CN117596595A - Working method for carrying out safe login based on photovoltaic power system - Google Patents
Working method for carrying out safe login based on photovoltaic power system Download PDFInfo
- Publication number
- CN117596595A CN117596595A CN202311801039.9A CN202311801039A CN117596595A CN 117596595 A CN117596595 A CN 117596595A CN 202311801039 A CN202311801039 A CN 202311801039A CN 117596595 A CN117596595 A CN 117596595A
- Authority
- CN
- China
- Prior art keywords
- user
- photovoltaic power
- power system
- login
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013475 authorization Methods 0.000 claims abstract description 46
- 230000008569 process Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 239000013307 optical fiber Substances 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 241001465754 Metazoa Species 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 230000003442 weekly effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention provides a working method for carrying out safe login based on a photovoltaic power system, which comprises the following steps: step 1, starting a photovoltaic power system, and authenticating an access request of a user through an OAuth2.0 protocol; step 2, executing authentication work of an authorization unit in the photovoltaic power system; and step 3, verifying the user account and the password information, and judging whether the system account information associated with the photovoltaic power system is truly effective.
Description
Technical Field
The invention relates to the field of data security, in particular to a working method for performing security login based on a photovoltaic power system.
Background
Authentication and access control are critical security issues in photovoltaic power systems. It is important to ensure that only authorized users can access the photovoltaic power system and operate. Existing authentication techniques may be insufficiently secure and vulnerable to attacks such as forging, intercepting or replaying authentication credentials. The photovoltaic power system is composed of huge linkage equipment, if the photovoltaic power system is illegally captured and abnormally controlled, huge economic loss and social adverse effects can be caused, the multi-site-based photovoltaic informatization management system is researched and realized [ Zhou Rong. Value engineering, 2019]. The article indicates that various digitization technologies are widely used in the photovoltaic power generation system at present, informatization management can be implemented in actual conditions, the working efficiency is improved, the purpose of monitoring the running condition of the photovoltaic power station in real time is further achieved, the safety of electricity utilization is ensured, but how to realize safe login of the photovoltaic power system is not proposed, and the technical problem corresponding to the technical problem is needed to be solved by the person skilled in the art.
Disclosure of Invention
The invention aims at least solving the technical problems in the prior art, and particularly creatively provides a working method for carrying out safe login based on a photovoltaic power system.
In order to achieve the above object of the present invention, the present invention provides a working method for performing secure login based on a photovoltaic power system, including:
step 1, starting a photovoltaic power system, and authenticating an access request of a user through an OAuth2.0 protocol;
step 2, executing authentication work of an authorization unit in the photovoltaic power system;
and step 3, verifying the user account and the password information, and judging whether the system account information associated with the photovoltaic power system is truly effective.
Preferably, in the above technical solution, the step 1 includes:
starting a photovoltaic power system, authenticating an access request of a user through an OAuth2.0 protocol, registering according to the access authority and the access validity period of the user when the accessed OAuth2.0 protocol is logged in, calling a primary authentication instruction through a first authorization unit, executing a second authorization unit authentication instruction if the user is executed, and initiating the primary authentication instruction again if the user is not executed, and increasing identification information and inputting error authentication parameters.
Preferably, in the above technical solution, the step 1 further includes:
under the OAuth2.0 protocol frame, a login user uses an access authorization authentication instruction to identify user authorization information, and adds the instruction information into the OAuth2.0 protocol frame to access the instruction information and call the instruction information by a new login user to acquire access data of a photovoltaic power system and realize login operation;
the security authentication mode executed by the background of the photovoltaic power system is a security level priority mode, namely, the login authentication process is completed by gradually improving the security, when a login user needs to send a login request to the photovoltaic power system in the mode, the condition of verifying the login is completely completed, an access request is initiated, confidentiality of user information is ensured, and meanwhile, unauthorized application can be prevented from accessing user data.
Preferably, the step 2 includes:
step 2, if the authentication is passed, the photovoltaic power system login user acquires an authentication code of the second authorization unit, and the user identity is identified through the authentication code; the authentication code is received by the third party communication device;
if the authentication code passes verification, a photovoltaic power system login user accesses the photovoltaic power system and forms a third authorization unit authentication instruction, the third authorization unit authentication instruction is set to be in a countdown state, the optical fiber power system is ensured to be always kept under the management of the login user, the login state needs to be confirmed at intervals for ensuring safe use of a power grid due to the particularity of the photovoltaic power system login user, the third authorization unit performs identity authentication through face recognition, the authentication code of the login user and the face keep data unified, the login user confirms to exit the login state, and the third authorization unit performs new input preparation again.
Preferably, in the above technical solution, the second authorization unit in step 2 performs the following method:
judging whether a photovoltaic power system login user authenticates at a communication operator, if so, packaging an account number and a password in a user password token, generating a corresponding token through a subject, storing the token in a security manager, and setting system use permission according to identity information defined by the login user; after authority setting is finished, a user password token in a security manager is sent to a security authenticator, the security authenticator splits the user password token into an account number and a password, the split account number and the split password are matched through a database after the PKI domain which belongs to the user password token is determined according to a CMPv2 server certificate, the user password token and the split account number and the split password are authenticated by the security authenticator, if the authentication is passed, authentication code operation is carried out, and if the authentication is failed, the first authorization unit is returned to carry out initial authentication;
when an authentication code pushing instruction is started, the pushing instruction and a photovoltaic power system login user mobile phone number matching instruction are required to be completed simultaneously, and authentication code pushing information which is consistent in matching is sent to the photovoltaic power system login user; when the photovoltaic power system login user mobile phone receives information, the photovoltaic power system creates an authentication code collection class instruction, then the authentication code collection class instruction is written again, when the photovoltaic power system login user authentication code collection class instruction changes, an authority judgment instruction in the authentication authority is returned, and according to the system user pushing authority selection information by using the MQTT, the authentication authority is selected to be sent to the photovoltaic power system.
Preferably, in the above technical solution, the step 3 includes:
judging whether system password information associated with the photovoltaic power system is valid or not; judging whether system account information associated with the photovoltaic power system is an account disabled state option or mark, if the account disabled state option or mark is checked, indicating that the account is disabled, and executing a command for releasing the disabled; judging that system account information associated with the photovoltaic power system marks the state of a system user by using a check box or a selection box, and if a user is checked by a locking option, indicating that the user is locked; conversely, if the unlock user option is checked, it indicates that the user has been unlocked, while a different color, icon, or label is used to indicate the user's status.
In the above technical solution, in step 3, the system password information further includes:
searching and recording the last login time of a user according to the storage type or attribute of the user of the system by judging whether the user password information associated with the photovoltaic power system exceeds a preset authentication login period, and acquiring the preset user authentication login period information according to the configuration or security policy of the photovoltaic cable system; and comparing and judging by writing the modification instruction so as to accord with the use habit of the user. Comparing according to the last login time and a preset authentication login period; if the last login time is more than the current time by a preset period, judging that the user password information is more than the preset authentication login period; executing a reauthentication instruction, logging in to a management background of the photovoltaic power system by using an administrator account and a password, finding and selecting a relevant system user in a user management part, checking attribute or detail information of the user, and executing a login remark instruction; searching a system configuration or security policy document, finding a preset value about an authentication login period, and adjusting the preset value according to the acquired final login time and the authentication login period.
Preferably, in the above technical solution, the step 3 further includes:
judging whether system password information associated with the photovoltaic power system is correct or not; identifying information abnormality identification and error information identification corresponding to the password information of the photovoltaic power system;
judging whether the user password of the photovoltaic power system is out of date or not based on the corresponding information anomaly identification and error information identification, and if not, judging that the user password information associated with the photovoltaic power system is true and effective; the user password information associated with the photovoltaic power system is truly effective; if the password is expired, reading the use times including password strength requirement, password length limitation and password history record from a preset photovoltaic power system authentication security policy; the login mode of the system user and the outdated password information generate new account password information, and the preset password strategy ensures that the new password meets the specified password strength, length and history record requirements; the password content is then updated, and if a new password is generated, user account information associated with the photovoltaic power system is updated, including updating the password information. The system user can safely access and use the photovoltaic power system; in account and password management associated with photovoltaic power systems, user account security and system stability are ensured by selecting practices and security standards to periodically check and update passwords, and implementing effective security policies.
In summary, due to the adoption of the technical scheme, the beneficial effects of the invention are as follows:
through oauth2.0 protocol, a user may authorize a third party application to access his personal information without exposing the personal information (e.g., a user name and password). This enhances the security of the user information and reduces the security risk due to leakage of the user information. Multiple authorization units (such as a first authorization unit, a second authorization unit and a third authorization unit) are introduced for identity verification, so that the identity verification process is tighter. The authentication code or the identity recognition mode of each authorization unit is different, so that the defending capability of the system against illegal access is enhanced. During the user login process, the system checks the status of the user in real time (e.g., whether locked or disabled). If the user is locked or disabled, the system may require additional authentication or unlocking by the user, further enhancing the security of the system. The face recognition is used as an identity recognition mode, so that the reliability of user identity verification is improved. Meanwhile, the countdown function and the regular login state confirmation mechanism of the third authorization unit can ensure that the user is continuously online, and prevent unauthorized users from accessing the system.
The whole login process is automatic, the user only needs to perform initial setting once, and then the system can automatically perform identity verification and management, so that the operation of the user is greatly simplified. The system is flexible in design, and the number of the authorization units and the identity verification mode are adjusted according to actual conditions so as to meet the requirements of different security levels.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
FIG. 1 is a general schematic of the present invention;
fig. 2 is a flow chart of the login procedure of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
As shown in fig. 1 and 2, the invention discloses a working method for carrying out safe login based on a photovoltaic power system, which comprises the following steps:
step 1, starting a photovoltaic power system, authenticating an access request of a user through an OAuth2.0 protocol, registering according to user access authority and an access validity period when the accessed OAuth2.0 protocol is logged in, calling a primary authentication instruction through a first authorization unit, executing a second authorization unit authentication instruction if the user is executed, and initiating the primary authentication instruction again if the user is not executed, and adding identification information and inputting error authentication parameters;
the first authorization unit can use an image authentication mode, such as the same articles for daily use, the same animals and plants, or a character and letter image authentication mode, and after a photovoltaic power system login user receives an authentication request, the correspondence of identification information is verified, and authentication can be passed through matching with randomly generated authentication parameters.
In step 1, under oauth2.0 protocol frame, a login user uses an access authorization authentication instruction to identify user authorization information, and adds the instruction information into oauth2.0 protocol frame to access the instruction information by a new login user, and calls the instruction information to acquire access data of a photovoltaic power system and realize login operation;
the security authentication mode executed by the background of the photovoltaic power system is a security level priority mode, namely, the login authentication process is completed by gradually improving the security, when a login user needs to send a login request to the photovoltaic power system in the mode, the condition of verifying the login is completely completed, an access request is initiated, confidentiality of user information is ensured, and meanwhile, unauthorized application can be prevented from accessing user data.
The authorization request message and the response message are transmitted by using an application/json format, and the json format is a lightweight data exchange format, is easy to read and write, and is convenient for machine analysis and generation. Authentication parameters, authentication codes, and other related information are conveniently communicated during the authorization process using json format.
Step 2, if the authentication is passed, the photovoltaic power system login user acquires an authentication code of the second authorization unit, and the user identity is identified through the authentication code; the authentication code is received by the third party communication device;
if the authentication code passes verification, a photovoltaic power system login user accesses the photovoltaic power system and forms a third authorization unit authentication instruction, the third authorization unit authentication instruction is set to be in a countdown state, the optical fiber power system is ensured to be always kept under the management of the login user, the login state needs to be confirmed at intervals for ensuring safe use of a power grid due to the particularity of the photovoltaic power system login user, the third authorization unit performs identity authentication through face recognition, the authentication code of the login user and the face keep data unified, the login user confirms to exit the login state, and the third authorization unit performs new input preparation again.
The second authorization unit in the step 2 performs the following method:
judging whether a photovoltaic power system login user authenticates at a communication operator, if so, packaging an account number and a password in a user password token, generating a corresponding token through a subject, storing the token in a security manager, and setting system use permission according to identity information defined by the login user; after authority setting is finished, a user password token in a security manager is sent to a security authenticator, the security authenticator splits the user password token into an account number and a password, the split account number and the split password are matched through a database after the PKI domain which belongs to the user password token is determined according to a CMPv2 server certificate, the user password token and the split account number and the split password are authenticated by the security authenticator, if the authentication is passed, authentication code operation is carried out, and if the authentication is failed, the first authorization unit is returned to carry out initial authentication;
when an authentication code pushing instruction is started, the pushing instruction and a photovoltaic power system login user mobile phone number matching instruction are required to be completed simultaneously, and authentication code pushing information which is consistent in matching is sent to the photovoltaic power system login user; when the photovoltaic power system login user mobile phone receives information, the photovoltaic power system creates an authentication code collection class instruction, then writes authentication rights in the authentication code collection class again, returns a right judgment instruction in the calling authentication rights when the authentication code collection class instruction of the photovoltaic power system login user changes, pushes right selection information according to the use of the MQTT by a system user, and sends the information to the photovoltaic power system by selecting the authentication rights;
the corresponding information is pushed by the operator, containing options such as: an administrator, a patrol personnel, an information acquisition personnel and an input personnel;
step 3, after the authentication code passes, the user account and the password information are verified, and whether the system account information associated with the photovoltaic power system is true and effective is judged; judging whether system password information associated with the photovoltaic power system is valid or not; judging whether system account information associated with the photovoltaic power system is an account disabled state option or mark, if the account disabled state option or mark is checked, indicating that the account is disabled, and executing a command for releasing the disabled; judging that system account information associated with the photovoltaic power system marks the state of a system user by using a check box or a selection box, and if a user is checked by a locking option, indicating that the user is locked; conversely, if the unlock user option is checked, it indicates that the user has been unlocked, while a different color, icon, or label is used to indicate the user's status. For example, the locked state is displayed with a red or gray mark, and the unlocked state is displayed with a green or blue mark; in addition to visual indication, the photovoltaic power system also explicitly indicates the status of the account through text labels, and the locked instruction or the unlocked instruction is obtained and directly displayed in system user details or a setting task bar.
The step 3 for the system password information further includes:
searching and recording the last login time of a user according to the storage type or attribute of the user of the system by judging whether the user password information associated with the photovoltaic power system exceeds a preset authentication login period, and acquiring the preset user authentication login period information according to the configuration or security policy of the photovoltaic cable system; this may be a specific time interval, such as daily, weekly, monthly, etc. And comparing and judging by writing the modification instruction so as to accord with the use habit of the user. Comparing according to the last login time and a preset authentication login period; if the last login time is more than the current time by a preset period, judging that the user password information is more than the preset authentication login period; executing a reauthentication instruction, logging in to a management background of the photovoltaic power system by using an administrator account and a password, finding and selecting a relevant system user in a user management part, checking attribute or detail information of the user, and executing a login remark instruction; searching a system configuration or security policy document, finding a preset value about an authentication login period, and adjusting the preset value according to the acquired final login time and the authentication login period.
Further comprises: judging whether system password information associated with the photovoltaic power system is correct or not; identifying information abnormality identification and error information identification corresponding to the password information of the photovoltaic power system;
judging whether the user password of the photovoltaic power system is out of date or not based on the corresponding information anomaly identification and error information identification, and if not, judging that the user password information associated with the photovoltaic power system is true and effective; the user password information associated with the photovoltaic power system is truly effective; if the password is expired, reading the use times including password strength requirement, password length limitation and password history record from a preset photovoltaic power system authentication security policy; the login mode of the system user and the outdated password information generate new account password information, and the preset password strategy ensures that the new password meets the specified password strength, length and history record requirements; the password content is then updated, and if a new password is generated, user account information associated with the photovoltaic power system is updated, including updating the password information. The system user can safely access and use the photovoltaic power system; in account and password management associated with photovoltaic power systems, user account security and system stability are ensured by selecting practices and security standards to periodically check and update passwords, and implementing effective security policies.
In addition, when the photovoltaic power system user logs in as a remote login instruction, sending photovoltaic power system user information, a domain account, a new password and an old password according to a pre-stored basic authentication set, and verifying information submitted by the authentication set calling instruction by executing the authentication set calling instruction, wherein the information comprises identity accuracy, domain name matching and password accuracy of the photovoltaic power system user, and when the remote login authentication is passed, encrypting the new password information and storing the encrypted new password information in a remote server; thereby ensuring the backup and restore capabilities of the data. The entry related to the new password is updated in the system registry to ensure the synchronization of the internal data of the photovoltaic power system;
adding a new domain account on the domain controller using a dsadd command by executing an add domain account according to the photovoltaic power system; for example: dsadd user "cn=new user name, ou=organization unit, dc=domain name, dc=com"; and delete the failed domain account: deleting the domain account number on the domain controller using a dsremove command; for example: dsremove user "cn=username, ou=organization unit, dc=domain name, dc=com"; in the process of adding the domain account, if the actual state changes in the login of the photovoltaic power system user, the domain account attribute is modified: the ds mod command is used to modify attributes of the domain account, such as modifying a password, modifying the group to which it belongs, etc. For example: dsmod user "cn=username, ou=organization unit, dc=domain name, dc=com" -samid new password, then add the local account to the domain account: the netdom command is used to join the local computer into the domain and to add the local user account to the domain controller. For example: netdom join computer name/domain name/user name/password
In the process of logging in the domain account, obtaining domain account password information from the advanced authentication set for verification logging in; the method comprises the steps that domain account password information is sent to a cloud server, and if a logged-in IP address and equipment index photovoltaic power system users are replaced, the photovoltaic power system checks the domain account password information stored by the cloud server; if the added domain account is not stored in the cloud server, the added domain account is stored in an index; and the photovoltaic power system user uses the synchronized domain account password information to perform system login, so that seamless cross-terminal use experience is ensured. And meanwhile, the domain account logged in by the photovoltaic power system user is subjected to information mapping, so that corresponding photovoltaic power system user information is rapidly extracted.
RESTful API technology is used in the underlying authentication set, which is based on the HTTP protocol, for building component interactions in the distributed system. The system account information, domain name information, new passwords and old passwords can be packaged in the resources of the RESTful API, and submitted and verified through an HTTP method (such as POST, PUT and the like).
The RESTful API is also used for the processing of domain account password information in the advanced authentication set. For example, domain account password information is updated and uploaded to a web server by invoking a specific API endpoint.
The actual application illustrated in the basic authentication set and in the advanced authentication set depends on the required and used technology stack.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
Claims (8)
1. The working method for carrying out safe login based on the photovoltaic power system is characterized by comprising the following steps of:
step 1, starting a photovoltaic power system, and authenticating an access request of a user through an OAuth2.0 protocol;
step 2, executing authentication work of an authorization unit in the photovoltaic power system;
and step 3, verifying the user account and the password information, and judging whether the system account information associated with the photovoltaic power system is truly effective.
2. The method for securely logging in based on a photovoltaic power system according to claim 1, wherein the step 1 comprises:
starting a photovoltaic power system, authenticating an access request of a user through an OAuth2.0 protocol, registering according to the access authority and the access validity period of the user when the accessed OAuth2.0 protocol is logged in, calling a primary authentication instruction through a first authorization unit, executing a second authorization unit authentication instruction if the user is executed, and initiating the primary authentication instruction again if the user is not executed, and increasing identification information and inputting error authentication parameters.
3. The method for securely logging in based on a photovoltaic power system according to claim 2, wherein the step 1 further comprises:
under the OAuth2.0 protocol frame, a login user uses an access authorization authentication instruction to identify user authorization information, and adds the instruction information into the OAuth2.0 protocol frame to access the instruction information and call the instruction information by a new login user to acquire access data of a photovoltaic power system and realize login operation;
the security authentication mode executed by the background of the photovoltaic power system is a security level priority mode, namely, the login authentication process is completed by gradually improving the security, when a login user needs to send a login request to the photovoltaic power system in the mode, the condition of verifying the login is completely completed, an access request is initiated, confidentiality of user information is ensured, and meanwhile, unauthorized application can be prevented from accessing user data.
4. The method for securely logging in based on a photovoltaic power system according to claim 3, wherein said step 2 comprises:
step 2, if the authentication is passed, the photovoltaic power system login user acquires an authentication code of the second authorization unit, and the user identity is identified through the authentication code; the authentication code is received by the third party communication device;
if the authentication code passes verification, a photovoltaic power system login user accesses the photovoltaic power system and forms a third authorization unit authentication instruction, the third authorization unit authentication instruction is set to be in a countdown state, the optical fiber power system is ensured to be always kept under the management of the login user, the login state needs to be confirmed at intervals for ensuring safe use of a power grid due to the particularity of the photovoltaic power system login user, the third authorization unit performs identity authentication through face recognition, the authentication code of the login user and the face keep data unified, the login user confirms to exit the login state, and the third authorization unit performs new input preparation again.
5. The method according to claim 1, wherein the second authorization unit in step 2 performs the following steps:
judging whether a photovoltaic power system login user authenticates at a communication operator, if so, packaging an account number and a password in a user password token, generating a corresponding token through a subject, storing the token in a security manager, and setting system use permission according to identity information defined by the login user; after authority setting is finished, a user password token in a security manager is sent to a security authenticator, the security authenticator splits the user password token into an account number and a password, the split account number and the split password are matched through a database after the PKI domain which belongs to the user password token is determined according to a CMPv2 server certificate, the user password token and the split account number and the split password are authenticated by the security authenticator, if the authentication is passed, authentication code operation is carried out, and if the authentication is failed, the first authorization unit is returned to carry out initial authentication;
when an authentication code pushing instruction is started, the pushing instruction and a photovoltaic power system login user mobile phone number matching instruction are required to be completed simultaneously, and authentication code pushing information which is consistent in matching is sent to the photovoltaic power system login user; when the photovoltaic power system login user mobile phone receives information, the photovoltaic power system creates an authentication code collection class instruction, then the authentication code collection class instruction is written again, when the photovoltaic power system login user authentication code collection class instruction changes, an authority judgment instruction in the authentication authority is returned, and according to the system user pushing authority selection information by using the MQTT, the authentication authority is selected to be sent to the photovoltaic power system.
6. The method for securely logging in based on a photovoltaic power system according to claim 1, wherein said step 3 comprises:
judging whether system password information associated with the photovoltaic power system is valid or not; judging whether system account information associated with the photovoltaic power system is an account disabled state option or mark, if the account disabled state option or mark is checked, indicating that the account is disabled, and executing a command for releasing the disabled; judging that system account information associated with the photovoltaic power system marks the state of a system user by using a check box or a selection box, and if a user is checked by a locking option, indicating that the user is locked; conversely, if the unlock user option is checked, it indicates that the user has been unlocked, while a different color, icon, or label is used to indicate the user's status.
7. The method for securely logging in based on the photovoltaic power system according to claim 6, wherein the step 3 further comprises:
searching and recording the last login time of a user according to the storage type or attribute of the user of the system by judging whether the user password information associated with the photovoltaic power system exceeds a preset authentication login period, and acquiring the preset user authentication login period information according to the configuration or security policy of the photovoltaic cable system; and comparing and judging by writing the modification instruction so as to accord with the use habit of the user. Comparing according to the last login time and a preset authentication login period; if the last login time is more than the current time by a preset period, judging that the user password information is more than the preset authentication login period; executing a reauthentication instruction, logging in to a management background of the photovoltaic power system by using an administrator account and a password, finding and selecting a relevant system user in a user management part, checking attribute or detail information of the user, and executing a login remark instruction; searching a system configuration or security policy document, finding a preset value about an authentication login period, and adjusting the preset value according to the acquired final login time and the authentication login period.
8. The method for securely logging in based on a photovoltaic power system according to claim 6, wherein said step 3 further comprises:
judging whether system password information associated with the photovoltaic power system is correct or not; identifying information abnormality identification and error information identification corresponding to the password information of the photovoltaic power system;
judging whether the user password of the photovoltaic power system is out of date or not based on the corresponding information anomaly identification and error information identification, and if not, judging that the user password information associated with the photovoltaic power system is true and effective; the user password information associated with the photovoltaic power system is truly effective; if the password is expired, reading the use times including password strength requirement, password length limitation and password history record from a preset photovoltaic power system authentication security policy; the login mode of the system user and the outdated password information generate new account password information, and the preset password strategy ensures that the new password meets the specified password strength, length and history record requirements; the password content is then updated, and if a new password is generated, user account information associated with the photovoltaic power system is updated, including updating the password information. The system user can safely access and use the photovoltaic power system; in account and password management associated with photovoltaic power systems, user account security and system stability are ensured by selecting practices and security standards to periodically check and update passwords, and implementing effective security policies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311801039.9A CN117596595A (en) | 2023-12-25 | 2023-12-25 | Working method for carrying out safe login based on photovoltaic power system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311801039.9A CN117596595A (en) | 2023-12-25 | 2023-12-25 | Working method for carrying out safe login based on photovoltaic power system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596595A true CN117596595A (en) | 2024-02-23 |
Family
ID=89916827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311801039.9A Pending CN117596595A (en) | 2023-12-25 | 2023-12-25 | Working method for carrying out safe login based on photovoltaic power system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596595A (en) |
-
2023
- 2023-12-25 CN CN202311801039.9A patent/CN117596595A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109787988B (en) | Identity strengthening authentication and authorization method and device | |
| CN110213246B (en) | Wide-area multi-factor identity authentication system | |
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| CN101291228B (en) | Generating, authenticating method for super code, system and device thereof | |
| CN101401387B (en) | Access control protocol for embedded devices | |
| CN107231346A (en) | A kind of method of cloud platform identification | |
| CN106559408B (en) | SDN authentication method based on trust management | |
| US20140189807A1 (en) | Methods, systems and apparatus to facilitate client-based authentication | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| CN109756446B (en) | Access method and system for vehicle-mounted equipment | |
| CN107222476B (en) | A kind of authentication service method | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN108650212A (en) | A kind of Internet of Things certification and access control method and Internet of Things security gateway system | |
| CN106453361B (en) | A kind of security protection method and system of the network information | |
| CN105099690A (en) | OTP and user behavior-based certification and authorization method in mobile cloud computing environment | |
| CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
| CN109688133A (en) | It is a kind of based on exempt from account login communication means | |
| KR20060032888A (en) | Apparatus for managing identification information via internet and method of providing service using the same | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| JP2017152880A (en) | Authentication system, key processing coordination method, and key processing coordination program | |
| CN109285256A (en) | Computer room based on block chain authentication enter permission give method | |
| CN101309147A (en) | Identity authentication method based on image password | |
| CN111399980A (en) | Safety authentication method, device and system for container organizer | |
| CN110855664A (en) | Network certificate system | |
| KR20230104921A (en) | How to break the protection of an object achieved by the protection device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |