Nothing Special   »   [go: up one dir, main page]

CN117675324A - New energy station communication facility identity recognition method and system - Google Patents

New energy station communication facility identity recognition method and system Download PDF

Info

Publication number
CN117675324A
CN117675324A CN202311632346.9A CN202311632346A CN117675324A CN 117675324 A CN117675324 A CN 117675324A CN 202311632346 A CN202311632346 A CN 202311632346A CN 117675324 A CN117675324 A CN 117675324A
Authority
CN
China
Prior art keywords
user
access
module
new energy
energy station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311632346.9A
Other languages
Chinese (zh)
Inventor
张益鸣
尹绍阳
杨子阳
赵毅涛
刘兴龙
孙立元
艾渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunnan Power Grid Co Ltd
Original Assignee
Yunnan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunnan Power Grid Co Ltd filed Critical Yunnan Power Grid Co Ltd
Priority to CN202311632346.9A priority Critical patent/CN117675324A/en
Publication of CN117675324A publication Critical patent/CN117675324A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Biomedical Technology (AREA)
  • Alarm Systems (AREA)

Abstract

The invention belongs to the technical field of access control management, and the method comprises a biological characteristic identification module, a storage module, a matching module, an authorization module, a log recording module, an abnormality detection module and a safety measure module; the user is authenticated through a biological feature recognition technology and edge optimization, after authentication is passed, user identity information and access authority are matched, and the user is authorized to access the new energy station communication facility according to the matching result; in the user identity verification process, the access log and the activity information of the user are recorded by combining with the self-adaptive access control, and the access behavior of the user is analyzed and monitored to detect abnormal activity or unauthorized access; upon detection of abnormal activity or unauthorized access, a security alarm is triggered and corresponding security measures are taken, such as blocking access or notifying the relevant personnel. The invention has safe and perfect access control management, helps management personnel to know and analyze user behaviors, and improves the safety and management efficiency of facilities.

