CN114666368B - Access control method, device, equipment and storage medium of electric power Internet of things - Google Patents
Access control method, device, equipment and storage medium of electric power Internet of things Download PDFInfo
- Publication number
- CN114666368B CN114666368B CN202210314914.XA CN202210314914A CN114666368B CN 114666368 B CN114666368 B CN 114666368B CN 202210314914 A CN202210314914 A CN 202210314914A CN 114666368 B CN114666368 B CN 114666368B
- Authority
- CN
- China
- Prior art keywords
- communication
- source
- request packet
- access control
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004891 communication Methods 0.000 claims abstract description 143
- 238000011217 control strategy Methods 0.000 claims abstract description 19
- 230000006798 recombination Effects 0.000 claims abstract description 6
- 238000005215 recombination Methods 0.000 claims abstract description 6
- 238000012795 verification Methods 0.000 claims description 31
- 238000004590 computer program Methods 0.000 claims description 10
- 230000008521 reorganization Effects 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an access control method, a device, equipment and a storage medium of an electric power Internet of things, which are characterized in that a network card driver is installed on computer equipment of proxy electric power Internet of things application equipment, and a communication request packet of the electric power Internet of things application equipment is intercepted based on the network card driver so as to carry out access control on network communication of the electric power physical application equipment; and analyzing the communication request packet based on a preset access control strategy to obtain a source ID of the communication request packet, verifying the request content of the communication request packet according to the source ID, and finally, if the request content is verified, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, thereby realizing network access control of a device level and transparent communication authentication facing to application in a network card driving layer and improving the security of the electric power Internet of things.
Description
Technical Field
The present invention relates to the field of internet of things communications, and in particular, to an access control method, apparatus, device and storage medium for an electric power internet of things.
Background
In the field of power industry, a large number of intelligent sensing devices are commonly applied to power grid operation processes such as power generation, power transmission, transformation, power distribution, electricity utilization and the like. In order to ensure the accuracy of normal operation and information reporting of a large number of intelligent sensing devices, the electric power internet of things needs to be subjected to safety protection.
At present, the safety protection for the Internet of things mainly comprises a safety protection method based on an operating system and a software cipher machine. The IPv4 of the communication framework of the operating system only has packet inspection, and the algorithm is public, has no key participation and is easy to intercept, decrypt and tamper. The software cipher machine needs the intervention of a key management system, and particularly, the first communication authentication and key exchange are required to meet the cipher management specification, so that the software cipher machine is suitable for secret communication with participation of people and is not suitable for encryption communication between devices.
Disclosure of Invention
The invention provides an access control method, device and equipment of an electric power Internet of things and a storage medium, and aims to solve the technical problem that safety protection aiming at the electric power Internet of things is insufficient at present.
In order to solve the technical problem, in a first aspect, the present invention provides an access control method for an electric power internet of things, which is applied to a computer device, wherein the computer device is used for acting on an electric power internet of things application device, and the computer device is provided with a network card driver, and the method includes:
intercepting a communication request packet of the electric power Internet of things application device based on the network card drive;
analyzing the communication request packet based on a preset access control strategy to obtain the source ID of the communication request packet;
verifying the request content of the communication request packet according to the information source ID;
and if the request content passes the verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment.
According to the invention, the network card driver is installed on the computer equipment of the proxy power Internet of things application equipment (namely the intelligent sensing equipment), and the communication request packet of the power Internet of things application equipment is intercepted based on the network card driver so as to carry out access control on the network communication of the power physical application equipment; analyzing the communication request packet based on a preset access control strategy to obtain a source ID of the communication request packet, and verifying the request content of the communication request packet according to the source ID, so that the network card drives a layer, the network access control of the equipment level and the transparent communication authentication facing the application are realized, and the safety of the electric power Internet of things is improved; and finally, if the request content passes verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, so that the communication plaintext information flows in the electric power Internet of things, and implementing access control strategies of the central server and the sub-central servers.
Preferably, verifying the request content of the communication request packet according to the source ID includes:
accessing a local sub-center server, and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
if the source ID exists in the LDAP tree, inquiring a source public key of the source ID from a local sub-center server;
the request content of the communication request packet is verified based on the source public key.
Preferably, verifying the request content of the communication request packet based on the source public key includes:
decrypting the communication request packet by using the information source public key to obtain the request content of the communication request packet;
content verification is performed on the requested content.
Preferably, after accessing the local sub-center server and reading the lightweight directory access protocol LDAP tree of the local sub-center server, the method further comprises:
if the LDAP tree does not have the source ID, accessing an upper level center server of the local sub-center server, and reading a source public key corresponding to the source ID in the upper level center server.
Preferably, accessing an upper level center server of the local sub-center server, and reading a source public key corresponding to a source ID in the upper level center server, includes:
accessing a communication addressing interface of a local sub-center server, and inquiring a communication address of an upper sub-center server;
based on the communication address, the superior center server is accessed, and the source public key corresponding to the source ID in the superior center server is read.
Preferably, if the request content passes the verification, the plaintext reorganization is performed on the communication request packet, and after the communication plaintext information is obtained, the method further includes:
and forwarding the communication plaintext information to a virtual network card of the local sub-center server, and reading the communication plaintext information from the virtual network card by other electric power Internet of things application equipment.
Preferably, the method further includes, before parsing the communication request packet based on a preset access control policy to obtain a source ID of the communication request packet:
accessing an upper level central server, and reading a preset access control strategy in the upper level central server;
and carrying out localized storage on the preset access control strategy.
In a second aspect, the present invention provides an access control device for an electric power internet of things, which is mounted on a computer device, the computer device is used for acting on an electric power internet of things application device, the computer device is provided with a network card driver, and the device includes:
the interception module is used for intercepting a communication request packet of the electric power Internet of things application device based on the network card drive;
the analysis module is used for analyzing the communication request packet based on a preset access control strategy to obtain the source ID of the communication request packet;
the verification module is used for verifying the request content of the communication request packet according to the information source ID;
and the reorganization module is used for carrying out plaintext reorganization on the communication request packet if the request content passes the verification, so as to obtain communication plaintext information which is used for being read by other electric power Internet of things application equipment.
In a third aspect, the present invention provides a computer device comprising a processor and a memory for storing a computer program which, when executed by the processor, implements an access control method for the electric internet of things as in the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the access control method of the power internet of things as in the first aspect.
It should be noted that, the beneficial effects of the second aspect to the fourth aspect are referred to the related description of the first aspect, and are not repeated herein.
Drawings
Fig. 1 is a flow chart of an access control method of an electric power internet of things according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an electric power internet of things according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an access control device of the electric power internet of things according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As described in the related art, the security protection for the internet of things mainly includes security protection methods based on an operating system and a software cryptographic machine. The IPv4 of the communication framework of the operating system only has packet inspection, and the algorithm is public, has no key participation and is easy to intercept, decrypt and tamper. The software cipher machine needs the intervention of a key management system, and particularly, the first communication authentication and key exchange are required to meet the cipher management specification, so that the software cipher machine is suitable for secret communication with participation of people and is not suitable for encryption communication between devices.
Therefore, the embodiment of the invention provides an access control method of an electric power Internet of things, which is characterized in that a network card driver is installed on a computer device of an agent electric power Internet of things application device, and a communication request packet of the electric power Internet of things application device is intercepted based on the network card driver so as to perform access control on network communication of an electric power physical application device; analyzing the communication request packet based on a preset access control strategy to obtain a source ID of the communication request packet, verifying the request content of the communication request packet according to the source ID, and realizing equipment-level network access control and application-oriented transparent communication authentication from a network card driving layer to improve the safety of the electric power Internet of things; and finally, if the request content passes verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, so that the communication plaintext information flows in the electric power Internet of things, and implementing access control strategies of the central server and the sub-central servers.
Referring to fig. 1, fig. 1 is a flow chart of an access control method of an electric power internet of things according to an embodiment of the invention. The access control method of the electric power Internet of things can be applied to computer equipment, wherein the computer equipment is provided with a network card drive, and the computer equipment comprises, but is not limited to, intelligent mobile phones, notebook computers, tablet computers, desktop computers, physical servers, cloud servers and the like. Fig. 2 shows a schematic structural diagram of the power internet of things provided by the embodiment of the invention, and as shown in fig. 2, a computer device is used for proxy power internet of things application device, and the computer device is in communication connection with a local sub-center server and an upper sub-center server. As shown in fig. 1, the access control method of the electric power internet of things of the present embodiment includes steps S101 to S104, which are described in detail as follows:
and step S101, intercepting a communication request packet of the electric power Internet of things application device based on the network card drive.
In this step, after receiving a communication request from an application device of the electric power internet of things, a network card driver on the computer device intercepts a communication request packet of the communication request, where the communication request packet is a data packet.
Step S102, analyzing the communication request packet based on a preset access control strategy to obtain the source ID of the communication request packet.
In this step, the access control policy is a data processing logic for performing data analysis, verification, extraction and data packet reassembly on the communication request packet intercepted by the network card driver, which may be formulated by the upper level center server, and the access control policy is obtained from the upper level center server and stored locally. Specifically, accessing an upper level central server, and reading a preset access control strategy in the upper level central server; and carrying out localized storage on the preset access control strategy.
Optionally, the access control policy is based on interception of the network card driver, and analyzes the quintuple of the communication request packet to obtain the source ID, where the source ID includes, but is not limited to, a source IP address, a source port, and the like.
Step S103, according to the source ID, verifying the request content of the communication request packet.
In this step, the verification may be to verify the integrity, validity, and other information of the requested content, and if the requested content meets the requirements of integrity, validity, and other requirements, it is determined that the requested content passes the verification.
Step S104, if the request content passes verification, plaintext recombination is carried out on the communication request packet to obtain communication plaintext information, and the communication plaintext information is used for being read by other electric power Internet of things application equipment.
In the step, the communication plaintext information can be transmitted through the electric power Internet of things, so that the communication smoothness in the electric power Internet of things is ensured. According to the invention, through interception, information extraction and packet reorganization based on the network card driving layer, transparent encryption and decryption of an application system without sense are realized, and the communication security of the electric power Internet of things is improved.
In an embodiment, based on the embodiment shown in fig. 1, the step S101 includes:
accessing a local sub-center server, and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
if the source ID exists in the LDAP tree, inquiring a source public key of the source ID from the local sub-center server;
and verifying the request content of the communication request packet based on the source public key.
In this embodiment, the network connection with the sub-center can be established through the sub-center public key and the sub-center IP address set by the management interface, the LDAP tree and the communication addressing interface of the sub-center are read, and after the connection with the sub-center is established, the software agent of the computer device can be incorporated into the whole safe and trusted network.
Optionally, verifying the request content of the communication request packet based on the source public key includes: decrypting the communication request packet by using the source public key to obtain the request content of the communication request packet; and carrying out content verification on the request content.
In this optional embodiment, before the communication request packet is sent, the communication request packet is encrypted by using the private key of the application device of the electric power internet of things, so that the communication request packet needs to be decrypted by using the corresponding public key, so as to improve the communication security of the electric power internet of things. Meanwhile, because the decryption operation has higher performance requirements, the existence of the preset access control strategy can enable the whole agent to have stronger DOS/DDOS attack defending capability.
In an embodiment, based on the embodiment shown in fig. 1, after the accessing the local sub-center server and reading the lightweight directory access protocol LDAP tree of the local sub-center server, the method further includes:
and if the LDAP tree does not have the source ID, accessing an upper level center server of the local sub-center server, and reading a source public key corresponding to the source ID in the upper level center server.
In this embodiment, the source public key is preset and stored in the upper level central server, so the source public key is queried through the upward addressing function. Optionally, accessing a communication addressing interface of the local sub-center server, and querying a communication address of the upper sub-center server; and accessing the upper level center server based on the communication address, and reading a source public key corresponding to the source ID in the upper level center server.
In an embodiment, after the step S104, on the basis of the embodiment shown in fig. 1, the method further includes:
and forwarding the communication plaintext information to a virtual network card of a local sub-center server, and reading the communication plaintext information from the virtual network card by other electric power Internet of things application equipment.
In this embodiment, by sending the communication plaintext information to the virtual network card, communication verification can be performed on other power internet of things application devices that read the communication plaintext information according to the communication verification method similar to the above steps S101 to S103, so as to further ensure the communication security inside the power internet of things.
In order to execute the access control method of the electric power Internet of things corresponding to the method embodiment, corresponding functions and technical effects are achieved. Referring to fig. 3, fig. 3 shows a block diagram of an access control device of the electric power internet of things according to an embodiment of the present invention. For convenience of explanation, only the portion related to this embodiment is shown, and the access control device of the power internet of things provided in the embodiment of the present invention is mounted on a computer device, where the computer device is used for proxy of an application device of the power internet of things, and the computer device is provided with a network card driver, and the device includes:
the interception module 301 is configured to intercept a communication request packet of the electric power internet of things application device based on the network card driver;
the parsing module 302 is configured to parse the communication request packet based on a preset access control policy, to obtain a source ID of the communication request packet;
a verification module 303, configured to verify the request content of the communication request packet according to the source ID;
and the reassembling module 304 is configured to, if the requested content passes the verification, perform plaintext reassembly on the communication request packet to obtain communication plaintext information, where the communication plaintext information is used to be read by other application devices of the electric power internet of things.
In one embodiment, based on the embodiment shown in fig. 3, the verification module 303 includes:
the first access sub-module is used for accessing the local sub-center server and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
a query sub-module, configured to query, if the source ID exists in the LDAP tree, a source public key of the source ID from the local hub server;
and the verification sub-module is used for verifying the request content of the communication request packet based on the source public key.
In one embodiment, the verification sub-module includes:
the decryption unit is used for decrypting the communication request packet by utilizing the source public key to obtain the request content of the communication request packet;
and the verification unit is used for carrying out content verification on the request content.
In an embodiment, based on the embodiment shown in fig. 3, the verification module 303 further includes:
and the second access sub-module is used for accessing the upper-level central server of the local sub-central server if the source ID does not exist in the LDAP tree, and reading the source public key corresponding to the source ID in the upper-level central server.
In an embodiment, the second access sub-module includes:
the first access unit is used for accessing the communication addressing interface of the local sub-center server and inquiring the communication address of the upper-level sub-center server;
and the second access unit is used for accessing the upper level central server based on the communication address and reading the source public key corresponding to the source ID in the upper level central server.
In an embodiment, on the basis of the embodiment shown in fig. 3, the apparatus further includes:
and the forwarding module is used for forwarding the communication plaintext information to a virtual network card, and the other electric power internet of things application equipment reads the communication plaintext information from the virtual network card.
In an embodiment, on the basis of the embodiment shown in fig. 3, the apparatus further includes:
the access module is used for accessing the upper-level central server and reading a preset access control strategy in the upper-level central server;
and the storage module is used for carrying out localized storage on the preset access control strategy.
The access control device of the electric power Internet of things can implement the access control method of the electric power Internet of things in the method embodiment. The options in the method embodiments described above are also applicable to this embodiment and will not be described in detail here. The rest of the embodiments of the present invention may refer to the content of the above method embodiments, and in this embodiment, no further description is given.
Fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present invention. As shown in fig. 4, the computer device 4 of this embodiment includes: at least one processor 40 (only one shown in fig. 4), a memory 41 and a computer program 42 stored in the memory 41 and executable on the at least one processor 40, the processor 40 implementing the steps in any of the method embodiments described above when executing the computer program 42.
The computer device 4 may be a smart phone, a tablet computer, a desktop computer, a cloud server, or other computing devices. The computer device may include, but is not limited to, a processor 40, a memory 41. It will be appreciated by those skilled in the art that fig. 4 is merely an example of computer device 4 and is not intended to limit computer device 4, and may include more or fewer components than shown, or may combine certain components, or may include different components, such as input-output devices, network access devices, etc.
The processor 40 may be a central processing unit (Central Processing Unit, CPU), the processor 40 may also be other general purpose processors, digital signal processors (Digital SignalProcessor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may in some embodiments be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. The memory 41 may in other embodiments also be an external storage device of the computer device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the computer device 4. The memory 41 is used for storing an operating system, application programs, boot loader (BootLoader), data, other programs, etc., such as program codes of the computer program. The memory 41 may also be used for temporarily storing data that has been output or is to be output.
In addition, the embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, where the computer program is executed by a processor to implement the steps in any of the above-mentioned method embodiments.
Embodiments of the present invention provide a computer program product which, when run on a computer device, causes the computer device to perform the steps of the method embodiments described above.
In several embodiments provided by the present invention, it will be understood that each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing embodiments have been provided for the purpose of illustrating the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the foregoing embodiments are merely exemplary embodiments of the present application and are not intended to limit the scope of the present application. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art, which are within the spirit and principles of the present application, are intended to be included within the scope of the present application.
Claims (8)
1. The access control method of the electric power Internet of things is characterized by being applied to computer equipment, wherein the computer equipment is used for proxy of the electric power Internet of things application equipment, the computer equipment is provided with a network card drive, and the method comprises the following steps:
intercepting a communication request packet of the electric power Internet of things application device based on the network card drive;
analyzing the communication request packet based on a preset access control strategy to obtain a source ID of the communication request packet;
verifying the request content of the communication request packet according to the information source ID;
if the request content passes verification, carrying out plaintext recombination on the communication request packet to obtain communication plaintext information, wherein the communication plaintext information is used for being read by other electric power Internet of things application equipment;
the verifying the request content of the communication request packet according to the source ID includes:
accessing a local sub-center server, and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
if the source ID exists in the LDAP tree, inquiring a source public key of the source ID from the local sub-center server;
verifying the request content of the communication request packet based on the source public key;
the method comprises the following steps: decrypting the communication request packet by using the source public key to obtain the request content of the communication request packet;
and carrying out content verification on the request content.
2. The access control method of the electric power internet of things according to claim 1, wherein the accessing the local sub-center server, after reading the lightweight directory access protocol LDAP tree of the local sub-center server, further comprises:
and if the LDAP tree does not have the source ID, accessing an upper level center server of the local sub-center server, and reading a source public key corresponding to the source ID in the upper level center server.
3. The access control method of the power internet of things according to claim 2, wherein accessing the superior center server of the local center server, reading a source public key corresponding to the source ID in the superior center server, comprises:
accessing a communication addressing interface of the local sub-center server, and inquiring a communication address of the upper sub-center server;
and accessing the upper level center server based on the communication address, and reading a source public key corresponding to the source ID in the upper level center server.
4. The access control method of the power internet of things according to claim 1, wherein if the request content passes verification, performing plaintext reassembly on the communication request packet to obtain communication plaintext information, further comprising:
and forwarding the communication plaintext information to a virtual network card of a local sub-center server, and reading the communication plaintext information from the virtual network card by other electric power Internet of things application equipment.
5. The access control method of the power internet of things according to claim 1, wherein before the analyzing the communication request packet based on the preset access control policy to obtain the source ID of the communication request packet, further comprises:
accessing an upper level central server, and reading a preset access control strategy in the upper level central server;
and carrying out localized storage on the preset access control strategy.
6. An access control device of an electric power internet of things, which is characterized by being mounted on computer equipment, wherein the computer equipment is used for proxy of the electric power internet of things application equipment, the computer equipment is provided with a network card drive, and the device comprises:
the interception module is used for intercepting a communication request packet of the electric power Internet of things application device based on the network card drive;
the analysis module is used for analyzing the communication request packet based on a preset access control strategy to obtain the source ID of the communication request packet;
the verification module is used for verifying the request content of the communication request packet according to the information source ID;
the reorganization module is used for reorganizing the communication request packet in the clear text to obtain communication clear text information if the request content passes verification, wherein the communication clear text information is used for being read by other electric power Internet of things application equipment;
the verification module comprises:
the first access sub-module is used for accessing the local sub-center server and reading a Lightweight Directory Access Protocol (LDAP) tree of the local sub-center server;
a query sub-module, configured to query, if the source ID exists in the LDAP tree, a source public key of the source ID from the local hub server;
the verification sub-module is used for verifying the request content of the communication request packet based on the source public key;
the verification sub-module comprises:
the decryption unit is used for decrypting the communication request packet by utilizing the source public key to obtain the request content of the communication request packet;
and the verification unit is used for carrying out content verification on the request content.
7. A computer device comprising a processor and a memory for storing a computer program which when executed by the processor implements the access control method of the power internet of things of any one of claims 1 to 5.
8. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the access control method of the electric internet of things according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210314914.XA CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210314914.XA CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666368A CN114666368A (en) | 2022-06-24 |
| CN114666368B true CN114666368B (en) | 2024-01-30 |
Family
ID=82032722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210314914.XA Active CN114666368B (en) | 2022-03-28 | 2022-03-28 | Access control method, device, equipment and storage medium of electric power Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666368B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208918A (en) * | 2022-06-28 | 2022-10-18 | 广东电网有限责任公司 | Communication method, device, storage medium and system of global Internet of things |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571434A (en) * | 2012-01-11 | 2012-07-11 | 清华大学 | Data access control method for network driver layer in operating system |
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
| CN114143068A (en) * | 2021-11-25 | 2022-03-04 | 广东电网有限责任公司 | Electric power internet of things gateway equipment container safety protection system and method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9961103B2 (en) * | 2014-10-28 | 2018-05-01 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
-
2022
- 2022-03-28 CN CN202210314914.XA patent/CN114666368B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571434A (en) * | 2012-01-11 | 2012-07-11 | 清华大学 | Data access control method for network driver layer in operating system |
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| CN112995120A (en) * | 2019-12-18 | 2021-06-18 | 北京国双科技有限公司 | Data monitoring method and device |
| CN114143068A (en) * | 2021-11-25 | 2022-03-04 | 广东电网有限责任公司 | Electric power internet of things gateway equipment container safety protection system and method thereof |
Non-Patent Citations (1)
| Title |
|---|
| EPA安全网关原理与应用设计;杨震斌 等;单片机与嵌入式系统应用(09);第12-14页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666368A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111683103B (en) | Information interaction method and device | |
| CN104935568A (en) | Interface authentication signature method facing cloud platform | |
| CN1808973A (en) | USB MMI information security device and its control method | |
| EP2997692A1 (en) | Procedure for platform enforced secure storage in infrastructure clouds | |
| CN113395406A (en) | Encryption authentication method and system based on power equipment fingerprints | |
| CN114781006B (en) | Outsourcing data integrity auditing method and system based on block chain and SGX | |
| CN114666368B (en) | Access control method, device, equipment and storage medium of electric power Internet of things | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN113849797B (en) | Method, device, equipment and storage medium for repairing data security hole | |
| CN116846682B (en) | Communication channel establishment method, device, equipment and medium | |
| CN117632099A (en) | Multi-language calling method, device, equipment and medium based on application program interface | |
| CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
| WO2021027504A1 (en) | Consensus protocol-based information processing method, and related device | |
| CN116866333A (en) | Method and device for transmitting encrypted file, electronic equipment and storage medium | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium | |
| CN115001744B (en) | Cloud platform data integrity verification method and system | |
| CN113672973B (en) | Database system of embedded device based on RISC-V architecture of trusted execution environment | |
| CN113242214B (en) | Device, system and method for encryption authentication between boards of power secondary equipment | |
| CN114598724A (en) | Safety protection method, device, equipment and storage medium for power internet of things | |
| Chen et al. | A New Identity Authentication and Key Agreement Protocol Based on Multi-Layer Blockchain in Edge Computing | |
| US20230231724A1 (en) | Blockchain based certificate pinning | |
| CN116865993B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN117499160B (en) | Network security protection method and system based on electronic file | |
| Li et al. | Mobile Security Payment Solution Based on Encrypted SMS Verification Code | |
| CN112883436A (en) | Chip device special for intelligent contract, execution method and block chain link point device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |