Unlock instant, AI-driven research and patent intelligence for your innovation.

Terminal security protection method and equipment

A technology for terminal security and protection equipment, applied in the field of information security cryptography, which can solve the problems of no isolation function and no consideration of interconnection and communication security issues.

Active Publication Date: 2017-04-12
ELECTRIC POWER RES INST OF GUANGDONG POWER GRID
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] With the development of computer and network technology, especially the deep integration of informatization and industrialization and the rapid development of the Internet, more and more industrial control system products use general protocols, general hardware, and general software to communicate with public networks such as the Internet in various ways. However, the design of traditional industrial control systems basically does not consider the communication security issues necessary for interconnection and intercommunication, and there is almost no isolation function. If any point of the industrial control system is attacked by the network, it may cause great losses. Therefore, the industrial The safety problem of the control system needs to be solved urgently

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Terminal security protection method and equipment
  • Terminal security protection method and equipment
  • Terminal security protection method and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] Such as figure 1 As shown, a terminal security protection method includes steps:

[0027] S101, using the interrupt mode to receive the industrial process data transmitted by the terminal;

[0028] S102. Check the protocol of the industrial process data transmitted by the terminal, and discard the industrial process data that does not conform to the protocol;

[0029] S103. Encrypt and sign the industrial process data after protocol inspection according to the IPSEC (Internet Protocol Security) VPN (Virtual Private Network) security policy;

[0030] S104. Send the encrypted and signed industrial process data to the master station through the VPN channel;

[0031] S105. According to the IPSEC VPN security policy, decrypt, verify the signature, and verify the integrity of the data or control commands sent by the master station through the VPN channel after analyzing the industrial process data;

[0032] S106. Perform protocol inspection on the data or control commands ...

Embodiment 2

[0036] The difference between the second embodiment and the first embodiment is that after the control command checked by the protocol is sent to the terminal, the result of the terminal executing the control command is also transmitted to the master station.

[0037] Such as figure 2 As shown, a terminal security protection method includes steps:

[0038] S201, using the interrupt mode to receive the industrial process data transmitted by the terminal;

[0039] S202. Check the protocol of the industrial process data transmitted by the terminal, and discard the industrial process data that does not conform to the protocol;

[0040] S203. Encrypt and sign the industrial process data after protocol inspection according to the IPSEC VPN security policy;

[0041] S204. Send the encrypted and signed industrial process data to the master station through the VPN channel;

[0042] S205. According to the IPSEC VPN security policy, decrypt, verify the signature, and verify the integ...

Embodiment 3

[0068] The main difference between the third embodiment and the first embodiment is that the terminal security protection device also includes a key storage module and a dialing module.

[0069] Such as Figure 5 As shown, a terminal security protection device 320, wherein the terminal security protection device 320 is connected to the terminal 310, and performs data processing and transmission between the terminal 310 and the master station 330, including:

[0070] A serial control module 321 connected to the terminal 310, the serial control module 321 adopts the interrupt mode to receive the industrial process data transmitted by the terminal 310 or send the data or control command after protocol inspection to the terminal 310;

[0071] A protocol inspection module 322 connected to the serial control module 321, the protocol inspection module 322 performs protocol inspection on the industrial process data transmitted by the terminal 310 or performs decryption, signature veri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Provided are a terminal safety protection method and equipment. The method comprise the steps that an interrupt mode is used for receiving industrial process data transmitted by a terminal; the industrial process data transmitted by the terminal are subjected to protocol checking; according to the IPSEC VPN safety policy, the industrial process data after protocol checking are encrypted and signed; the industrial process data after encrypting and signing are sent to a main station through a VPN channel; after main station industrial process data analysis according to the IPSEC VPN safety policy, data or control orders sent through the VPN channel are subjected to decoding, signing testing and integrity checking; the data or the control orders after decoding, signing testing and integrity checking are subjected to protocol checking; the data or the control orders after protocol checking are sent to the terminal. According to the terminal safety protection method and equipment, due to the fact that the data transmitted by the terminal and the main station are subjected to protocol checking, coding, decoding and integrity checking, the safety of an industrial control system is improved.

Description

technical field [0001] The invention relates to the technical field of information security encryption, in particular to a terminal security protection method and equipment. Background technique [0002] Industrial control system is a general term for various control systems such as SCADA (data acquisition and monitoring control system), DCS (distributed control system), PCS (personal communication service), PLC (programmable logic controller), and is widely used in electric power, Petrochemical, water conservancy, industrial manufacturing, municipal and other industries. The industrial control system consists of a master station, a network and a terminal. The principle is that the terminal collects industrial process data and sends the data to the master station through the network. After analysis, the master station sends control commands to the terminal through the network, and the terminal executes the command and returns to the master station. result. [0003] With th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06G05B19/418
CPCY02P90/02
Inventor 陈炯聪梁智强谢善益黄曙余南华胡朝辉江泽鑫梁志宏林丹生
Owner ELECTRIC POWER RES INST OF GUANGDONG POWER GRID