Dispatching data network difference operation and maintenance password distribution management system

By establishing a temporary association between maintenance personnel and equipment, generating maintenance passwords by combining digest algorithms and operation processing rules, and updating them periodically according to the update cycle, the problems of high difficulty and leakage in maintenance password management in existing technologies are solved, and efficient and secure password management is achieved.

CN115603952BActive Publication Date: 2026-06-19TAIYUAN DINGXIANG TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
TAIYUAN DINGXIANG TECH CO LTD
Filing Date
2022-09-21
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

With existing technology, the management of operation and maintenance passwords becomes more difficult when there are many devices, and they cannot be updated in a timely manner, making operation and maintenance passwords easy to be leaked.

Method used

By establishing temporary associations between maintenance personnel and equipment, matching identity sequences and device sequences respectively, and combining digest algorithms and operation processing rules to generate maintenance passwords, the passwords are updated periodically according to the update cycle.

Benefits of technology

It improves the security of operation and maintenance passwords, prevents brute-force attacks, and increases update efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115603952B_ABST
    Figure CN115603952B_ABST
Patent Text Reader

Abstract

This invention discloses a differential operation and maintenance password distribution and management system for scheduling data networks, relating to the field of operation and maintenance management technology. It solves the technical problems of existing technologies, which easily lead to increased password management difficulty when there are many devices, and the inability to update operation and maintenance passwords for each device in a timely manner according to actual conditions, resulting in easy leakage of operation and maintenance passwords. This invention sets identity sequences and device sequences for operation and maintenance personnel and equipment respectively. Based on a digest algorithm, it combines operational processing rules to obtain the operation and maintenance password. The operation and maintenance password is updated periodically during the operation and maintenance work of the personnel, which can improve the security of the operation and maintenance password and prevent brute-force attacks. Even if the operation and maintenance personnel do not change, this invention can use the existing identity sequence and device sequence, and obtain a new array by changing the rule that combines the two, thereby obtaining a new operation and maintenance password. This improves the update efficiency of the operation and maintenance password while ensuring its security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of operation and maintenance management, and relates to the technology for distributing and managing differential operation and maintenance passwords for scheduling data networks, specifically a differential operation and maintenance password distribution and management system for scheduling data networks. Background Technology

[0002] When performing equipment operation and maintenance management, maintenance personnel need to enter an operation and maintenance password and ensure that the password is successfully matched before they can perform maintenance work. With the increasing number of devices in the network and the adjustment of maintenance personnel roles and permissions, the generation and distribution of operation and maintenance passwords has become more challenging.

[0003] Existing technology (patent application CN105700988A) discloses a server password self-matching operation management and monitoring method. This method sets several passwords for the server and backs them up in an operation and maintenance management system to establish a backup password database. During operation and maintenance monitoring, the correct password is obtained by traversing the backup password database. However, this existing technology automatically generates passwords through a password generator when managing operation and maintenance passwords. This can easily increase the difficulty of password management when there are many devices, and it cannot update the operation and maintenance passwords of each device in a timely manner according to actual conditions, leading to easy leakage of operation and maintenance passwords. Therefore, there is an urgent need for a differentiated operation and maintenance password distribution and management system for scheduling data networks. Summary of the Invention

[0004] This invention aims to solve at least one of the technical problems existing in the prior art. To this end, this invention proposes a scheduling data network differential operation and maintenance password distribution and management system to solve the technical problem that the prior art is prone to increasing the difficulty of password management when there are many devices, and cannot update the operation and maintenance passwords of each device in a timely manner according to the actual situation, which leads to the easy leakage of operation and maintenance passwords.

[0005] To achieve the above objectives, a first aspect of the present invention provides a differential operation and maintenance password distribution and management system for a scheduling data network, including a password management module, and operation and maintenance equipment and a smart terminal connected thereto. Operation and maintenance personnel perform maintenance on the operation and maintenance equipment by inputting operation and maintenance passwords through the smart terminal.

[0006] The password management module obtains the identity tags of maintenance personnel and the device tags of maintenance equipment through smart terminals to verify the identity of maintenance personnel; the identity verification includes permission verification and authenticity verification.

[0007] After identity verification is successful, the identity sequence corresponding to the identity tag and the device sequence corresponding to the device tag are matched and obtained; based on the identity sequence and device sequence, the operation and maintenance password is obtained by combining the digest algorithm.

[0008] The operation and maintenance password is distributed to the smart terminals of operation and maintenance personnel; at the same time, the operation and maintenance password is updated based on the password update cycle of the operation and maintenance equipment and combined with different calculation and processing rules.

[0009] Preferably, the password management module is communicatively and / or electrically connected to the maintenance equipment and the smart terminal, respectively; wherein the smart terminal includes a mobile phone and a computer;

[0010] Maintenance personnel connect to the maintenance equipment temporarily via the smart terminal, and after the temporary association is established, send the identity tag and device tag to the password management module via the smart terminal.

[0011] Preferably, when maintenance personnel are preparing to perform maintenance on the maintenance equipment, they can obtain the equipment tag of the maintenance equipment by inputting or scanning the equipment information through the smart terminal;

[0012] Establish a temporary association between the device tag and the identity tag of the maintenance personnel associated with the smart terminal; within the effective period of the association, send the identity tag and device tag to the password management module and complete the identity verification.

[0013] Preferably, after the identity verification of the maintenance personnel is passed, the password management module randomly obtains the corresponding identity sequence based on the identity tag and the standard sequence length; and

[0014] The password management module randomly obtains the corresponding device sequence based on the device tag and the standard sequence length; wherein the standard sequence length includes 64 bits, 128 bits, or 256 bits.

[0015] Preferably, the password management module combines a digest algorithm to process the identity sequence and the device sequence to obtain the maintenance password, including:

[0016] Choose one of the digest algorithms stored internally to encrypt the identity sequence and device sequence respectively, and obtain the identity fingerprint and device fingerprint; the digest algorithm includes hash algorithm and MD5 algorithm;

[0017] The identity fingerprint and the device fingerprint are processed and segmented according to standards to obtain the operation and maintenance password; wherein the processing rules include addition or subtraction.

[0018] Preferably, after the computation, the password management module performs standard segmentation on the computation result to obtain the operation and maintenance password, including:

[0019] Obtain the number of passwords corresponding to the aforementioned operation and maintenance password;

[0020] The calculation result is divided according to the number of passwords and then added together to obtain several sub-results. The several sub-results are labeled ZJi; where i = 1, 2, ..., n, and n is the number of passwords.

[0021] Through formula Obtain the password MFi, where 0 ≤ MFi < 10; where, The floor operator is used to round down, where j is a non-negative integer, and is used to limit the range of values ​​for the password character.

[0022] The operation and maintenance password is generated by combining the password MFi in sequence.

[0023] Preferably, after the acquired maintenance password is sent to the maintenance personnel, the password management module extracts the password update cycle and updates the maintenance password based on the password update cycle, including:

[0024] The password update cycle is obtained, and the generation time of the maintenance password is calculated. The password update cycle varies for different types of maintenance equipment and is set based on historical experience.

[0025] When the generation time is greater than or equal to the password update cycle, and the operation and maintenance work is still in progress, the identity sequence and device sequence are processed by different operation and maintenance rules to obtain a new operation and maintenance password.

[0026] Compared with the prior art, the beneficial effects of the present invention are:

[0027] 1. After establishing a temporary association between maintenance personnel and maintenance equipment, this invention sets identity sequences and device sequences for maintenance personnel and maintenance equipment respectively. Based on the digest algorithm, it obtains the maintenance password by combining the operation and maintenance rules. The maintenance password is updated regularly during the maintenance work of maintenance personnel, which can improve the security of the maintenance password and prevent the maintenance password from being cracked by brute force.

[0028] 2. When updating the operation and maintenance password according to the password update cycle, if the operation and maintenance personnel have not changed, the existing identity sequence and device sequence can be used. Only the rule of combining the two can be changed to obtain the new array, and thus obtain the new operation and maintenance password. While ensuring the security of the operation and maintenance password, the update efficiency of the operation and maintenance password is improved. Attached Figure Description

[0029] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0030] Figure 1 This is a schematic diagram of the working steps of the present invention;

[0031] Figure 2This is a schematic diagram of the system principle of the present invention. Detailed Implementation

[0032] The technical solution of the present invention will be clearly and completely described below with reference to the embodiments. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0033] Please see Figures 1-2 The first aspect of the present invention provides a differential operation and maintenance password distribution and management system for a scheduling data network, including a password management module, and operation and maintenance equipment and a smart terminal connected thereto. Operation and maintenance personnel perform maintenance on the operation and maintenance equipment by inputting operation and maintenance passwords through the smart terminal.

[0034] The password management module obtains the identity tags of maintenance personnel and the device tags of maintenance equipment through smart terminals to verify the identity of maintenance personnel; the identity verification includes permission verification and authenticity verification.

[0035] After identity verification is successful, the identity sequence corresponding to the identity tag and the device sequence corresponding to the device tag are matched and obtained; based on the identity sequence and device sequence, the operation and maintenance password is obtained by combining the digest algorithm.

[0036] The operation and maintenance password is distributed to the smart terminals of operation and maintenance personnel; at the same time, the operation and maintenance password is updated based on the password update cycle of the operation and maintenance equipment and combined with different calculation and processing rules.

[0037] Existing technologies for managing the differentiated distribution of operation and maintenance passwords for scheduling data networks typically involve setting several passwords on a server and then retrieving the passwords according to an update cycle. Alternatively, each operation and maintenance personnel and each operation and maintenance device may be assigned a corresponding feature code, and then the operation and maintenance password may be generated by combining two feature codes according to a certain rule. Both of these methods are prone to obtaining passwords through brute-force attacks, leading to security risks in operation and maintenance management.

[0038] In this invention application, after establishing a temporary association between maintenance personnel and maintenance equipment, identity sequences and device sequences are matched and set for maintenance personnel and maintenance equipment respectively. Based on the digest algorithm, the maintenance password is obtained by combining the operation and maintenance rules. The maintenance password is updated periodically during the maintenance work of maintenance personnel, which can improve the security of the maintenance password and prevent the maintenance password from being cracked by brute force.

[0039] In this invention application, the password management module communicates and / or is electrically connected to the maintenance equipment and the smart terminal respectively; the maintenance personnel connect to the temporarily associated maintenance equipment through the smart terminal, and after the temporary association is established, send the identity tag and the device tag to the password management module through the smart terminal.

[0040] The password management module manages the operation and maintenance passwords of the entire scheduling data network and is mainly responsible for data processing. The smart terminal is in the hands of the operation and maintenance personnel. The operation and maintenance personnel read the relevant information of the operation and maintenance equipment through the dedicated operation and maintenance APP in the smart terminal and obtain the operation and maintenance password through the smart terminal. The password management module is connected to several operation and maintenance equipment and several smart terminals.

[0041] In this invention application, when maintenance personnel are preparing to perform maintenance on the equipment, they can obtain the equipment tag of the equipment by inputting or scanning the equipment information through a smart terminal; establish a temporary association between the equipment tag and the identity tag of the maintenance personnel associated with the smart terminal; and send the identity tag and equipment tag to the password management module within the effective time of association to complete the identity verification.

[0042] Maintenance personnel identify the equipment using a smart terminal by scanning or inputting information. Once the information is correct, a temporary association is established between the smart terminal and the equipment. During this temporary association, the smart terminal can read relevant information about the equipment, such as device tags and fault codes, but cannot perform any actions on the equipment. If the maintenance personnel fail to enter the correct maintenance password within a certain timeframe, the association is severed. It's important to note that allowing access to equipment information without a password is to facilitate advance preparation by maintenance personnel, thereby improving maintenance efficiency; alternatively, it can be configured to prevent access to relevant information without the correct password.

[0043] The identity verification in this invention application includes authorization verification and authenticity verification; authenticity verification mainly verifies whether the operation and maintenance personnel are real and whether they are authorized; authorization verification verifies whether the operation and maintenance personnel are qualified to perform operation and maintenance on the equipment.

[0044] In this invention application, after the identity verification of the maintenance personnel is passed, the password management module randomly obtains the corresponding identity sequence based on the standard sequence length and the identity tag; and the password management module randomly obtains the corresponding device sequence based on the standard sequence length and the device tag; wherein, the standard sequence length includes 64 bits, 128 bits or 256 bits.

[0045] Identity tags and device tags are generally finite numbers. After obtaining the identity tag, the password management module compares the identity tag with the standard sequence length. If the length is insufficient, it adds random numbers to the beginning, middle, and end of the identity tag to form an identity sequence. The same principle applies to obtaining the device sequence based on the device tag.

[0046] In this invention application, the password management module combines a hash algorithm to process the identity sequence and the device sequence to obtain the operation and maintenance password, including:

[0047] Choose one digest algorithm from the internal storage, encrypt the identity sequence and device sequence respectively to obtain the identity fingerprint and device fingerprint; perform operations and standard segmentation on the identity fingerprint and device fingerprint to obtain the operation and maintenance password; the operation and processing rules include addition or subtraction operations.

[0048] To ensure the security of the operation and maintenance password, the identity sequence and device sequence are encrypted using a digest algorithm to obtain the corresponding identity fingerprint and device fingerprint. Both the identity fingerprint and device fingerprint are binary arrays with a finite number of bits, and the number of bits in both is the same. Therefore, the two are combined into one through an operation processing rule, either by addition or multiplication.

[0049] Since the number of bits in the resulting array is uncertain after the computation, it is subjected to standard segmentation to generate the maintenance password. In this invention application, after the computation, the password management module performs standard segmentation on the computation result to obtain the maintenance password, including:

[0050] Obtain the number of passwords corresponding to the operation and maintenance password; divide the calculation result according to the number of passwords and add them together to obtain several sub-results, and mark the several sub-results as ZJi; use the formula Obtain the password MFi, where 0 ≤ MFi < 10; combine the passwords MFi in order to generate the operation and maintenance password.

[0051] The number of characters in the operation and maintenance password determines the number of passwords required. The calculation results are divided according to the number of passwords required; each sub-result corresponds to one password after processing. These passwords are then concatenated to generate the operation and maintenance password.

[0052] For example:

[0053] Assuming the maintenance password is 6 characters, the result of the operation is 123456789123 (12 characters). Each pair of characters forms a sub-result, resulting in 6 sub-results: 3(1+2), 7(3+4), 11(5+6), 15(7+8), 10(9+1), and 5(2+3). The corresponding password formula is... and The corresponding maintenance password is (3, 7, 1, 1, 1, 5). In actual processing, the value of ZJi is very large, and it is rare for the final maintenance password to have multiple duplicates; moreover, it can flexibly run methods such as rounding up, rounding down, and rounding to ensure that each maintenance password is a single digit.

[0054] In this invention application, after the obtained operation and maintenance password is sent to the operation and maintenance personnel, the password management module extracts the password update cycle and updates the operation and maintenance password based on the password update cycle, including:

[0055] The password update cycle is obtained, and the generation time of the maintenance password is calculated. The password update cycle varies for different types of maintenance devices and is set based on historical experience. When the generation time is greater than or equal to the password update cycle and the maintenance work is still in progress, the identity sequence and device sequence are processed by different calculation rules to obtain a new maintenance password.

[0056] When the maintenance password needs to be updated, it can be updated based on the existing identity sequence and device sequence. This involves changing the rule that combines the identity sequence and device sequence (e.g., changing the addition rule to a multiplication rule). This allows a new array to be obtained, and the remaining steps are performed sequentially to retrieve the new maintenance password. It's important to note that this method of updating the maintenance password is only suitable for scenarios where the maintenance personnel have not changed. If the maintenance personnel change, the process must start from scratch. Furthermore, updating the maintenance password only interrupts the maintenance personnel's operations; it does not terminate existing operations. The personnel can resume operations after re-entering the updated maintenance password.

[0057] The data in the above formula are all calculated by removing the dimensions and taking the numerical values. The formula is the closest to the real situation obtained by software simulation of a large amount of collected data. The preset parameters and preset thresholds in the formula are set by those skilled in the art according to the actual situation or obtained through simulation of a large amount of data.

[0058] Working principle of the invention:

[0059] The password management module obtains the identity tags of maintenance personnel and the device tags of maintenance equipment through smart terminals to verify the identity of maintenance personnel.

[0060] After identity verification is successful, the identity sequence corresponding to the identity tag and the device sequence corresponding to the device tag are matched and obtained; based on the identity sequence and device sequence, the operation and maintenance password is obtained by combining the digest algorithm.

[0061] The operation and maintenance password is distributed to the smart terminals of operation and maintenance personnel; at the same time, the operation and maintenance password is updated based on the password update cycle of the operation and maintenance equipment and combined with different calculation and processing rules.

[0062] The above embodiments are only used to illustrate the technical methods of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical methods of the present invention without departing from the spirit and scope of the technical methods of the present invention.

Claims

1. A differential operation and maintenance password distribution and management system for a dispatch data network, including a password management module, and operation and maintenance equipment and intelligent terminals connected thereto. Operation and maintenance personnel perform maintenance on the equipment by entering the operation and maintenance password through the intelligent terminal. Its features are: The password management module obtains the identity tags of maintenance personnel and the device tags of maintenance equipment through smart terminals to verify the identity of maintenance personnel; the identity verification includes permission verification and authenticity verification. After identity verification is successful, the identity sequence corresponding to the identity tag and the device sequence corresponding to the device tag are matched and obtained; based on the identity sequence and device sequence, the operation and maintenance password is obtained by combining the digest algorithm. The operation and maintenance password is distributed to the smart terminals of operation and maintenance personnel; at the same time, the operation and maintenance password is updated based on the password update cycle of the operation and maintenance equipment and combined with different calculation and processing rules. After the identity verification of the maintenance personnel is passed, the password management module randomly obtains the corresponding identity sequence based on the identity tag and the standard sequence length; and The password management module randomly obtains the corresponding device sequence based on the device tag and the standard sequence length; wherein the standard sequence length includes 64 bits, 128 bits, or 256 bits; The password management module combines a digest algorithm to process the identity sequence and the device sequence to obtain the maintenance password, including: Choose one of the digest algorithms stored internally to encrypt the identity sequence and device sequence respectively, and obtain the identity fingerprint and device fingerprint; the digest algorithm includes hash algorithm and MD5 algorithm; The identity fingerprint and the device fingerprint are processed and segmented according to standards to obtain the operation and maintenance password; wherein the processing rules include addition or subtraction. After performing the calculation, the password management module performs standard segmentation on the calculation result to obtain the operation and maintenance password, including: Obtain the number of passwords corresponding to the aforementioned operation and maintenance password; The operation result is divided according to the number of passwords and then added together to obtain several sub-results. The several sub-results are labeled ZJi; where i = 1, 2, ..., n, and n is the number of passwords. Through formula Obtain the password MFi, where 0 ≤ MFi < 10; where, The floor operator is used to round down, where j is a non-negative integer, and is used to limit the range of values ​​for the password character. The operation and maintenance password is generated by combining the password MFi in sequence.

2. The scheduling data network differential operation and maintenance password distribution management system according to claim 1, characterized in that, The password management module communicates and / or is electrically connected to the maintenance equipment and the smart terminal, respectively; wherein the smart terminal includes mobile phones and computers; Maintenance personnel connect to the maintenance equipment temporarily via the smart terminal, and after the temporary association is established, send the identity tag and device tag to the password management module via the smart terminal.

3. The scheduling data network differential operation and maintenance password distribution management system according to claim 2, characterized in that, When maintenance personnel are preparing to perform maintenance on the maintenance equipment, they can input or scan equipment information through the smart terminal to obtain the equipment tag of the maintenance equipment. Establish a temporary association between the device tag and the identity tag of the maintenance personnel associated with the smart terminal; within the effective period of the association, send the identity tag and device tag to the password management module and complete the identity verification.

4. The scheduling data network differential operation and maintenance password distribution management system according to claim 1, characterized in that, After the acquired maintenance password is sent to the maintenance personnel, the password management module extracts the password update cycle and updates the maintenance password based on the password update cycle, including: The password update cycle is obtained, and the generation time of the maintenance password is calculated. The password update cycle varies for different types of maintenance equipment and is set based on historical experience. When the generation time is greater than or equal to the password update cycle, and the operation and maintenance work is still in progress, the identity sequence and device sequence are processed by different operation and maintenance rules to obtain a new operation and maintenance password.