Description

New energy station communication facility identity recognition method and system
Technical Field
The invention belongs to the technical field of access control management, and particularly relates to a system and a method for identifying the identity of a communication facility of a new energy station.
Background
Access control management is a method for controlling the access rights of a user to a system or resource. It can manage the user's access rights according to the user's identity, time, location or functional requirements. The management mode can be used for limiting the authority of the user to access the communication facility of the new energy station, and ensuring that only the user with the authentication and the access authority can access.
Conventional access control methods typically use a static access control policy based on roles or permissions to restrict the user's access permissions. However, this approach lacks flexibility and cannot meet the needs of different users and scenarios. For example, time restrictions, area restrictions, or functional restrictions that cannot refine the user's access;
secondly, the conventional access control method only focuses on the authentication and authorization process of the user, and cannot monitor the access behavior of the user in real time and detect abnormal activities or unauthorized access. This may result in security risks not being perceived in time, increasing the security threat of the facility.
Disclosure of Invention
The present invention has been made in view of the above-described problems occurring in the prior art. The invention performs identity verification on the user through the biological feature recognition technology and the edge optimization, and authorizes the user to access the new energy station communication facility according to the matching result. Meanwhile, by combining with the self-adaptive access control, the access log and the activity information of the user are recorded, the access behavior of the user is analyzed and monitored, and abnormal activity or unauthorized access is detected. Upon detection of abnormal activity or unauthorized access, a security alarm is triggered and corresponding security measures are taken, such as blocking access or notifying the relevant personnel. Thus, the safety and the management efficiency of the communication facility of the new energy station can be improved.
In order to solve the technical problems, a new energy station communication facility identity recognition method is provided, which comprises the following steps:
the user is authenticated through a biological feature recognition technology and edge optimization, after authentication is passed, user identity information and access authority are matched, and the user is authorized to access the new energy station communication facility according to the matching result; in the user identity verification process, the access log and the activity information of the user are recorded by combining with the self-adaptive access control, and the access behavior of the user is analyzed and monitored to detect abnormal activity or unauthorized access; upon detection of abnormal activity or unauthorized access, a security alarm is triggered and corresponding security measures are taken, such as blocking access or notifying the relevant personnel.
As a preferable scheme of the new energy station communication facility identity recognition method, the invention comprises the following steps: the matching with the access authority comprises that when a user requests to access the new energy station communication facility, the input module receives user identity information and transmits the user identity information to the biological characteristic recognition module for identity verification, and the biological characteristic recognition module uses fingerprint, face, iris and voiceprint recognition to carry out identity verification on the user.
And if the identity verification of the user is passed, the matching module matches the user identity information with the access authority stored in the storage module.
If the matching is successful, the authorization module grants the user access to the new energy station communication facility, records the access log and the activity information of the user, and meanwhile, the abnormality detection module analyzes and monitors the access behavior of the user and detects abnormal activity and unauthorized access: if the anomaly detection module detects the anomaly activity and unauthorized access, the security measure module triggers a security alarm and takes security measures to prevent access, and informs staff.
As a preferable scheme of the new energy station communication facility identity recognition method, the invention comprises the following steps: the access rights include time restrictions, area restrictions, or functional restrictions.
The time limit comprises the step of allowing access in a time period according to the access requirement of a user and the working time of a new energy station, wherein the time T epsilon x, y is set, x is the earliest time of allowing access, y is the latest time of allowing access, when T < x, the system automatically prompts and forbids access if any user applies for access, when x is less than or equal to T and less than or equal to y, if any user applies for access, the area limit comprises the step of dividing the area into a first-level area, a second-level area and a middle area according to the physical layout and the equipment position of the new energy station, when the user requests to access the first-level area and the second-level area, the system judges according to the authority limit of the user, if the authority limit is insufficient, the user needs to apply for the highest authority limit, if the authority limit is insufficient, a temporary random key P is returned to the user and the middle area, when the user accepts the key P and applies for mixed encryption with the authority key Q contained in the system, and if the area is not required to be allowed access, and if the area is in the range of the user, the user is not required to have access limit, the access authority limit is not met, and if the system is not required to be judged, and the system is not required to accept access is not to be restricted.
As a preferable scheme of the new energy station communication facility identity recognition method, the invention comprises the following steps: the analysis and monitoring of the access behavior of the user comprises the steps of establishing an anomaly detection prediction model, collecting access logs and access information of the user in real time by a system, analyzing and modeling the information, inputting a new sample into the model, and selecting an optimal result:
F(X)=∑((u i,j -c v,j ) 2 *θ)-∑((u j -c j ) 2 *θ)
calculating the similarity of the optimal result:
if model |Y P -Y t |>Epsilon is considered abnormal, if Y P -Y t Outputting a model prediction result value F (X) and comparing the model prediction result value F (X) with a set threshold value when the I is less than or equal to epsilon, if the F (X) is higher than the threshold value, regarding the model prediction result value F (X) as abnormal, triggering safety early warning when all the conditions regarding the model prediction result value F (X) as abnormal are considered as abnormal, otherwise, not performing normal operation of an early warning system;
wherein F (X) is the predicted optimal result, θ is the predicted class occurrence probability coefficient, θ is the sample probability coefficient of all occurrences, u i,j For the user behavior feature vector c v,j For the class center vector, j is the feature dimension, u j C, for user behavior features in the history database j For category center vector in history database, p i And p n Feature vectors of the predicted sample and the normal sample, Y P To predict category, Y t Epsilon is a prescribed integer for determining the difference point size, which is the actual category.
As a preferable scheme of the new energy station communication facility identity recognition method, the invention comprises the following steps: the edge optimization comprises triggering edge optimization control when a plurality of users simultaneously carry out access requests and apply for new users, and dispersing data and calculation tasks in the authentication and access control process to each node: the new user first makes reservation access, the normal user collects information through biological feature recognition, the identity verification request is sent to the edge computing node at the same time when collecting, after the edge computing node receives the request, the identity information of the user is initially verified through the biological feature recognition module, and if the initial verification is passed: when a plurality of users access, the edge computing node sends the access control request of the users to the central server for further verification, after the central server passes the verification, the matching module matches the user identity information with the access authority stored in the storage module, and then the normal access work is authorized.
When the applicant is a new user, the edge computing node sends an access control request of the user to the central server for further verification, after the central server receives the access control request, the central server uploads the highest authority manager to check whether reservation records exist and combine the information according to the identity information and the access authority setting of the user and the application reason, and judges whether the new user can access the target resource, and the central server returns a verification result to the edge computing node: if the access to the target resource is allowed, the edge computing node generates a temporary access token and sends the temporary access token to the new user, and after the user receives the temporary access token, the user accesses the target resource by using the temporary token and saves the record to the central server.
As a preferable scheme of the new energy station communication facility identity recognition method, the invention comprises the following steps: the adaptive access control includes calculating a risk degree R (a) according to a location limitation, a time limitation, a region limitation, and a behavior limitation after passing the authentication according to the biometric identification:
wherein D is n For the distance of the user's location, max (D) is the maximum allowed value of the distance sensitive area,for the weight coefficient, T p T is the current time x,y For the allowed time period in the time limit, E n For the region information in which the user is located, max (E) is the maximum allowable value, k, from the unauthorized region for the user n For the abnormal operation number based on the behavior pattern of the user, max (k) is the maximum allowable operation number.
According to the risk result, dynamically adjusting the access right of the user: when R (A) is more than or equal to mu, the user is judged to be high in risk, access is refused, secondary identity verification is carried out, and monitoring and log recording are simultaneously carried out in real time.
When ω is equal to or less than R (a) < μ, the user is judged as the risk of stroke, and limited access control and frequency are required.
When R (a) < ω, the user is judged as low risk, allowing the access rights to be relaxed.
Another object of the present invention is to provide a new energy station communication facility identity recognition system, through which accurate verification and authorization management of user identities can be achieved, unauthorized persons are prevented from entering the facility, and safety and confidential information of the facility are protected. Meanwhile, the log record and anomaly detection function of the system can help management personnel monitor and analyze the access behaviors of users, timely discover abnormal activities and take corresponding safety measures. Therefore, the safety and the management efficiency of the facility can be improved, and the normal operation of the communication facility of the new energy station can be ensured.
As a preferable scheme of the new energy station communication facility identity recognition system, the invention comprises the following steps: the system comprises an input module, a biological characteristic identification module, a storage module, a matching module, an authorization module, a log recording module, an abnormality detection module and a safety measure module.
The input module is used for receiving input equipment of user identity information: the system comprises a keyboard, a touch screen and a card swiping reader, and transmits identity information input by a user to a biological characteristic recognition module for processing and verification.
The biological characteristic recognition module is used for carrying out identity verification on the user, and comparing the biological characteristic information of the user with stored user identity information to confirm whether the identity of the user is legal or not.
The storage module is used for storing the user identity information and the access authority, and storing the personal information and the authorization information of the user so as to facilitate subsequent matching and authorization operations.
The matching module is used for matching the user identity information with the access rights, comparing the input user identity information with the stored user identity information, and then determining the access rights of the user according to the matching result.
The authorization module is used for authorizing a user to access the new energy station communication facility, determining whether the user is allowed to enter the new energy station communication facility or not according to the user access authority determined by the matching module, and controlling the access range and the function of the new energy station communication facility.
The log recording module is used for recording access log and activity information of the user and recording login time, exit time, access equipment and function information of the user.
The abnormality detection module is used for analyzing and monitoring the access behaviors of the user and detecting abnormal activities and unauthorized access.
The security measure module is used for triggering a security alarm and executing security measures when the abnormality detection module detects abnormal activity or unauthorized access.
As a preferable scheme of the new energy station communication facility identity recognition system, the invention comprises the following steps: the biological feature recognition module comprises fingerprint recognition, facial recognition, iris recognition and voiceprint recognition equipment, after the biological features are successfully matched, psychological features of a user are analyzed through facial recognition during collection, an analysis result is returned to the biological feature recognition module, if the biological features meet the requirements, the biological features are allowed to pass, and if the biological features are not met, the biological features are not allowed to pass.
The authorization module includes an access controller and rights management software.
The storage module comprises a nonvolatile memory and cloud storage service.
A computer device comprising a memory and a processor, said memory storing a computer program, characterized in that said processor, when executing said computer program, is a new energy station communication facility for identifying the steps of said method.
A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor is a new energy station communication facility for identifying the steps of the method.
The invention has the beneficial effects that: the invention uses biological characteristic recognition technology, such as fingerprint recognition, facial recognition, iris recognition or voiceprint recognition, can realize rapid, accurate and efficient identity verification, and reduces the time and complexity required by the traditional identity verification method; the invention combines a plurality of technical means and combines the security access authority control, so that the communication facilities of the new energy station can be accessed only by the users with the authentication and the access authority, and the unauthorized access and the potential security risk are effectively prevented; by recording the access log and the activity information of the user, the invention can monitor and track the activity of the user in the communication facility of the new energy station and help the manager to know and analyze the user behavior, thereby improving the safety and management efficiency of the facility; the abnormality detection module in the system can analyze and monitor the access behaviors of the user, timely detect abnormal activities or unauthorized access and trigger corresponding security alarms. This can help to guard against potential security threats and quickly take necessary security measures; by combining rights management software or access controllers, the scheme can provide flexible access control management, including time constraints, area constraints, or functional constraints, to meet the needs of different users and scenarios.
Drawings
For a clearer description of the technical solutions of embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art, wherein:
fig. 1 is a general flow chart of a new energy station communication facility identity recognition method according to an embodiment of the present invention.
Fig. 2 is a functional architecture diagram of a new energy station communication facility identity recognition system according to an embodiment of the present invention.
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present invention is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
While the embodiments of the present invention have been illustrated and described in detail in the drawings, the cross-sectional view of the device structure is not to scale in the general sense for ease of illustration, and the drawings are merely exemplary and should not be construed as limiting the scope of the invention. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Also in the description of the present invention, it should be noted that the orientation or positional relationship indicated by the terms "upper, lower, inner and outer", etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first, second, or third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected, and coupled" should be construed broadly in this disclosure unless otherwise specifically indicated and defined, such as: can be fixed connection, detachable connection or integral connection; it may also be a mechanical connection, an electrical connection, or a direct connection, or may be indirectly connected through an intermediate medium, or may be a communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Example 1
Referring to fig. 1, a first embodiment of the present invention provides a method for identifying identity of a communication facility of a new energy station, including:
s1: and (3) carrying out identity verification on the user through a biological feature recognition technology and edge optimization, matching the user identity information with the access authority after the user passes the verification, and authorizing the user to access the new energy station communication facility according to the matching result.
The following identity recognition device is applied to metering scenes.
Furthermore, when the user requests to access the new energy station communication facility, the input module receives the user identity information and transmits the user identity information to the biological characteristic recognition module for identity verification, and the biological characteristic recognition module uses fingerprint, face, iris and voiceprint recognition to carry out identity verification on the user.
And if the identity verification of the user is passed, the matching module matches the user identity information with the access authority stored in the storage module.
If the matching is successful, the authorization module grants the user access to the new energy station communication facility, records the access log and the activity information of the user, and meanwhile, the abnormality detection module analyzes and monitors the access behavior of the user and detects abnormal activity and unauthorized access: if the anomaly detection module detects the anomaly activity and unauthorized access, the security measure module triggers a security alarm and takes security measures to prevent access, and informs staff.
It should be noted that the access rights include time restrictions, area restrictions or functional restrictions,
the time limit comprises the steps of setting time period allowed access according to the access requirement of a user and the working time of a new energy station, setting time T epsilon [ x, y ] x is the earliest allowed access time, y is the latest allowed access time, when T < x, if any user applies access, the system automatically prompts to prohibit access, when x is less than or equal to T and less than or equal to y, if any user applies access, the area limit comprises a first-level area, a second-level area and a middle area according to the physical layout and the equipment position of the new energy station, wherein the first-level area only allows access of users with specific authority, the second-level area allows general users to access the middle area to connect the first-level area and the second-level area, and the temporary authority is stored; when a user requests to access the first-level area and the second-level area, the system judges according to the authority of the user, if the authority is insufficient, the user needs to apply for the highest authority manager, if the highest authority manager agrees, a temporary random key P is returned to the applied user and the middle area, the user accepts the key P and then applies for the second time after carrying out mixed encryption with an authority key Q contained in the user, at the moment, the middle area recognizes the mixed key and combines the biological feature recognition technology to judge whether the access is allowed, if the area requesting the access is within the authority range owned by the user, the access is allowed, when the user tries to access the limited function, the system judges according to the authority of the user, if the authority is insufficient, the access is forbidden, the user is prompted to have the authority insufficient and the key cannot be applied for the highest authority manager, at the moment, the system recognizes and refuses the access and uploads the key to a dispatching center for storage.
Access rights control: during the actual access of the user, the system will control the behavior of the user according to the current access rights. For example, for a user with high access rights, he may be allowed to access advanced functions and sensitive data; medium authority users access in-station functions and data, but are restricted from accessing certain sensitive information; and for users with lower access rights, only the users are allowed to access the public area and the non-sensitive data.
It should also be noted that when multiple users perform access requests and apply for new users at the same time, edge optimization control is triggered, so that data and calculation tasks in the authentication and access control processes are distributed to each node: the new user first makes reservation access, the normal user collects information through biological feature recognition, the identity verification request is sent to the edge computing node at the same time when collecting, after the edge computing node receives the request, the identity information of the user is initially verified through the biological feature recognition module, and if the initial verification is passed:
when a plurality of users access, the edge computing node sends the access control request of the users to the central server for further verification, after the central server passes the verification, the matching module matches the user identity information with the access authority stored in the storage module, and then the normal access work is authorized.
When the applicant is a new user, the edge computing node sends an access control request of the user to the central server for further verification, after the central server receives the access control request, the central server uploads the highest authority manager to check whether reservation records exist and combine the information according to the identity information and the access authority setting of the user and the application reason, and judges whether the new user can access the target resource, and the central server returns a verification result to the edge computing node: if the target resource is allowed to be accessed, the edge computing node generates a temporary access token and sends the temporary access token to the new user, and after the user receives the temporary access token, the temporary token is used for accessing the target resource and the record is saved to the central server.
The access token has time limit, and the token automatically fails after the time is exceeded, if the new user performs identity preservation application, the central server opens corresponding access rights after agreeing with the highest rights manager, and the reservation application is not needed when entering next time.
S2: in the user authentication process, the access log and the activity information of the user are recorded in combination with the self-adaptive access control, and the access behavior of the user is analyzed and monitored to detect abnormal activity or unauthorized access.
Further, after passing the authentication according to the biometric identification, the method is based on the location limitation, the time limitation, the area limitation and the behavior limitation: position limitation: and judging whether the user is in the area which is allowed to be accessed according to the position of the user.
Time limit: and judging whether the user has permission to access according to the current time and the preset time range.
Region restriction: and judging whether the user is in the range of the area which is allowed to be accessed or not according to the area where the user is located.
Behavior restriction: and judging whether the abnormal behavior of the user exceeds the limit times according to the behavior characteristics of the user.
Calculating a risk degree R (a):
wherein D is n For the distance of the user's location, max (D) is the maximum allowed value of the distance sensitive area,for the weight coefficient, T p T is the current time x,y For the allowed time period in the time limit, E n For the region information in which the user is located, max (E) is the maximum allowable value, k, from the unauthorized region for the user n For the abnormal operation number based on the behavior pattern of the user, max (k) is the maximum allowable operation number.
According to the risk result, dynamically adjusting the access right of the user: when R (A) is more than or equal to mu, mu is E [0.5,0.8], the user is judged to be high in risk, access is refused, secondary identity verification is carried out, and monitoring and log recording are simultaneously carried out in real time;
when ω is R (a) < μ, the user is judged as risk of stroke, and limited access control and frequency are required;
when R (A) < ω, ω ε [0.3,0.5], then the user is judged to be low risk, allowing the access rights to be relaxed.
The self-adaptive access control strategy can dynamically adjust the access authority of the user according to the historical access record and the behavior mode of the user, thereby realizing intelligent management and control of the communication facilities of the new energy station. The method not only improves the safety and the management efficiency, but also provides more personalized access experience for the user.
S3: upon detection of abnormal activity or unauthorized access, a security alarm is triggered and corresponding security measures are taken, such as blocking access or notifying the relevant personnel.
Furthermore, an anomaly detection prediction model is established, the system collects access logs and access information of users in real time, analyzes and models the information, inputs a new sample into the model, and selects an optimal result:
F(X)=Σ((u i,j -c v,j ) 2 *θ)-∑((u j -c j ) 2 *θ)
calculating the similarity of the optimal result:
if model |Y P -Y t |>Epsilon is considered abnormal, if Y P -Y t Outputting a model prediction result value F (X) and comparing the model prediction result value F (X) with a set threshold value when the I is less than or equal to epsilon, if the F (X) is higher than the threshold value, regarding the model prediction result value F (X) as abnormal, triggering safety early warning when all the conditions regarding the model prediction result value F (X) as abnormal are considered as abnormal, otherwise, not performing normal operation of an early warning system;
wherein F (X) is the predicted optimal result, θ is the predicted class occurrence probability coefficient, θ is the sample probability coefficient of all occurrences, u i,j For the user behavior feature vector c v,j For the class center vector, j is the feature dimension, u j C, for user behavior features in the history database j For category center vector in history database, p i And p n Feature vectors of the predicted sample and the normal sample, Y P To predict category, Y t Epsilon is a prescribed integer for determining the difference point size, which is the actual category.
Example 2
Referring to fig. 1, for one embodiment of the present invention, a new energy station communication facility identification method is provided, and in order to verify the beneficial effects of the present invention, scientific demonstration is performed through experiments.
According to the present invention, we arbitrarily draw out 10 examples as follows:
TABLE 1
TABLE 2
Experimental items Data
Number of people involved in experiment 50 people
Verification times 200 times
Number of abnormality detections 50 times
According to the table contents above: authentication response time: the average response time was 3 seconds, with the response time of the biometric module being 1.5 seconds and the response time of the access control module being 1.5 seconds.
Verification success rate: of the 200 verifications, 198 were successfully verified with a 99% success rate.
Abnormality detection accuracy: in 50 anomaly detection, 48 anomalies are detected correctly, and the accuracy is 96%.
Through the simulation experiment, the response time of the new energy station communication facility identity recognition method in practical application is short, the verification success rate is high, the abnormality detection accuracy is high, and the safety of the new energy station communication facility can be effectively protected.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered by the scope of the claims of the present invention.
Example 3
A third embodiment of the present invention, which is different from the first two embodiments, is:
the functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RAM, randomAccessMemory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Example 4
Referring to fig. 2, a fourth embodiment of the present invention provides a new energy station communication facility identity system, which includes an input module, a biometric identification module, a storage module, a matching module, an authorization module, a log recording module, an anomaly detection module, and a security measure module.
The input module is used for receiving input equipment of user identity information: the system comprises a keyboard, a touch screen and a card swiping reader, and transmits identity information input by a user to a biological characteristic recognition module for processing and verification.
The biological characteristic recognition module is used for carrying out identity verification on the user, and comparing the biological characteristic information of the user with stored user identity information to confirm whether the identity of the user is legal or not: after the biological characteristics are successfully matched, psychological characteristics of a user are analyzed through facial recognition during collection, analysis results are returned to the biological characteristic recognition module, if the biological characteristics are met, the biological characteristics are allowed to pass, and if the biological characteristics are not met, the biological characteristics are not allowed to pass.
The storage module is used for storing user identity information and access rights by adopting a nonvolatile memory and cloud storage service and storing personal information and authorization information of a user so as to facilitate subsequent matching and authorization operations.
The matching module is used for matching the user identity information with the access rights, comparing the input user identity information with the stored user identity information, and then determining the access rights of the user according to the matching result.
The authorization module comprises an access controller and authority management software, and is used for authorizing a user to access the new energy station communication facility, determining whether the user is allowed to enter the new energy station communication facility according to the user access authority determined by the matching module, and controlling the access range and the function of the new energy station communication facility.
The log recording module is used for recording access log and activity information of the user and recording login time, exit time, access equipment and function information of the user.
The anomaly detection module is used for analyzing and monitoring the access behaviors of the user and detecting the abnormal activities and unauthorized access.
The security measure module is used for triggering a security alarm and executing security measures when the abnormality detection module detects abnormal activity or unauthorized access.
It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered by the scope of the claims of the present invention.

Claims (10)

1. A new energy station communication facility identity recognition method is characterized in that: comprising the steps of (a) a step of,
the user is authenticated through a biological feature recognition technology and edge optimization, after authentication is passed, user identity information and access authority are matched, and the user is authorized to access the new energy station communication facility according to the matching result;
in the user identity verification process, the access log and the activity information of the user are recorded by combining with the self-adaptive access control, and the access behavior of the user is analyzed and monitored to detect abnormal activity or unauthorized access;
upon detection of abnormal activity or unauthorized access, a security alarm is triggered and corresponding security measures are taken, such as blocking access or notifying the relevant personnel.
2. The method for identifying the identity of a new energy station communication facility as claimed in claim 1, wherein: the matching with the access authority comprises that when a user requests to access a new energy station communication facility, the input module receives user identity information and transmits the user identity information to the biological characteristic recognition module for identity verification, and the biological characteristic recognition module uses fingerprint, face, iris and voiceprint recognition to carry out identity verification on the user;
if the identity verification of the user is passed, the matching module matches the user identity information with the access authority stored in the storage module;
if the matching is successful, the authorization module grants the user access to the new energy station communication facility, records the access log and the activity information of the user, and meanwhile, the abnormality detection module analyzes and monitors the access behavior of the user and detects abnormal activity and unauthorized access: if the anomaly detection module detects the anomaly activity and unauthorized access, the security measure module triggers a security alarm and takes security measures to prevent access, and informs staff.
3. The method for identifying the identity of the communication facility of the new energy station as claimed in claim 2, wherein: the access rights include time restrictions, area restrictions, or functional restrictions;
the time limit comprises the step of allowing access in a time period according to the access requirement of a user and the working time of a new energy station, wherein the time T epsilon x, y is set, x is the earliest time of allowing access, y is the latest time of allowing access, when T < x, the system automatically prompts and forbids access if any user applies for access, when x is less than or equal to T and less than or equal to y, if any user applies for access, the area limit comprises the step of dividing the area into a first-level area, a second-level area and a middle area according to the physical layout and the equipment position of the new energy station, when the user requests to access the first-level area and the second-level area, the system judges according to the authority limit of the user, if the authority limit is insufficient, the user needs to apply for the highest authority limit, if the authority limit is insufficient, a temporary random key P is returned to the user and the middle area, when the user accepts the key P and applies for mixed encryption with the authority key Q contained in the system, and if the area is not required to be allowed access, and if the area is in the range of the user, the user is not required to have access limit, the access authority limit is not met, and if the system is not required to be judged, and the system is not required to accept access is not to be restricted.
4. A new energy station communication facility identity recognition method as defined in claim 3, wherein: the analysis and monitoring of the access behavior of the user comprises the steps of establishing an anomaly detection prediction model, collecting access logs and access information of the user in real time by a system, analyzing and modeling the information, inputting a new sample into the model, and selecting an optimal result:
calculating the similarity of the optimal result:
if model |Y P -Y t If | > ε, then we consider it as abnormal, if Y P -Y t Outputting a model prediction result value F (X) and comparing the model prediction result value F (X) with a set threshold value when the I is less than or equal to epsilon, if the F (X) is higher than the threshold value, regarding the model prediction result value F (X) as abnormal, triggering safety early warning when all the conditions regarding the model prediction result value F (X) as abnormal are considered as abnormal, otherwise, not performing normal operation of an early warning system;
wherein F (X) is the predicted optimal result, θ is the predicted class occurrence probability coefficient,for all the sample probability coefficients that occur, u i,j For the user behavior feature vector c v,j For the class center vector, j is the feature dimension, u j C, for user behavior features in the history database j For category center vector in history database, p i And p n Feature vectors of the predicted sample and the normal sample, Y P To predict category, Y t Epsilon is a prescribed integer for determining the difference point size, which is the actual category.
5. The method for identifying the identity of a new energy station communication facility as claimed in claim 4, wherein: the edge optimization comprises triggering edge optimization control when a plurality of users simultaneously carry out access requests and apply for new users, and dispersing data and calculation tasks in the authentication and access control process to each node: the new user first makes reservation access, the normal user collects information through biological feature recognition, the identity verification request is sent to the edge computing node at the same time when collecting, after the edge computing node receives the request, the identity information of the user is initially verified through the biological feature recognition module, and if the initial verification is passed:
when a plurality of users access, the edge computing node sends an access control request of the user to the central server for further verification, and after the central server passes the verification, the matching module matches the user identity information with the access authority stored in the storage module and then authorizes normal access work;
when the applicant is a new user, the edge computing node sends an access control request of the user to the central server for further verification, after the central server receives the access control request, the central server uploads the highest authority manager to check whether reservation records exist and combine the information according to the identity information and the access authority setting of the user and the application reason, and judges whether the new user can access the target resource, and the central server returns a verification result to the edge computing node: if the access to the target resource is allowed, the edge computing node generates a temporary access token and sends the temporary access token to the new user, and after the user receives the temporary access token, the user accesses the target resource by using the temporary token and saves the record to the central server.
6. The method for identifying the identity of the communication facility of the new energy station as claimed in claim 5, wherein: the adaptive access control includes calculating a risk degree R (a) according to a location limitation, a time limitation, a region limitation, and a behavior limitation after passing the authentication according to the biometric identification:
wherein D is n For the distance of the user's location, max (D) is the maximum allowed value of the distance sensitive area,for the weight coefficient, T p T is the current time x,y For the allowed time period in the time limit, E n For the region information in which the user is located, max (E) is the maximum allowable value, k, from the unauthorized region for the user n Max (k) is the maximum allowable number of operations for the abnormal number of operations based on the behavior pattern of the user;
according to the risk result, dynamically adjusting the access right of the user: when R (A) is more than or equal to mu, the user is judged to be high in risk, access is refused, secondary identity verification is carried out, and monitoring and log recording are simultaneously carried out in real time;
when ω is less than or equal to R (A) < μ, the user is judged as a risk level of stroke, and limited access control and frequency are required;
when R (A) < ω, the user is judged to be at a low risk, allowing the access rights to be relaxed.
7. A system employing a new energy station communication facility identity recognition method as claimed in any one of claims 1 to 6, characterized in that: the system comprises an input module, a biological characteristic identification module, a storage module, a matching module, an authorization module, a log recording module, an abnormality detection module and a safety measure module;
the input module is used for receiving input equipment of user identity information: the system comprises a keyboard, a touch screen and a card swiping reader, and transmits identity information input by a user to a biological characteristic recognition module for processing and verification;
the biological characteristic recognition module is used for carrying out identity verification on the user, and comparing the biological characteristic information of the user with stored user identity information to confirm whether the identity of the user is legal or not;
the storage module is used for storing user identity information and access rights, and storing personal information and authorization information of a user so as to facilitate subsequent matching and authorization operations;
the matching module is used for matching the user identity information with the access rights, comparing the input user identity information with the stored user identity information, and then determining the access rights of the user according to the matching result;
the authorization module is used for authorizing a user to access the new energy station communication facility, determining whether the user is allowed to enter the new energy station communication facility according to the user access authority determined by the matching module, and controlling the access range and the function of the new energy station communication facility;
the log recording module is used for recording access log and activity information of the user and recording login time, exit time, access equipment and function information of the user;
the abnormality detection module is used for analyzing and monitoring the access behaviors of the user and detecting abnormal activities and unauthorized access;
the security measure module is used for triggering a security alarm and executing security measures when the abnormality detection module detects abnormal activity or unauthorized access.
8. The new energy station communication facility identification system of claim 7, wherein: the biological characteristic recognition module comprises fingerprint recognition, facial recognition, iris recognition and voiceprint recognition equipment, after the biological characteristics are successfully matched, psychological characteristics of a user are analyzed through facial recognition during collection, an analysis result is returned to the biological characteristic recognition module, if the biological characteristics are in accordance with the requirements, the biological characteristics are allowed to pass, and if the biological characteristics are not in accordance with the requirements, the biological characteristics are not allowed to pass;
the authorization module comprises an access controller and authority management software;
the storage module comprises a nonvolatile memory and cloud storage service.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 7.
CN202311632346.9A 2023-11-30 2023-11-30 New energy station communication facility identity recognition method and system Pending CN117675324A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311632346.9A CN117675324A (en) 2023-11-30 2023-11-30 New energy station communication facility identity recognition method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311632346.9A CN117675324A (en) 2023-11-30 2023-11-30 New energy station communication facility identity recognition method and system

Publications (1)

Publication Number Publication Date
CN117675324A true CN117675324A (en) 2024-03-08

Family

ID=90074525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311632346.9A Pending CN117675324A (en) 2023-11-30 2023-11-30 New energy station communication facility identity recognition method and system

Country Status (1)

Country Link
CN (1) CN117675324A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118250082A (en) * 2024-04-19 2024-06-25 广州市卓航信息科技有限公司 Information security management method and system for cloud service data
CN118643483A (en) * 2024-07-31 2024-09-13 北京盈创力和电子科技有限公司 Login method, system, equipment and medium of edge computing host
CN118643483B (en) * 2024-07-31 2024-11-05 北京盈创力和电子科技有限公司 Login method, system, equipment and medium of edge computing host

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118250082A (en) * 2024-04-19 2024-06-25 广州市卓航信息科技有限公司 Information security management method and system for cloud service data
CN118643483A (en) * 2024-07-31 2024-09-13 北京盈创力和电子科技有限公司 Login method, system, equipment and medium of edge computing host
CN118643483B (en) * 2024-07-31 2024-11-05 北京盈创力和电子科技有限公司 Login method, system, equipment and medium of edge computing host

Similar Documents

Publication Publication Date Title
CA2729193C (en) Access control system based upon behavioral patterns
US11133929B1 (en) System and method of biobehavioral derived credentials identification
JP4905657B2 (en) Security monitoring device, security monitoring system, and security monitoring method
US11899808B2 (en) Machine learning for identity access management
US8234499B2 (en) Adaptive authentication solution that rewards almost correct passwords and that simulates access for incorrect passwords
US8193904B2 (en) Entry and exit control apparatus and entry and exit control method
US20160171197A1 (en) System level user behavior biometrics using feature extraction and modeling
US9038134B1 (en) Managing predictions in data security systems
CN117675324A (en) New energy station communication facility identity recognition method and system
US11200767B2 (en) Method and system for enhancing security of a secured area
US11716330B2 (en) Mobile enrollment using a known biometric
WO2015099607A1 (en) An integrated access control and identity management system
JP2000132515A (en) Device and method for judging wrong access
KR101850682B1 (en) Integrated access control system based on video analysis
CN111653018A (en) Personnel passing management platform based on face recognition
JP5460019B2 (en) Authentication device and security system
JP2010090677A (en) Entrance and exit area collation system, entrance and exit area collation method, and program therefor
KR102069567B1 (en) Structured Cabling System Using Biometric Authentication
KR101395675B1 (en) Access control system and method
CN117197939A (en) Entry tracking control system
CN112825203A (en) Method and apparatus for admission control of a specific area
CN111128129B (en) Authority management method and device based on voice recognition
CN118172849B (en) Intelligent lock capable of preventing technical unlocking and technical unlocking preventing method
EP4047872A1 (en) Remote biometric system for monitoring and authorizing the assistance on a computer
CN116644407A (en) Intelligent logistics platform access management method, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination