Industrial control equipment security authentication method, server and client

Abstract

The invention discloses an industrial control equipment security authentication method, a server and a client, which are applicable to a key management center. The industrial control equipment security authentication method comprises: generating a public key matrix and a private key matrix by use of an ECC algorithm and exposing the public key matrix; obtaining industrial control equipment identification and generating the private key of the industrial control equipment according to the private key matrix; and sending the private key to the industrial control equipment and saving the private key in the programmable logic controller of the industrial control equipment for communication security authentication. In the authentication and encrypted communication process, the intervention of a key management center is not required and offline authentication of the key management center is realized, and therefore, the deployment cost is greatly saved and the security communication and encrypted authentication process are enabled to be extremely simple and flexible, and the industrial control equipment security authentication method, the server and the client are suitable for the data communication characteristics in the industrial control field.

Description

technical field [0001] The invention belongs to the field of information security, and in particular relates to a method for security authentication of industrial control equipment, a server and a client. Background technique [0002] Industrial control systems have a wide range of applications in process production, power utilities, hydraulic oil and gas, and transportation. Industrial control systems increasingly use Internet technology to realize interconnection with enterprise networks. At present, most industrial communication systems develop protocols on the basis of commercial operating systems, and there are many loopholes in communication applications. These vulnerabilities are exposed to potential attackers when industrial control systems are interconnected with the Internet or other public networks. In addition, industrial control systems are mostly used to control critical infrastructure, and attackers will actively attack them for political or economic purpose...

AI Technical Summary

Problems solved by technology

In traditional IT systems, measures such as handshake protocols and encryption are often used to enhance security. In industrial control systems, adding security measures may seriously affect the responsiveness of the system. For example, if each industrial control device frequently accesses the background server to transmit Information authentication will affect the operating efficiency of the entire system, and this information security system needs to run many servers at the same time for support, and the deployment cost will be very high, so traditional information security technology cannot be directly applied to industrial control systems

Images