CN211557285U - Control terminal, signature server and task server - Google Patents

Control terminal, signature server and task server Download PDF

Info

Publication number
CN211557285U
CN211557285U CN201922456042.7U CN201922456042U CN211557285U CN 211557285 U CN211557285 U CN 211557285U CN 201922456042 U CN201922456042 U CN 201922456042U CN 211557285 U CN211557285 U CN 211557285U
Authority
CN
China
Prior art keywords
task
information
signature
server
control terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201922456042.7U
Other languages
Chinese (zh)
Inventor
郑晓凤
乐翔
楚兵
黄晓波
刘盈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo Helishi Information Security Research Institute Co ltd
Original Assignee
Ningbo Helishi Information Security Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo Helishi Information Security Research Institute Co ltd filed Critical Ningbo Helishi Information Security Research Institute Co ltd
Priority to CN201922456042.7U priority Critical patent/CN211557285U/en
Application granted granted Critical
Publication of CN211557285U publication Critical patent/CN211557285U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The application provides a control terminal, a signature server and a task server, wherein the control terminal comprises a communication interface, a coder-decoder connected with the communication interface, and a TCM security chip connected with the coder-decoder, wherein the communication interface receives first encryption information sent by the signature server; the first encryption information is obtained by encrypting the credible task information and the signature thereof by the signature server by using a first communication key; the codec decrypts the first encrypted information by using the first communication key to obtain trusted task information and a signature thereof, the TCM security chip performs signature verification on each item of trusted task information by using the signature, and records the trusted task information passing the signature verification in a task white list; and the task white list is used as a basis for the control terminal to perform security verification on the received task. In the scheme, the control terminal establishes the task white list by using the trusted task information and judges whether the received task is safe or not based on the task white list, so that the control terminal is prevented from executing unsafe tasks.

Description

Control terminal, signature server and task server
Technical Field
The utility model relates to an industrial control technical field, in particular to control terminal, signature server and task server.
Background
The industrial control system is a system composed of a control terminal and a task server, the control terminal is generally a Programmable Logic Controller (PLC) with a networking function, and the PLC can receive a task issued by the task server through a network and control industrial equipment (e.g., an automatic processing center and other automatic industrial equipment) connected with the PLC to start working according to an instruction of the task, thereby achieving an effect of remote automatic control.
However, the industrial control system accessing the network has a certain potential safety hazard, and specifically, an IP disguised as a task server by an illegal server may issue an unsafe task to the control terminal, and after the control terminal executes the unsafe task, safety accidents such as data leakage and equipment damage may occur.
In summary, there is a need for an effective safety protection scheme for an industrial control system to avoid the above safety accidents at the control terminal.
SUMMERY OF THE UTILITY MODEL
Based on the problems of the prior art, the present application provides a control terminal, a signature server and a task server to avoid safety accidents caused by the control terminal executing illegal tasks.
A first aspect of the present application provides a control terminal, including:
the communication interface receives first encryption information sent by the signature server based on a secure transport layer protocol; the first encryption information is obtained by encrypting the trusted task information and the signature of the trusted task information by the signature server by using a preset first communication key; the trusted task information refers to task information sent by a task server; the signature of the trusted task information is obtained by calculating the trusted task information by the signature server by using a preset signature algorithm;
the codec connected with the communication interface decrypts the first encrypted information by using the first communication key to obtain the trusted task information and the signature of the trusted task information;
the TCM security chip is connected with the codec and is used for performing signature verification on the trusted task information by using the signature of the trusted task information aiming at each item of the trusted task information; recording the trusted task information which passes the signature verification in a task white list; and the task white list is used as a basis for the control terminal to perform security verification on the received task.
Optionally, the control terminal further includes: the programmable logic controller is connected with the TCM security chip;
wherein, the TCM security chip:
searching task information matched with the task received by the control terminal in a task white list;
if the task information matched with the task received by the control terminal is found out, the task is determined to pass the safety check, and the programmable logic controller is triggered to execute the task;
and if the task information matched with the task received by the control terminal is not found, determining that the task does not pass the safety check, and refusing to execute the task.
A second aspect of the present application provides a signature server, including:
a communication interface that receives the second encryption information;
the coder and the decoder connected with the communication interface decrypt the second encrypted information by using a preset second communication key;
if the decryption is successful, determining the task information obtained by the decryption as the credible task information; the trusted task information refers to task information sent by a task server;
the signature chip connected with the coder-decoder calculates the credible task information by using a preset signature algorithm to obtain a signature of the credible task information;
the codec encrypts the trusted task information and the signature of the trusted task information by using a first communication key to obtain first encrypted information;
the communication interface sends the first encryption information to a control terminal; the first encrypted information is decrypted by the control terminal through the first communication key, and after the trusted task information passes signature verification, the trusted task information is recorded in a task white list by the control terminal, and the task white list is used as a basis for the control terminal to perform security verification on the received task.
Optionally, the communication interface:
and sending the signature of the credible task information to the task server.
A third aspect of the present application provides a task server, comprising:
the task chip generates task information;
the codec connected with the task chip encrypts the task information by using a second communication key to obtain second encrypted information;
the communication interface is connected with the coder and the decoder and used for sending the second encryption information to a signature server; after the second encrypted information is decrypted by the signature server, the task information is provided to a control terminal as trusted task information and is recorded in a task white list by the control terminal; and the task white list is used as a basis for the control terminal to perform security verification on the received task.
Optionally, the communication interface:
issuing a task to be executed to a control terminal; and the task to be executed is executed by the control terminal after passing through the security check of the control terminal based on the task white list.
The application provides a control terminal, a signature server and a task server, wherein the control terminal comprises a communication interface, a coder-decoder connected with the communication interface, and a TCM security chip connected with the coder-decoder, wherein the communication interface receives first encryption information sent by the signature server; the first encryption information is obtained by encrypting the credible task information and the signature thereof by the signature server by using a first communication key; the codec decrypts the first encrypted information by using the first communication key to obtain trusted task information and a signature thereof, the TCM security chip performs signature verification on each item of trusted task information by using the signature, and records the trusted task information passing the signature verification in a task white list; and the task white list is used as a basis for the control terminal to perform security verification on the received task. In the scheme, the control terminal establishes the task white list by using the trusted task information and judges whether the received task is safe or not based on the task white list, so that the control terminal is prevented from executing unsafe tasks.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an industrial control system according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a safety protection method of an industrial control system according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of a safety protection method for an industrial control system according to another embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a control terminal according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a signature server according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a task server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative work belong to the protection scope of the present invention.
The key point of the safety protection method of the industrial control system is that the control terminal establishes and maintains a task white list by using the credible task information which is provided by the signature server and passes the signature verification, on the basis of the task white list, the control terminal carries out safety verification on the received task by using the task white list every time the control terminal receives one task, and if the received task passes the safety verification, the task is determined to be the safety task provided by the task server and is executed; and if the received task does not pass the security check, determining that the task is not the security task provided by the task server, and refusing to execute the task.
The safety verification of one task is specifically that whether task information matched with the task exists in a task white list is judged, if the matched task information exists in the task white list, the task passes the safety verification, and if the matched task information does not exist in the task white list, the task does not pass the safety verification.
By the method, the control terminal can avoid executing unsafe tasks provided by a third-party illegal server disguised as a task server, so that the safety of the control terminal in the industrial control system is effectively improved.
For better understanding of the solution provided by the present application, the architecture of the industrial control system to which the embodiment of the present application is applied is first described with reference to the schematic architecture diagram shown in fig. 1.
As shown in fig. 1, the industrial control system provided by the embodiment of the present application includes a signature server 100, a task server 200, and a PLC system 300, where the PLC system is equivalent to a control terminal connected to the signature server and the task server via a network, and the signature server and the task server are also connected via a network.
It should be noted that fig. 1 is only an architecture diagram for illustrating a connection relationship between three types of devices, and in an actual industrial control system, there may be a plurality of signature servers, task servers, and PLC systems.
The safety protection method provided by the present application is described below with reference to the architecture of the industrial control system shown in fig. 1.
It should be noted that, as described above, the method provided by the present application includes establishing and maintaining a task white list, and performing security check on a received task based on the white list and executing two links. The method comprises the steps of establishing a white list only once when a system is initialized so as to generate an initial task white list at a control terminal, maintaining the task white list (which can be understood as updating the task white list) after the initialization, and performing safety verification on a task and executing the two links, wherein the two links can be selected and executed at any time as required in the operation process of the industrial control system.
First, a method for a control terminal to establish and maintain a task white list in an embodiment of the present application is described below, please refer to fig. 2, where the method includes the following steps:
it should be noted that, the method described in this embodiment may be executed at an initialization stage of the industrial control system, so as to establish an initial task white list at the control terminal, or may be executed during an operation process of the industrial control system after the initialization is completed, so as to add new task information to a current task white list of the control terminal, thereby achieving an effect of updating the task white list.
S201, the task server generates task information.
The task server is a server for forwarding tasks to be executed to the control terminal. The task to be executed is submitted to the task server by a user through network equipment such as a personal computer, a mobile phone and the like, the task server performs identity authentication on the network equipment submitting the task, and after the identity authentication is passed, the task server determines the task submitted by the network equipment as the task to be executed and provides the task to the control terminal.
On one hand, if the method provided by this embodiment is executed at the initialization stage of the system, the task information is a plurality of items of task information included in an initial information list generated by the task server. And the task information in the initial information list is initial task information generated based on the estimated tasks after the tasks which may need to be executed when the industrial control system operates are estimated.
On the other hand, if the method provided by this embodiment is executed after the system initialization is completed, new task information is added to the task white list of the control terminal. The task information is the task information generated by the task server according to the task to be executed after receiving the task to be executed submitted by the network device.
Specifically, when the industrial control system runs and the task server issues the task to the control terminal, the security check of the task by the control terminal may fail because the task information of the task is not recorded in the initial information list, in this case, the control terminal may refuse to execute the task and notify the task server that the task is refused to be executed, and after receiving a message that a certain task is refused to be executed, the task server may execute the method provided in this embodiment to update the task white list of the control terminal, and then issue the task again, so that the task is executed. In this case, the task information in step S201 is the task information according to the task that is rejected from being executed.
Optionally, the tasks that the control terminal needs to execute are generally provided to the task server in the form of control scripts, so that for any one task, the task server may convert the control script of the task into a text format, and the control script of the task recorded in the text format is the task information of the task.
S202, the task server encrypts the task information by using the second communication key to obtain second encrypted information.
The second communication key here is a communication key negotiated in advance between the task server and the signature server, in other words, both the task server and the signature server store the second communication key. Based on the second communication key negotiated in advance, after receiving a section of encrypted information, any one of the task server and the signature server can decrypt the information by using the second communication key, if decryption fails, the information is not the information sent by the other party, and before the information is sent to the other party by any one of the parties, the information is encrypted by using the second communication key agreed in advance, so that the sent encrypted information can be ensured to be only analyzed and utilized by the other party, and the sent information is prevented from being stolen by a third party.
S203, the task server sends second encryption information to the signature server.
Optionally, in step S203, the task server may send the second encryption information to the signature server based on a Transport Layer Security (TLS) protocol, where the TLS protocol includes two layers, which are a transport layer Security Record (transport layer Security Record) protocol and a transport layer Security Handshake (transport layer Security Handshake) protocol, and the TLS protocol may provide a reliable encryption mechanism for the communication dual-sending and support the identity authentication of both communication parties, so as to ensure the integrity and accuracy of data transmission.
S204, the signature server decrypts the second encrypted information by using the second communication key.
As described above, the second communication key is a key agreed in advance by the signing server and the task server, and if the decryption fails when the signing server performs step S204, it indicates that the received encrypted information may not be the encrypted information sent by the task server, or may be the encrypted information tampered after being sent by the task server.
Optionally, the signature server may send the decryption failure information to the signature server after each decryption failure.
S205, the signature server determines the task information obtained through decryption as credible task information.
If the signature server successfully decrypts the second encrypted information to obtain the task information, the second encrypted information is really the encrypted information sent by the task server, and correspondingly, the task information carried by the second encrypted information is the task information provided by the task server. After the decryption is successful, the task information obtained by the decryption can be directly determined as the credible task information.
Optionally, when the task server generates the second encrypted information, an information digest of the task information to be sent may be generated by using an information digest algorithm, and then the task information to be sent and the information digest of the task information are encrypted together and sent to the signature server. In this case, the signature server may perform information integrity check on the task information by using the information digest after encrypting the task information, so as to determine whether the second encrypted information is damaged or stolen by a third party in the transmission process.
And S206, the signature server calculates the trusted task information by using a preset signature algorithm to obtain a signature of the trusted task information.
The utility model discloses in use SM2 algorithm of national secret standard as the signature algorithm in step S206. The SM2 algorithm is an asymmetric encryption algorithm developed based on Elliptic Curve Cryptography (ECC), and has the characteristics of strong attack resistance, less CPU occupation, less content use, low network consumption, high encryption speed and the like.
Optionally, the signature server may feed back the signature result to the task server after completing the signature of the task information, and specifically, may inform the task server of which task information has completed the signature process, and may feed back the signature of the successfully signed task information to the task server. The task server can record the task information with successful signature, before subsequently issuing the task to the control terminal, firstly check whether the task information matched with the task is successfully signed, if the signature is successful, directly issue the task to the control terminal, and if the signature is not successful, firstly execute the method provided by the embodiment to update the task information to a task white list of the control terminal so as to prevent the issued task from being rejected by the control terminal.
S207, the signature server encrypts the trusted task information and the signature thereof by using the first communication key to obtain first encrypted information.
The first communication key is a communication key negotiated in advance between the signature server and the control terminal, the first communication key is stored between the signature server and the control terminal, wherein the first communication key of the first communication key is used for encryption before any party sends information to the other party, and the information to be transmitted can be obtained by decrypting the information after the information is received by the other party by using the first communication key of the other party.
The first communication key and the second communication key may be the same key or may be two different keys.
S208, the signature server sends the first encryption information to the control terminal.
The communication between the signature server and the control terminal can also be performed based on the TLS protocol to realize authentication and data verification in the communication process.
S209, the control terminal decrypts the trusted task information and the signature of the trusted task information.
Specifically, the control terminal may decrypt the first encrypted information with the first communication key, so as to obtain the trusted task information carried by the first encrypted information and a signature of the trusted task information.
S210, the control terminal performs signature verification on each item of trusted task information.
As described above, in this embodiment, when the system is executed in the initialization stage, the task server provides the initial information list composed of a plurality of items of task information, and correspondingly, the signature server also provides a plurality of items of trusted task information to the control terminal, so that the control terminal needs to perform signature verification on each item of received trusted task information in the initialization stage.
If the signature server generates the signature of the task information by adopting the SM2 algorithm, the control terminal can correspondingly verify the signature of each item of task information received by the control terminal by adopting the SM2 signature verification algorithm, so as to judge whether the task information received by the control terminal is matched with the signature of the task information. For any task information, if the task information does not match the signature of the task information, the task information is not verified by the signature, and if the task information matches the signature of the task information, the task information is verified by the signature.
Optionally, after the control terminal completes the signature verification, the control terminal may feed back a signature verification result to the signature server, that is, feed back which task information passes the signature verification and which task information fails the signature verification, and then the signature server stores the signature verification result and further feeds back the signature verification result to the task server, so that the task server also records the signature verification result.
And S211, the control terminal records the credible task information which passes the signature verification in a task white list.
Optionally, the control terminal may encrypt the trusted task information verified by the signature, and then record the encrypted trusted task information in the task white list. Wherein the key for encrypting the task information can be updated irregularly.
Specifically, if the embodiment is executed at the system initialization stage, when the control terminal executes step S211, a list for recording trusted task information is first established, then a plurality of items of trusted task information that pass signature verification are encrypted one by one and recorded in the list, and after the recording is completed, the list is equivalent to a task white list.
If the embodiment is executed after the system is initialized, the control terminal only needs to encrypt the newly added trusted task information which passes signature verification and directly record the newly added trusted task information in the task white list established in the initialization stage.
In this embodiment, the task server encrypts task information of a task that may be executed when the industrial control system operates, and provides the encrypted task information to the signature server, and the signature server signs the task information and provides the signed task information to the control terminal, so that the control terminal performs signature verification on the task information, and records the task information that passes the signature verification in the task white list. When subsequently receiving the task, the received task can be subjected to security verification by using the task white list, and then whether to execute the task is determined according to the result of the security verification. By the method provided by the embodiment, the control terminal can utilize the task white list to perform safety verification on the received task, and the task which does not pass the verification of the task white list is not executed, so that the control terminal is effectively prevented from executing unsafe tasks.
Further, the safety protection method of the industrial control system provided by the embodiment of the application further has the following advantages:
first, in this embodiment, the SM2 algorithm can be used as a signature algorithm to sign and verify corresponding signatures of task information, the SM2 algorithm has stronger encryption strength than a conventional encryption algorithm, and is more favorable for protecting data integrity and security, and the communication process between the signature server, the control terminal, and the task server uses authentication and data verification, so that double-factor authentication of data is realized, and better security is achieved.
Secondly, compared with the existing safety protection method based on the feature scanning, the safety verification based on the task white list can effectively make up for the defects of the common safety protection method based on the feature scanning, and provides a better safety protection scheme for the industrial control system.
Thirdly, in the existing security protection method based on feature scanning, scanning software generally needs to occupy a large memory, and a control terminal formed by PLC devices increases the cost of the devices. In the scheme, the safety verification function realized based on the task white list needs less memory, and the method provided by the embodiment can be executed at any time in the operation stage of the industrial control system to update the task white list, so that the maintenance and updating cost is lower than the cost required by the characteristic scanning method.
The following describes, with reference to fig. 3, a link in which a control terminal performs security verification on a received task and executes the received task in a security protection method for an industrial control system according to an embodiment of the present application, where the method includes the following steps:
s301, the task server sends the task to be executed to the control terminal.
The task to be executed may be provided by a network device connected to the task server via a network. After receiving the to-be-executed task provided by the network device, the task server may perform platform identity authentication on the network device providing the to-be-executed task, and only after the network device passes the platform identity authentication, the task server provides the task provided by the network device as the to-be-executed task to the control terminal, otherwise, if the network device fails the platform identity authentication, the task server refuses to issue the task to the control terminal.
Optionally, the task server may provide the to-be-executed task and the identity information of the network device providing the to-be-executed task to the control terminal together.
Optionally, the task server may also encrypt the to-be-executed task by using the third communication key, and then issue the encrypted to-be-executed task to the control terminal based on the TLS protocol. The third communication key is a communication key agreed by the task server and the control terminal in advance, that is, the task server and the control terminal both store the third communication key, and the dual-transmission device can encrypt and decrypt information to be transmitted based on the third communication key.
The third communication key and the second communication key may be the same key or different keys.
S302, the control terminal carries out safety verification on the received task to be executed by utilizing the task white list.
If the task to be executed does not pass the security check, step S303 is executed.
If the task to be executed passes the security check, step S304 is executed.
As described above, several items of trusted task information are stored in the task white list, and the task information may be a text converted by the script of the corresponding task, so that the specific implementation procedure of step S302 may be:
and searching the task information in the task white list to judge whether the task information matched with the task to be executed exists in the task white list.
And the task information matched with the task to be executed refers to the task information obtained by converting the script of the task to be executed.
If the task information matched with the task to be executed exists in the task white list, the task to be executed passes the safety check to indicate that the task to be executed is a safety task, and therefore the task can be executed.
If the task information matched with the task to be executed does not exist in the task white list, the task to be executed does not pass the safety verification, the task to be executed is an unsafe task, and the task is refused to be executed.
Optionally, if the control terminal and the task server determine a third communication key for communication in advance, and the task server encrypts the issued task, the task to be executed may be obtained by the control terminal decrypting the encrypted task issued by the task server by using the third communication key.
Optionally, when step S302 is executed, if the task server provides the identity information of the network device providing the task to be executed and the task to be executed to the control terminal, the control terminal may also perform platform identity authentication on the network device providing the task to be executed by using the identity information of the network device.
And on the occasion of platform identity authentication, the task to be executed is allowed to be executed only under the condition that the task to be executed passes the security verification and the network equipment providing the task to be executed passes the platform identity authentication, and if any one of the tasks fails, the control terminal refuses to execute the task.
Optionally, the task server may also issue the to-be-executed task and the task abstract to the control terminal, and the control terminal may verify the integrity of the data of the to-be-executed task by using the task abstract, and if the data of the to-be-executed task is incomplete, the communication between the task server and the control terminal may be untrusted, so that if the to-be-executed task does not pass the verification of the integrity of the data, the control terminal may refuse to execute the task, and perform step S303.
And S303, the control terminal refuses to execute the task and feeds back alarm information to the task server.
The alarm information prompts the task to be executed issued by the task server not to pass the safety verification of the control terminal, so that the control terminal refuses to execute the task.
The task server may execute the method according to the embodiment shown in fig. 2 after receiving the warning information and confirming that the to-be-executed task that is denied to be executed is a safe dynamic task, update the task information of the to-be-executed task to a task white list through the signature server, and then issue the to-be-executed task to the control terminal, so that the to-be-executed task can pass security verification.
The dynamic task refers to a task in which corresponding task information is not provided to the signature server at the system initialization stage.
And S304, the control terminal loads and executes the task to be executed.
Optionally, after the control terminal starts to execute the task to be executed after the step S304 is executed, the control terminal may further execute the step S305:
s305, the control terminal periodically detects the execution process of the task to be executed.
Specifically, step S305 may be performed by a white list management module of the control terminal. The specific execution procedure of step S305 is:
the white list management module can monitor parameters in the process of executing the task to be executed in real time, measure the parameters, judge whether the currently executed task is in the task white list or not according to the measurement result (namely judge whether task information matched with the currently executed task exists in the task white list or not), and report alarm information if the currently executed task is not in the task white list, so as to prompt the control terminal that the currently executed task is an illegal task, and terminate the currently executed task in time.
In the safety protection method provided by this embodiment, the control terminal performs safety verification on the task by using the pre-established task white list after receiving the task to be executed each time, and refuses to execute the task if it is found that the task white list does not have task information matched with the task to be executed. The scheme can ensure that the control terminal only executes the tasks stored in the task white list and signed by the signature server in advance, and the tasks corresponding to the task information passing the signature verification are not executed, so that the safety accidents caused by the control terminal executing the tasks provided by the untrusted server are avoided.
In combination with the safety protection method of the industrial control system provided by the embodiment of the application, the embodiment of the application further provides associated equipment, which specifically comprises a task server, a signature server and a control terminal.
Referring to fig. 4, a control terminal provided in an embodiment of the present application includes:
communication interface 401, codec 402 connected to communication interface 401, TCM security chip 403 connected to codec 402, and programmable logic controller (plc) connected to TCM security chip 403 (c
Programmable Logic Controller,PLC)404。
The TCM security chip refers to a security chip configured with a Trusted Cryptography Module (TCM).
Specifically, in the control terminal provided in this embodiment, the above devices may be connected by a bus system.
The communication interface 401 receives first encryption information sent by the signature server based on a secure transport layer protocol.
The first encryption information is obtained by encrypting the trusted task information and the signature of the trusted task information by the signature server by using a preset first communication key; the trusted task information refers to task information sent by the task server; the signature of the trusted task information is obtained by the signature server through calculation of the trusted task information by using a preset signature algorithm.
The communication interface 401 receives the first encryption information and transmits the first encryption information to the codec 402 through the bus system.
The codec 402 receives the first encrypted information transmitted by the communication interface through the bus system, and decrypts the first encrypted information by using the first communication key pre-stored in the codec 402 to obtain the trusted task information and the signature of the trusted task information.
After the decryption is completed, the codec 402 transmits the decrypted trusted task information and the signature of the trusted task information to the TCM security chip 403 through the bus system.
After the TCM security chip 403 receives the trusted task information and the signatures of the trusted task information through the bus system, for each item of trusted task information, signature verification is performed on the trusted task information by using the signature of the trusted task information, and then the trusted task information that passes the signature verification is recorded in the task white list.
The task white list is used as a basis for the control terminal to perform security verification on the received tasks.
On the other hand, the communication interface 401 communicates with the task server, receives the task issued by the task server, and transmits the task to the TCM security chip 403 through the bus system after receiving the task issued by the task server.
After receiving the task issued by the task server, the TCM security chip 403 searches the task information matched with the received task in the task white list.
If the task information matched with the task received by the control terminal is found, determining that the task passes the safety check, and triggering the programmable logic controller 404 to execute the task;
if the task information matched with the task received by the control terminal is not found, the task is determined not to pass the safety check, and the task is refused to be executed.
Specifically, the TCM security chip 403 may transmit a task to the programmable logic controller 404 through the bus system after determining that the task passes the security check, and then the programmable logic controller may control the corresponding device to operate according to the task script of the task.
Optionally, when the programmable logic controller 404 executes a task, parameters related to the currently executed task may be acquired in real time and reported to the TCM security chip 403 through the bus system, and then the TCM security chip 403 may determine whether the currently executed task of the programmable logic controller 404 is safe according to the parameters and the task white list, and if the TCM security chip 403 determines that the currently executed task of the programmable logic controller 404 is unsafe, a task interrupt signal is sent to the programmable logic controller 404 through the bus system, so that the programmable logic controller 404 stops the current task.
Referring to fig. 5, an embodiment of the present application further provides a signature server, where the signature server includes:
a communication interface 501, a codec 502 connected to the communication interface 501, and a signature chip 503 connected to the codec 502.
As shown in fig. 5, the above devices may be connected by a bus system.
The communication interface 501 may access the internet or the local area network in a wired or wireless connection manner, and receive the second encryption information provided by the task server through the network, and after receiving the second encryption information, the communication interface 501 provides the second encryption information to the codec 502 through the bus system.
The codec 502 receives the second encrypted information provided by the communication interface 501 through the bus system, and decrypts the second encrypted information using the second communication key stored in advance.
If the codec 502 succeeds in decryption, the task information obtained by decryption is determined to be trusted task information, and the trusted task information is sent to the signature chip 503 through the bus system.
And the signature chip 503 calculates the trusted task information by using a preset signature algorithm to obtain a signature of the trusted task information.
After the signature chip 503 generates the signature of the trusted task information, the trusted task information and the signature of the trusted task information are sent to the codec 502 through the bus system.
After receiving the trusted task information and the signature of the trusted task information provided by the signature chip 503, the codec 502 encrypts the trusted task information and the signature of the trusted task information by using a first communication key stored in advance to obtain first encrypted information, and then sends the first encrypted information to the communication interface 501 through the bus system.
The communication interface 501 receives the first encryption information and transmits the first encryption information to the control terminal.
Further, after the signature chip 503 generates the signature of the trusted task information, the signature result may also be sent to the communication interface 501 through the bus system, specifically, the communication interface 501 may be notified of which task information is successfully signed and the signature of the trusted task information that is successfully signed, and then the communication interface 501 sends the signature result to the task server.
Referring to fig. 6, the task server provided in the present application includes:
the task chip 601, the codec 602 connected to the task chip 601, and the communication interface 603 connected to the codec 602.
The task chip 601 generates task information.
In the system initialization stage, the task information is a plurality of items of task information included in an initial information list generated by the task server. The task information in the initial information list is initial task information generated based on the estimated task after the task server estimates the task which may need to be executed when the industrial control system operates.
After the system is initialized, if the task server needs to send the dynamic task to the control terminal. The task information is the task information generated by the task server according to the dynamic task after receiving the dynamic task submitted by the network device.
Optionally, the tasks that the control terminal needs to execute are generally provided to the task server in the form of control scripts, so that for any one task, the task server may convert the control script of the task into a text format, and the control script of the task recorded in the text format is the task information of the task.
After the task chip 601 generates the task information, the task information is provided to the codec 602 through the bus system, and then the codec 602 encrypts the task information by using the pre-stored second communication key to obtain second encrypted information.
After the codec 602 encrypts the second encrypted information, the second encrypted information is transmitted to the communication interface 603 through the bus system, and then the communication interface 603 sends the second encrypted information to the signature server.
On the other hand, the communication interface 603 may also receive tasks uploaded by a network terminal (e.g., a personal computer, a smart phone, etc.) through a network.
After receiving the task uploaded by the network terminal, the communication interface 603 provides the task to the task chip 601 through the bus system, after performing platform identity authentication on the task, the task chip 601 transmits the task passing the identity authentication to the communication interface 603, and the communication interface 603 issues the task passing the identity authentication to the control terminal.
After receiving the task issued by the task server, the control terminal performs security check on the task based on its own task white list, and after the task passes the security check, the programmable logic controller 404 of the control terminal executes the task.
For the task server, the signature server, and the control terminal provided in any embodiment of the present application, specific working principles thereof may refer to corresponding steps in the safety protection method for an industrial control system provided in an embodiment of the present application, and are not described herein again.
In the scheme provided by the application, a communication interface 401 of a control terminal receives first encryption information sent by a signature server; the first encryption information is obtained by encrypting the trusted task information and the signature of the trusted task information by using a preset first communication key through a codec 502 of the signature server; the trusted task information is generated by a task chip 601 for the task server and is provided to the signature server through a communication interface 603, and then the codec 402 of the control terminal decrypts the first encrypted information by using the first communication key to obtain the trusted task information and the signature of the trusted task information; the TCM security chip 403 performs signature verification on each item of trusted task information by using the signature, and records the trusted task information passing the signature verification in the task white list; the task white list is used as a basis for the TCM security chip 403 of the control terminal to perform security verification on the received task, and the task passing the security verification is executed by the programmable logic controller 404 of the control terminal. In the scheme, the control terminal establishes the task white list by using the trusted task information provided by the signature server, and judges whether the task received by the control terminal is safe or not based on the task white list, so that safety accidents caused by the fact that the control terminal executes unsafe tasks are avoided.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It should be noted that the terms "first", "second", and the like in the present invention are used only for distinguishing different devices, modules, or units, and do not limit the order or interdependence relationship of the functions performed by the devices, modules, or units.
Those skilled in the art can make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (3)

1. A control terminal, comprising:
the communication interface is connected with the codec, the codec is connected with the TCM security chip, and the TCM security chip is connected with the programmable logic controller.
2. A signature server, comprising:
the device comprises a communication interface, a coder-decoder and a signature chip, wherein the communication interface is connected with the coder-decoder, and the coder-decoder is connected with the signature chip.
3. A task server, comprising:
the task chip is connected with the coder and the decoder, and the coder and the decoder are connected with the communication interface.
CN201922456042.7U 2019-12-30 2019-12-30 Control terminal, signature server and task server Active CN211557285U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201922456042.7U CN211557285U (en) 2019-12-30 2019-12-30 Control terminal, signature server and task server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201922456042.7U CN211557285U (en) 2019-12-30 2019-12-30 Control terminal, signature server and task server

Publications (1)

Publication Number Publication Date
CN211557285U true CN211557285U (en) 2020-09-22

Family

ID=72511936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201922456042.7U Active CN211557285U (en) 2019-12-30 2019-12-30 Control terminal, signature server and task server

Country Status (1)

Country Link
CN (1) CN211557285U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111083164A (en) * 2019-12-30 2020-04-28 宁波和利时信息安全研究院有限公司 Safety protection method of industrial control system and related equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111083164A (en) * 2019-12-30 2020-04-28 宁波和利时信息安全研究院有限公司 Safety protection method of industrial control system and related equipment

Similar Documents

Publication Publication Date Title
CN110113167B (en) Information protection method and system of intelligent terminal and readable storage medium
EP3324572B1 (en) Information transmission method and mobile device
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
CN107979467B (en) Verification method and device
CN107995148B (en) File tamper-proofing method, system, terminal and trusted cloud platform
CN113114668B (en) Information transmission method, mobile terminal, storage medium and electronic equipment
CN110677382A (en) Data security processing method, device, computer system and storage medium
CN111178884A (en) Information processing method, device, equipment and readable storage medium
CN104754571A (en) User authentication realizing method, device and system thereof for multimedia data transmission
CN103500202A (en) Security protection method and system for light-weight database
KR20070078341A (en) Apparatus for managing installation of drm and method thereof
CN113612852A (en) Communication method, device, equipment and storage medium based on vehicle-mounted terminal
CN110225038B (en) Method, device and system for industrial information security
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
CN111479265A (en) Information dissemination method and device, computer equipment and storage medium
CN104796262A (en) Data encryption method and terminal system
CN110838919A (en) Communication method, storage method, operation method and device
CN211557285U (en) Control terminal, signature server and task server
CN112769789B (en) Encryption communication method and system
CN114205377A (en) Internet of things equipment binding method and device, storage medium and program product
CN112272089B (en) Cloud host login method, device, equipment and computer readable storage medium
CN106878233B (en) Method for reading security data, security server, terminal and system
CN111083164A (en) Safety protection method of industrial control system and related equipment
CN116881936A (en) Trusted computing method and related equipment
CN114297597B (en) Account management method, system, equipment and computer readable storage medium

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant