SM1 or SM4 algorithm.
As a further improvement of the invention, after the verification is passed, the login request is responded, the trusted device status request comprises a computer name and a status word, and the computer name is sent in a plaintext form.
As a further improvement of the invention, in the verification of the user name, the password and the user authority, if the verification is not passed, the access of the trusted device is forbidden.
In the method, in the process of acquiring the trusted state of the trusted device based on the trusted device state request, if the trusted state of the reading device is not trusted, the access of the trusted device is forbidden;
the approving the trusted device to be networked comprises: and receiving a heartbeat link establishment request sent by the trusted equipment, and performing trusted message interaction after the heartbeat link is successfully established.
As a further improvement of the invention, the method further comprises the steps of confirming the state and the log of the trusted device and obtaining the correlation metric value of the trusted device after the trusted device is approved to access the internet.
The second aspect of the present invention provides a trusted DCS host node rapid adding system, comprising:
the receiving module is used for receiving the IP and the connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison;
the verification module is used for receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
the importing module is used for importing the trusted device information into the trusted device IP list after the verification is passed and sending a trusted device state request;
and the approval module is used for acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network under the condition that the trusted state is confirmed to be normal, and completing node addition.
The third aspect of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for quickly adding nodes to the trusted DCS host when executing the computer program.
A fourth aspect of the present invention provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the method for quickly adding nodes to a trusted DCS host.
Compared with the prior art, the invention has the following beneficial effects:
in the process of trusted DCS networking, the method of the invention ensures that the trusted equipment accessed to the power plant network is safe and reliable and is approved by equipment verification, personnel authority verification and computer trusted verification, especially by verification after receiving a login request, and the whole node adding process reduces the risk of invasion of equipment of external personnel into the trusted network and reduces the working difficulty of a power plant security manager.
Drawings
FIG. 1 is a flow chart of a method for quickly adding a trusted DCS upper computer node;
FIG. 2 is a flow chart of trusted management platform add-on devices presented by an embodiment of the present invention;
FIG. 3 is a diagram showing the interaction of trusted devices with trusted management platforms according to an embodiment of the present invention;
FIG. 4 is a diagram of a trusted DCS host computer node rapid addition system provided by the invention;
fig. 5 is a schematic diagram of an electronic device according to the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Term interpretation:
the distributed control system is a new generation instrument control system based on a microprocessor and adopting the design principles of distributed control functions, centralized display operation and both autonomous and comprehensive coordination. The distributed control system is called DCS for short, and can also be a distributed control system or a distributed computer control system.
A trusted process (trusted process) is a process that can affect the security of a system, and the protection capabilities or properties of the trusted process must be reliable according to the system requirements.
As shown in fig. 1, a first object of the present invention is to provide a method for quickly adding a node of a trusted DCS, which is applied to a trusted management platform, and includes the following steps:
s1, receiving IP and a connection request of a trusted device, comparing the IP based on a pre-input IP list, and accessing the trusted device after the comparison;
s2, receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
s3, after verification is passed, the trusted device information is imported into a trusted device IP list, and a trusted device state request is sent;
and S4, acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network and completing node addition under the condition that the trusted state is confirmed to be normal.
The method for quickly adding the trusted DCS upper computer node solves the safety problem in the existing equipment deployment process. The scheme needs to ensure that each step of the deployment process is safe and efficient in terms of operator authority management, trusted equipment authentication encryption, data encryption security synchronization and the like.
Of course, the above method is limited by the trusted device as a main body, and is not repeated here.
As an optional embodiment, before receiving the IP and the connection request of the trusted device in step S1 in the embodiment of the present invention, the method further includes: a rights deployment management step, which specifically includes:
creating a security administrator account and creating a device administrator account;
inputting a trusted device list, wherein the trusted device list comprises a device name and an IP list, and the trusted device list is imported after approval by a security administrator; the trusted device contains a trusted verification certificate.
The method can perform authority deployment in advance, can check the evidence in the follow-up verification, and ensures that the risk of the whole deployment is reduced.
As some embodiments, in step S2, a login request of the trusted device is received, where the login request includes a trusted verification certificate, a computer name, a user name, and a password; after receiving the login request, the authentication is performed, specifically: decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority; comprising the following steps:
receiving a login request sent by trusted equipment, wherein the login request comprises an encryption algorithm and a computer name, and the computer name is sent in a ciphertext form;
decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority; after verification, responding to the login request, and sending a computer name and a status word, wherein the computer name is sent in a plaintext form;
authenticating the trusted device to the network includes: and receiving a heartbeat link establishment request sent by the trusted equipment, and performing trusted message interaction after the heartbeat link is successfully established.
The method of the present invention is further illustrated by the following examples.
As shown in fig. 2, in the deployment process, main security influencing factors include aspects of deployment personnel authority management, hardware equipment trusted verification, visual configuration of a trusted policy and the like. Rapid deployment is therefore mainly proceeding from these three aspects. The specific deployment steps are as follows:
1) The power plant owner appoints a security manager and creates a security manager account; the DCS system installation engineering personnel creates an equipment manager account.
2) The security administrator and the device administrator enter a trusted management platform.
3) The device vendor provides a trusted device that contains a trusted verification certificate.
4) And inputting a trusted device list, wherein the trusted device list comprises a device name and an IP list, and the trusted device list is imported into a trusted management platform after approval by a security administrator.
5) The trusted device sets IP and is connected with the trusted management platform through the account of the device manager, and the trusted management platform confirms that the access device is the target device through IP comparison.
6) When the trusted device sends a login request, the plaintext displays the encryption algorithm.
As an alternative embodiment, the encryption algorithm adopts symmetric encryption national encryption algorithms such as SM1 or SM4, encrypts the computer name, the user name and the password through a trusted verification certificate key and sends the encrypted computer name, the user name and the password to the trusted management platform.
7) The trusted management platform adopts a trusted verification certificate corresponding algorithm to decrypt and verify, compares the computer name and the IP with the trusted device approved for access after verification is passed, verifies the user name, the password and the user authority, introduces the trusted device into a trusted device IP list after verification is passed, and initiates a first trusted device state request.
Wherein, as a specific embodiment, the verification includes a trusted verification certificate, a computer name and a user authority. If the verification fails, the trusted device is prohibited from accessing.
8) The trusted management platform acquires the trusted state through encrypted communication, and approves the trusted device to access the network under the condition that the trusted state is confirmed to be normal.
The trusted status includes a trusted verification certificate, a computer name and user rights, as specific embodiments. And if the trusted state of the reading device is not trusted, prohibiting the access of the trusted device.
9) The security administrator confirms the trusted device state and log in the trusted management platform, and re-acquires the measurement value, updates and stores the measurement value.
As shown in fig. 3, in a specific embodiment of the present invention, a flow of information interaction between a trusted device and a trusted management platform is provided, which specifically includes:
s31, the trusted device sends a login request, wherein the login request comprises an encryption algorithm and a computer name, and the computer name is sent in a ciphertext mode;
s32, responding to the login request by the trusted management platform, and sending a computer name and a status word, wherein the computer name is sent in a plaintext form;
s33, the trusted device sends and establishes a heartbeat link;
s34, the establishment of the heartbeat link between the trusted device and the trusted management platform is successful;
s35, the trusted device interacts with the trusted message of the trusted management platform;
s36, the trusted device sends a broken link request;
s37, the trusted management platform replies to disconnect the link.
And thus, the whole process of information interaction between the trusted device and the trusted management platform is completed.
As shown in FIG. 4, the invention also provides a system for rapidly adding the trusted DCS upper computer node, which comprises the following steps:
the receiving module is used for receiving the IP and the connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison;
the verification module is used for receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
the importing module is used for importing the trusted device information into the trusted device IP list after the verification is passed and sending a trusted device state request;
and the approval module is used for acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network under the condition that the trusted state is confirmed to be normal, and completing node addition.
As shown in fig. 4, the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for quickly adding nodes to the trusted DCS host when executing the computer program.
The method for rapidly adding the trusted DCS upper computer node comprises the following steps:
s1, receiving IP and a connection request of a trusted device, comparing the IP based on a pre-input IP list, and accessing the trusted device after the comparison;
s2, receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
s3, after verification is passed, the trusted device information is imported into a trusted device IP list, and a trusted device state request is sent;
and S4, acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network and completing node addition under the condition that the trusted state is confirmed to be normal.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the method for quickly adding the trusted DCS upper computer node when being executed by a processor.
The method for rapidly adding the trusted DCS upper computer node comprises the following steps:
s1, receiving IP and a connection request of a trusted device, comparing the IP based on a pre-input IP list, and accessing the trusted device after the comparison;
s2, receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
s3, after verification is passed, the trusted device information is imported into a trusted device IP list, and a trusted device state request is sent;
and S4, acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network and completing node addition under the condition that the trusted state is confirmed to be normal.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (10)
1. A method for quickly adding a trusted DCS upper computer node is characterized by comprising the following steps:
receiving IP and connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison;
receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
after the verification is passed, the trusted device information is imported into a trusted device IP list, and a trusted device state request is sent;
and acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network and completing node addition under the condition of confirming that the trusted state is normal.
2. The method for quickly adding a trusted DCS host node according to claim 1, further comprising, before receiving the IP and connection request of the trusted device: a rights deployment management step, which specifically includes:
creating a security administrator account and creating a device administrator account;
inputting a trusted device list, wherein the trusted device list comprises a device name and an IP list, and the trusted device list is imported after approval by a security administrator; the trusted device contains a trusted verification certificate.
3. The method for quickly adding a trusted DCS host node according to claim 1, wherein said login request further comprises an encryption algorithm and a computer name, the computer name being sent in the form of ciphertext;
the encryption algorithm adopts an SM1 or SM4 algorithm.
4. The method for quickly adding a trusted DCS host node according to claim 1, wherein the verification is passed and is responded to the login request, and the sending of the trusted device status request comprises a computer name and a status word, the computer name being sent in plain text.
5. The method for quickly adding the trusted DCS host node according to claim 1, wherein the trusted device is prohibited from accessing if the authentication is not passed in the authentication of the user name, password and user authority.
6. The method for quickly adding the trusted DCS host node according to claim 1, wherein the obtaining of the trusted status of the trusted device based on the trusted device status request prohibits the access of the trusted device if the trusted status of the reading device is not trusted;
the approving the trusted device to be networked comprises: and receiving a heartbeat link establishment request sent by the trusted equipment, and performing trusted message interaction after the heartbeat link is successfully established.
7. The method for quickly adding a trusted DCS host node according to claim 1, wherein said validating trusted devices after accessing the network further comprises validating the status and log of the trusted devices and obtaining the correlation metric of the trusted devices.
8. The trusted DCS upper computer node rapid adding system is characterized by comprising:
the receiving module is used for receiving the IP and the connection request of the trusted equipment, comparing the IP based on a pre-input IP list, and accessing the trusted equipment after the comparison;
the verification module is used for receiving a login request of the trusted device, wherein the login request comprises a trusted verification certificate, a computer name, a user name and a password; decrypting and checking the trusted verification certificate, comparing the consistency of the computer name and the IP with the trusted device approved for access after the verification is passed, and verifying the user name, the password and the user authority;
the importing module is used for importing the trusted device information into the trusted device IP list after the verification is passed and sending a trusted device state request;
and the approval module is used for acquiring the trusted state of the trusted device based on the trusted device state request, and approving the trusted device to access the network under the condition that the trusted state is confirmed to be normal, and completing node addition.
9. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the trusted DCS upper node rapid addition method of any one of claims 1-7 when the computer program is executed by the processor.
10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which when executed by a processor implements the trusted DCS upper node rapid addition method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399100.1A CN117155704B (en) | 2023-10-26 | 2023-10-26 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311399100.1A CN117155704B (en) | 2023-10-26 | 2023-10-26 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117155704A true CN117155704A (en) | 2023-12-01 |
| CN117155704B CN117155704B (en) | 2024-01-16 |
Family
ID=88910306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311399100.1A Active CN117155704B (en) | 2023-10-26 | 2023-10-26 | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117155704B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| WO2012172533A1 (en) * | 2011-06-16 | 2012-12-20 | Accuris Technologies Limited | A device authentication method and devices |
| CN105577618A (en) * | 2014-10-15 | 2016-05-11 | 中兴通讯股份有限公司 | Authentication method and apparatus |
| CN110213246A (en) * | 2019-05-16 | 2019-09-06 | 南瑞集团有限公司 | A kind of wide area multiple-factor identity authorization system |
| CN112532649A (en) * | 2020-12-11 | 2021-03-19 | 杭州安恒信息技术股份有限公司 | Security equipment network access management method and related device of security situation management platform |
| CN112929361A (en) * | 2021-02-03 | 2021-06-08 | 中国联合网络通信集团有限公司 | Device authentication method, access node and computer readable storage medium |
| US20220060463A1 (en) * | 2020-08-18 | 2022-02-24 | Shenzhen Fugui Precision Ind. Co., Ltd. | Method for managing network devices, apparatus, and computer readable storage medium |
| CN116346415A (en) * | 2023-02-21 | 2023-06-27 | 浙江至控科技有限公司 | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
-
2023
- 2023-10-26 CN CN202311399100.1A patent/CN117155704B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| WO2012172533A1 (en) * | 2011-06-16 | 2012-12-20 | Accuris Technologies Limited | A device authentication method and devices |
| CN105577618A (en) * | 2014-10-15 | 2016-05-11 | 中兴通讯股份有限公司 | Authentication method and apparatus |
| CN110213246A (en) * | 2019-05-16 | 2019-09-06 | 南瑞集团有限公司 | A kind of wide area multiple-factor identity authorization system |
| US20220060463A1 (en) * | 2020-08-18 | 2022-02-24 | Shenzhen Fugui Precision Ind. Co., Ltd. | Method for managing network devices, apparatus, and computer readable storage medium |
| CN112532649A (en) * | 2020-12-11 | 2021-03-19 | 杭州安恒信息技术股份有限公司 | Security equipment network access management method and related device of security situation management platform |
| CN112929361A (en) * | 2021-02-03 | 2021-06-08 | 中国联合网络通信集团有限公司 | Device authentication method, access node and computer readable storage medium |
| CN116346415A (en) * | 2023-02-21 | 2023-06-27 | 浙江至控科技有限公司 | Multi-factor login authentication method and device for industrial control PLC system and PLC system |
Non-Patent Citations (1)
| Title |
|---|
| 雷倩睿;孟祥义;: "基于可信计算技术的认证方案研究", 现代计算机(专业版), no. 05 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117155704B (en) | 2024-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110784491B (en) | Internet of things safety management system | |
| CN103138939B (en) | Based on the key access times management method of credible platform module under cloud memory module | |
| CN104573516A (en) | Industrial control system trusted environment control method and platform based on safety chip | |
| CN103001936B (en) | A kind of third party's application interface authorization method and system | |
| CN104966015A (en) | Control method and system between intelligent equipment | |
| CN102916970B (en) | Network-based PIN cache method | |
| WO2015181925A1 (en) | Device control system, device controller, device control method, and program | |
| CN105872848A (en) | Credible two-way authentication method applicable to asymmetric resource environment | |
| CN113572791B (en) | Video Internet of things big data encryption service method, system and device | |
| CN111143856A (en) | PLC remote firmware upgrading system and method | |
| CN102546580A (en) | Method, system and device for updating user password | |
| CN106936797A (en) | The management method and system of magnetic disk of virtual machine and file encryption key in a kind of cloud | |
| CN105141416A (en) | User authority distribution control system based on hardware chip and method thereof | |
| CN105430649B (en) | WIFI cut-in method and equipment | |
| CN112087303B (en) | Certificate presetting and issuing method, robot and server | |
| CN109150811A (en) | A kind of method and device that realizing credible session calculates equipment | |
| CN112583594B (en) | Data processing method, acquisition device, gateway, trusted platform and storage medium | |
| CN106850232A (en) | Authorization management method and system that state keeps | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN111641651B (en) | Access verification method and device based on Hash chain | |
| CN117155704B (en) | Method, system, equipment and medium for quickly adding trusted DCS (distributed control system) upper computer nodes | |
| CN117270928A (en) | Online upgrading method, system, equipment and medium for trusted DCS (distributed control system) upper computer software | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN110851837A (en) | Self-service equipment based on trusted computing, and security management system and method thereof | |
| CN115460015A (en) | TOTP-based identity authentication method and system for Web application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |