CN216122450U - Power grid safety audit system - Google Patents
Power grid safety audit system Download PDFInfo
- Publication number
- CN216122450U CN216122450U CN202121426597.8U CN202121426597U CN216122450U CN 216122450 U CN216122450 U CN 216122450U CN 202121426597 U CN202121426597 U CN 202121426597U CN 216122450 U CN216122450 U CN 216122450U
- Authority
- CN
- China
- Prior art keywords
- module
- verification
- pattern
- audit
- verification module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The utility model discloses a power grid safety audit system, relates to the technical field of power grid safety information, and aims to solve the problem that the existing information system lacks strict identity authentication. The login terminal is information input equipment, the output end of the login terminal is respectively connected with the pattern verification module, the password verification module and the identity short message verification system, the input end of the B/S single login system is respectively connected with the output ends of the pattern verification module, the password verification module and the identity short message verification system, the output end of the B/S single login system is connected with the input end of the audit server, strict identity authentication and authority division for operation and maintenance personnel to access the information system are achieved, the phenomenon that safety accidents occur due to public abuse of accounts is avoided, and accident liability persons can be accurately determined.
Description
Technical Field
The utility model relates to the technical field of power grid safety information, in particular to a power grid safety audit system.
Background
With the continuous construction of the power grid information safety system and the continuous perfection of the informatization support system, the challenges of system and network safety, IT operation and maintenance management and IT internal control and external control, managers need effective technical means to perform accurate management, retrospective audit, real-time monitoring and alarming according to the industry standard, how to improve the operation and maintenance management level and meet the requirements of related standards.
However, in the existing power grid security audit system, strict identity authentication for access of operation and maintenance personnel to an information system is lacked in the login process, so that public abuse of accounts is caused, and when a security accident occurs, mutual impoverishment and impoverishment are lacked, and an accident responsible person is determined according to objective and credible basis, so that the existing requirements are not met, and the power grid security audit system is provided.
SUMMERY OF THE UTILITY MODEL
The utility model aims to provide a power grid security audit system to solve the problem that an information system provided in the background art is lack of strict identity authentication.
In order to achieve the purpose, the utility model provides the following technical scheme: a power grid security audit system comprises a login terminal, a pattern verification module, a password verification module, an identity short message verification system, a B/S single sign-on system and an audit server, wherein the login terminal is information input equipment, the output end of the login terminal is respectively connected with the pattern verification module, the password verification module and the identity short message verification system, the input end of the B/S single sign-on system is respectively connected with the output ends of the pattern verification module, the password verification module and the identity short message verification system, and the output end of the B/S single sign-on system is connected with the input end of the audit server.
The B/S single sign-on system is used as an output end of the pattern receiving verification module, the password verification module and the identity short message verification system, and OpenId is generated so as to facilitate later-stage password service.
Preferably, the pattern verification module includes a pattern data server, and the pattern verification module is connected to the pattern data server.
The pattern on the pattern verification module is generated at the pattern data server and displayed in an image format, and the login terminal submits the displayed pattern to be compared through the pattern data server, so that a hacker can be prevented from intelligently operating the login terminal through a remote place, and man-machine identification is realized.
Preferably, the password authentication module includes a user information storage database, and the password authentication module is connected to the user information storage database.
The login terminal matches the user name and the password in a user information storage database to determine personal information.
Preferably, the identity short message authentication system comprises an input module, an authentication module, a database background and a user terminal, wherein the input module is connected with the login terminal, and the authentication module is connected with the database background.
The identity short message verification system checks the mobile phone number and the account information, and the database background outputs verification code information to finish identity short message verification.
Preferably, the B/S single sign-on system includes a subsystem and an authentication information base, and the B/S single sign-on system is respectively connected with the subsystem and the authentication information base in a bidirectional manner.
The operation and maintenance personnel can directly log in various application systems based on B/S and C/S through the B/S single sign-on system at one time without re-authentication, the single sign-on provides a convenient and fast access way for users with multiple accounts, and the users do not need to memorize various sign-on IDs and passwords.
Preferably, the audit server comprises a monitoring module and an audit data storage module, the audit server is respectively connected with the monitoring module and the audit data storage module, and the audit data storage module is NAS storage equipment.
The monitoring module can record user information and browsing content of operation and maintenance personnel, the recorded content is stored in the audit data storage module, safety check can be conducted in the later period conveniently, meanwhile, the auditing module has an illegal operation alarming function, unauthorized access and illegal operation safety events occurring in the daily operation and maintenance process can be automatically detected according to a set access control strategy, and the system can conduct automatic alarming or blocking processing according to conditions such as types and grades of the safety events.
Compared with the prior art, the utility model has the beneficial effects that:
1. the utility model adopts strict three-level testimony to realize accurate identification of the identity of the login personnel when the system logs in, firstly, the system enters a pattern verification module when logging in, the pattern on the pattern verification module is generated at a pattern data server end, the pattern is sent to a login terminal and displayed in an image format, the login terminal submits the displayed pattern, the pattern data server end receives and compares the pattern, if the comparison fails, the login can not be realized, otherwise, the login terminal jumps to the next interface after the comparison succeeds, the method can prevent hackers from intelligently operating the login terminal by remote to realize man-machine identification, then the operation and maintenance personnel need to log in account numbers and passwords, inputs user names and passwords to the login terminal, the login terminal matches the user names and the passwords in a user information storage database to determine personal information, and needs to carry out identity short message authentication after the matching identification is completed, the operation and maintenance personnel need to input the mobile phone number into the input module, when a database background receives a verification code request, the operation and maintenance personnel can be bound with the mobile phone to send a temporary verification code, after the verification code in the mobile phone is input into the input module, the mobile phone number and the account number information are checked, and finally the temporary verification code is sent to a database background to output the verification code information, so that identity short message verification is completed.
2. By adopting the B/S single sign-on system, when the operation and maintenance personnel log on for the first time, after passing the three verification, the user name and the password are sent to a verification information base, the verification information base returns the user identification OpenId to the login terminal, the login terminal temporarily stores the OpenId, when the operation and maintenance personnel access the subsystem, the login terminal volume OpenID is directly sent to the subsystem, the subsystem forwards the OPEnId to the verification information base, the verification information base returns the user verification information to the subsystem, the subsystem returns the authorized content to the login terminal after constructing the user information, in this way, the operation and maintenance personnel can directly carry out the operation and maintenance on various application systems based on B/S and C/S through one-time login, and the single sign-on provides a convenient and fast access way for the user with multiple accounts without re-authentication and memorizing various sign-on IDs and passwords.
3. The utility model is provided with the monitoring module in the examination server, the monitoring module can record the user information and browsing content of the operation and maintenance personnel, the recorded content is stored in the audit data storage module, the safety check is convenient for the later stage, meanwhile, the examination module has the illegal operation warning function, the unauthorized access and illegal operation safety events in the daily operation and maintenance process are automatically detected according to the set access control strategy, the system can automatically warn or block according to the conditions of the type, the grade and the like of the safety events, and the WEB interface warn, the short message warn and the like.
Drawings
FIG. 1 is a schematic diagram of an audit system of the present invention;
FIG. 2 is a schematic diagram of an identity short message verification system according to the present invention;
FIG. 3 is a schematic diagram of a B/S single sign-on system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-3, an embodiment of the present invention is shown: a power grid security audit system comprises a login terminal, a pattern verification module, a password verification module, an identity short message verification system, a B/S single sign-on system and an audit server, wherein the login terminal is information input equipment, the output end of the login terminal is respectively connected with the pattern verification module, the password verification module and the identity short message verification system, the input end of the B/S single sign-on system is respectively connected with the output ends of the pattern verification module, the password verification module and the identity short message verification system, and the output end of the B/S single sign-on system is connected with the input end of the audit server.
The B/S single sign-on system is used as an output end of the pattern receiving verification module, the password verification module and the identity short message verification system, and OpenId is generated so as to facilitate later-stage password service.
Further, the pattern verification module comprises a pattern data server, and the pattern verification module is connected with the pattern data server.
The pattern on the pattern verification module is generated at the pattern data server and displayed in an image format, and the login terminal submits the displayed pattern to be compared through the pattern data server, so that a hacker can be prevented from intelligently operating the login terminal through a remote place, and man-machine identification is realized.
Further, the password verification module comprises a user information storage database, and is connected with the user information storage database.
The login terminal matches the user name and the password in a user information storage database to determine personal information.
Further, the identity short message verification system comprises an input module, a verification module, a database background and a user terminal, wherein the input module is connected with the login terminal, and the verification module is connected with the database background.
The identity short message verification system checks the mobile phone number and the account information, and the database background outputs verification code information to finish identity short message verification.
Further, the B/S single sign-on system comprises a subsystem and an authentication information base, and the B/S single sign-on system is respectively in bidirectional connection with the subsystem and the authentication information base.
The operation and maintenance personnel can directly log in various application systems based on B/S and C/S through the B/S single sign-on system at one time without re-authentication, the single sign-on provides a convenient and fast access way for users with multiple accounts, and the users do not need to memorize various sign-on IDs and passwords.
Further, the audit server comprises a monitoring module and an audit data storage module, the audit server is respectively connected with the monitoring module and the audit data storage module, and the audit data storage module is NAS storage equipment.
The monitoring module can record user information and browsing content of operation and maintenance personnel, the recorded content is stored in the audit data storage module, safety check can be conducted in the later period conveniently, meanwhile, the auditing module has an illegal operation alarming function, unauthorized access and illegal operation safety events occurring in the daily operation and maintenance process can be automatically detected according to a set access control strategy, and the system can conduct automatic alarming or blocking processing according to conditions such as types and grades of the safety events.
The working principle is as follows: when logging in, firstly entering a pattern verification module, generating patterns on the pattern verification module at a pattern data server end, sending the patterns to a login terminal, displaying the patterns in an image format, submitting the displayed patterns by the login terminal, receiving and comparing the patterns by the pattern data server end, if the comparison fails, logging in cannot be realized, otherwise, jumping to a next interface after the comparison succeeds, and by the method, a hacker can be prevented from intelligently operating the login terminal by remote to realize man-machine identification, then an operation and maintenance person needs to log in an account password, inputting a user name and a password to the login terminal, the login terminal matches the user name and the password in a user information storage database to determine personal information, after the matching identification is completed, identity short message authentication is needed, the operation and maintenance person needs to input a mobile phone number to an input module, and when a database background receives an authentication code request, the method comprises the steps of sending a temporary verification code to an operation and maintenance person bound mobile phone, inputting the verification code in the mobile phone into an input module, checking the mobile phone number and account information, and finally sending the verification code to a database background to output the verification code information to complete identity short message verification, sending a user name and a password to a verification information base after three verification steps are carried out when the operation and maintenance person logs in for the first time, returning a user identifier OpenId to a login terminal by the verification information base, temporarily storing the OpenId by the login terminal, directly sending the login terminal roll OpenID to a subsystem when the operation and maintenance person accesses the subsystem, forwarding the OpenId to the verification information base by the verification information base, returning user verification information to the subsystem by the verification information base, returning authorized contents to the login terminal after the user information is constructed by the subsystem, and directly carrying out the operation and maintenance person on various application systems based on B/S and C/S through one-time login, the monitoring module can record user information and browsing content of operation and maintenance personnel, the recorded content is stored in the audit data storage module, safety check is convenient to perform at a later stage, the auditing module has an illegal operation warning function, unauthorized access and illegal operation safety events in the daily operation and maintenance process are automatically detected according to a set access control strategy, and the system can automatically give an alarm or block the process according to conditions such as types and grades of the safety events, and give an alarm on a WEB interface, a short message and the like.
It will be evident to those skilled in the art that the utility model is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the utility model being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (6)
1. The utility model provides a power grid security audit system, includes login terminal, pattern verification module, password verification module, identity SMS verification system, B/S single sign on system and audit server, its characterized in that: the login terminal is information input equipment, the output end of the login terminal is respectively connected with the pattern verification module, the password verification module and the identity short message verification system, the input end of the B/S single-point login system is respectively connected with the output ends of the pattern verification module, the password verification module and the identity short message verification system, and the output end of the B/S single-point login system is connected with the input end of the audit server;
the B/S single sign-on system is used as an output end of the pattern receiving verification module, the password verification module and the identity short message verification system, and OpenId is generated so as to facilitate later-stage password service.
2. The grid security audit system according to claim 1, wherein: the pattern verification module comprises a pattern data server, and is connected with the pattern data server;
the pattern on the pattern verification module is generated at the pattern data server and displayed in an image format, and the login terminal submits the displayed pattern to be compared through the pattern data server, so that a hacker can be prevented from intelligently operating the login terminal through a remote place, and man-machine identification is realized.
3. The grid security audit system according to claim 1, wherein: the password verification module comprises a user information storage database and is connected with the user information storage database;
the login terminal matches the user name and the password in a user information storage database to determine personal information.
4. The grid security audit system according to claim 1, wherein: the identity short message verification system comprises an input module, a verification module, a database background and a user terminal, wherein the input module is connected with a login terminal, and the verification module is connected with the database background;
the identity short message verification system checks the mobile phone number and the account information, and the database background outputs verification code information to finish identity short message verification.
5. The grid security audit system according to claim 1, wherein: the B/S single sign-on system comprises a subsystem and an authentication information base, and the B/S single sign-on system is respectively in bidirectional connection with the subsystem and the authentication information base;
the operation and maintenance personnel can directly log in various application systems based on B/S and C/S through the B/S single sign-on system at one time without re-authentication, the single sign-on provides a convenient and fast access way for users with multiple accounts, and the users do not need to memorize various sign-on IDs and passwords.
6. The grid security audit system according to claim 1, wherein: the audit server comprises a monitoring module and an audit data storage module, the audit server is respectively connected with the monitoring module and the audit data storage module, and the audit data storage module is NAS storage equipment;
the monitoring module can record user information and browsing content of operation and maintenance personnel, the recorded content is stored in the audit data storage module, safety check can be conducted in the later period conveniently, meanwhile, the auditing module has an illegal operation alarming function, unauthorized access and illegal operation safety events occurring in the daily operation and maintenance process can be automatically detected according to a set access control strategy, and the system can conduct automatic alarming or blocking processing according to conditions such as types and grades of the safety events.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202121426597.8U CN216122450U (en) | 2021-06-25 | 2021-06-25 | Power grid safety audit system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202121426597.8U CN216122450U (en) | 2021-06-25 | 2021-06-25 | Power grid safety audit system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN216122450U true CN216122450U (en) | 2022-03-22 |
Family
ID=80721158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202121426597.8U Active CN216122450U (en) | 2021-06-25 | 2021-06-25 | Power grid safety audit system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN216122450U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115174563A (en) * | 2022-06-30 | 2022-10-11 | 山东正龙万誉信息科技有限公司 | Driving method for remote operation and maintenance of computer bottom layer |
-
2021
- 2021-06-25 CN CN202121426597.8U patent/CN216122450U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115174563A (en) * | 2022-06-30 | 2022-10-11 | 山东正龙万誉信息科技有限公司 | Driving method for remote operation and maintenance of computer bottom layer |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110197058B (en) | Unified internal control security management method, system, medium and electronic device | |
| CN105430000A (en) | Cloud computing security management system | |
| CN111930723B (en) | Scientific and technological achievement data fusion method based on big data | |
| CN103685244A (en) | Differentiated authentication method and differentiated authentication device | |
| CN102571874B (en) | On-line audit method and device in distributed system | |
| CN110740140A (en) | network information security supervision system based on cloud platform | |
| CN107832602A (en) | A kind of unified electronic seal system based on mark | |
| CN216122450U (en) | Power grid safety audit system | |
| CN112543184A (en) | Block chain-based equipment authentication activation method | |
| CN112734248A (en) | Real estate intelligent management system | |
| CN116522197A (en) | Identity authentication and access control system based on security management | |
| CN109033784A (en) | Identity identifying method and device in a communication network | |
| CN115982681A (en) | Computer network identity verification system | |
| CN113326490A (en) | Identity authentication equipment and identity authentication method based on industrial internet platform | |
| CN109697348A (en) | A kind of computer information safe system | |
| CN117292054A (en) | Three-dimensional digital-based intelligent operation and maintenance method and system for power grid | |
| CN111814121A (en) | Login authentication management system and method based on computer system | |
| CN115913762A (en) | Dynamic URL authentication method based on SpringSecurity | |
| CN111770100B (en) | Method and system for verifying safe access of external equipment to Internet of things terminal | |
| CN202059439U (en) | Cross-service-platform comprehensive authentication system | |
| CN114936224A (en) | Rail inspection data service system based on Hadoop | |
| CN1862556B (en) | Method and apparatus for controlling computer 10g-in by contactless smart card | |
| CN106534214A (en) | Router security authentication method, device and system | |
| CN103701608A (en) | Enterprise resource planning (ERP) system-based user right authentication method and system | |
| CN115277233B (en) | Hybrid cloud service platform based on data visualization plug-in and access method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |