Dynamic link access management method and device applied to power distribution network of power system

By constructing a trusted chain model and performing trusted verification operations, the problem of dynamic access control after changes in terminal status in the power distribution network is solved, and real-time trusted numerical analysis of access requests is realized, thereby improving the security and reliability of network access.

CN115908045BActive Publication Date: 2026-06-09SHENZHEN POWER SUPPLY BUREAU

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHENZHEN POWER SUPPLY BUREAU
Filing Date
2022-11-11
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

The existing power distribution network cannot perform real-time dynamic access control after the terminal status changes, which allows secure terminals to still be authenticated even after being infected by viruses or hacked, increasing the risk of network infection and intrusion and reducing access security.

Method used

By collecting data from the platform's root of trust and components, a trusted chain model is constructed. Trust verification operations are performed to determine the trust level of each component. Based on the trust level, first-level and second-level trusted chain models are constructed to achieve real-time dynamic trust value assessment of access requests.

Benefits of technology

It improves the security and reliability of power system distribution network access control, realizes real-time dynamic and reliable numerical analysis of access terminal status, and enhances the security and reliability of network access.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115908045B_ABST
    Figure CN115908045B_ABST
Patent Text Reader

Abstract

The application discloses a kind of dynamic link access control method and device applied to power system distribution network, the method includes: according to the trusted root data of the platform trusted root and the component data of all platform components, with platform trusted root as trust main line starting point, in combination with the direction of trusted chain control and the expansion rule of trusted chain, obtain the first level trusted chain model, the first level trusted chain model is used to execute trusted verification operation to each platform component;According to component data, determine the corresponding trusted level of each platform component, and according to the trusted level of each platform component, the first level trusted chain model is combined to determine the data control flow, obtain the second level trusted chain model, as the target trusted chain model of data trusted verification operation and data transmission research and judge operation to access data.It can be seen that the application can dynamically adjust the access control according to the real-time permission state of the access terminal, and improve the control security of network access control.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of link access control technology, and in particular to a dynamic link access control method and apparatus for use in power system distribution networks. Background Technology

[0002] Existing access controls are based on existing, established security policies. When a terminal's state changes, they cannot dynamically adjust access controls according to the terminal's real-time status. Therefore, existing technologies present a security vulnerability: when a secure terminal sends a request and passes authentication, if that secure terminal is infected by a virus or hacked, it is no longer a secure terminal. However, the authentication result can still be used to indicate that the terminal is trusted and secure. This allows an intruder to use the infected or hacked terminal to infect or intrude into the entire network, reducing access security when handling massive numbers of requests. Therefore, providing a method to improve the security of network access control is particularly important. Summary of the Invention

[0003] The technical problem to be solved by the present invention is to provide a dynamic link access control method and device for power system distribution networks, which can dynamically adjust access control according to the real-time dynamics of access terminals, thereby improving the control security of network access control.

[0004] To address the aforementioned technical problems, the first aspect of this invention discloses a dynamic link access control method applied to power system distribution networks, the method comprising:

[0005] The system collects the trusted root data corresponding to the platform's trusted root and the component data corresponding to all platform components. The platform's trusted root and all the platform components are used to construct a trusted chain model. The trusted chain model is used to perform preset trusted verification operations on all components to be verified within the platform's trusted boundary in order to verify the trustworthiness of each component to be verified.

[0006] Based on the trusted root data and the component data, taking the platform trusted root as the starting point of the trust main line, and combining the preset trusted chain control direction and trusted chain expansion rules, a first-level trusted chain model is constructed. The first-level trusted chain model is used to perform trusted verification operations on each of the platform components.

[0007] Based on the component data, the trust level corresponding to each platform component is determined. Based on the trust level corresponding to each platform component, the first-level trust chain model, and the determined data control flow, a second-level trust chain model is constructed as the target trust chain model for performing data trust verification operations and data transmission judgment operations on the access data.

[0008] As an optional implementation, in the first aspect of the present invention, the step of constructing a first-level trusted chain model based on the trusted root data and the component data, taking the platform trusted root as the starting point of the trust main line, and combining a preset trusted chain management direction and trusted chain expansion rules, includes:

[0009] Based on the trusted root data and the component data, and in accordance with the preset trusted chain control direction, the trusted control division order of each platform component is determined. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component.

[0010] Taking the platform's root of trust as the starting point of the trust main line, the trust management operation is performed on each platform component in sequence according to the trust management division order of each platform component and the trust chain management direction, so as to obtain the trust management result corresponding to each platform component. The trust management result corresponding to each platform component is used to determine whether the platform component is a trust component that meets the preset trust chain expansion rules.

[0011] All platform components whose trusted management results indicate that they satisfy the preset trusted chain expansion rules are identified as trusted components. Based on the platform's trusted root, all trusted components, the trusted chain management direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed.

[0012] As an optional implementation, in the first aspect of the present invention, the step of taking the platform's root of trust as the starting point of the trust main line, and sequentially performing the trust management operation on each platform component according to the trust management division order of each platform component and the trust chain management direction to obtain the trust management result corresponding to each platform component includes:

[0013] For each platform component, according to the preset trusted management components and the trusted management order, the trusted management operation is performed on the platform component to obtain the initial trusted management result corresponding to the platform component; wherein, the trusted management component is the platform component preceding the platform component in the trusted management order, when the platform component is ranked first in the trusted management order, the trusted management component is the trusted root of the platform, and each trusted management component is a component that meets the preset component complete parameter requirements;

[0014] Determine whether the trusted control result corresponding to the platform component indicates that the platform component meets the complete parameter requirements of the component. When the determination result is yes, generate a trust identifier for the platform component as the trusted control result corresponding to the platform component. The trust identifier is used to add the platform component corresponding to the trust identifier to the trust main line as a trusted chain component of the first-level trusted chain model to be constructed.

[0015] When the judgment result is negative, a disqualification flag is generated indicating that the platform component does not meet the complete parameter requirements of the component. This flag serves as the trust management result for the platform component. The disqualification flag indicates that the component trust value of the platform component corresponding to the disqualification flag is lower than a preset trust threshold.

[0016] As an optional implementation, in the first aspect of the present invention, determining the trust level corresponding to each of the platform components based on the component data includes:

[0017] Based on the component data, determine the total number of platform components and the trusted parameters corresponding to each platform component. The trusted parameters corresponding to each platform component include the component type of the platform component. The component type includes the system component type corresponding to the platform component being located on a system platform or the application component type corresponding to the platform component being located on an application platform.

[0018] The trust level of each platform component is determined based on the total number of components in the platform and the component type corresponding to each platform component.

[0019] As an optional implementation, in the first aspect of the present invention, the step of constructing a second-level trust chain model based on the trust level corresponding to each of the platform components and the data control flow determined by the first-level trust chain model includes:

[0020] Based on the determined data control flow, the corresponding transmission judgment parameters are determined. The transmission judgment parameters are used to perform a preset data transmission judgment operation on the data control flow. The transmission judgment parameters include system initialization parameters before performing the data transmission judgment operation on the data control flow.

[0021] Based on the data transmission assessment process corresponding to the data control flow, and combined with the trust level of each platform component, the first-level trust chain model, the data control flow, and the transmission assessment parameters, a second-level trust chain model is constructed.

[0022] As an optional implementation, in the first aspect of the present invention, after constructing a second-level trust chain model based on the trust level corresponding to each platform component and the data control flow determined by the first-level trust chain model, the method further includes:

[0023] According to the pre-generated initialization control instructions, the parameter initialization operation is performed on the secondary trusted chain model, and the preset test data stream is input into the secondary trusted chain model. The test data stream includes multiple components to be tested, and all the components to be tested include qualified components whose trust level is greater than or equal to the standard trust level corresponding to the secondary trusted chain model, and untrustworthy components whose trust level is less than the standard trust level.

[0024] Obtain the trusted output result corresponding to each of the components under test after inputting into the two-level trusted chain model;

[0025] Determine whether there is a component to be corrected among the trusted output results corresponding to all the components under test. When it is determined that there is no component to be corrected among the trusted output results corresponding to all the components under test, determine that the model trust level corresponding to the second-level trust chain model meets the preset model trust threshold requirement. The component to be corrected is the output result corresponding to the untrustworthy component under test, which indicates that the trust level of the untrustworthy component under test is greater than or equal to the standard trust level.

[0026] As an optional implementation, in the first aspect of the present invention, when it is determined that the component to be corrected exists in the reliable output results corresponding to all the components under test, the method further includes:

[0027] Analyze the trusted output results corresponding to each of the components to be corrected to obtain the misjudgment parameter corresponding to the misjudgment of the trusted level of each component to be corrected in the second-level trusted chain model being greater than or equal to the standard trusted level. The transfer judgment parameter includes the misjudgment parameter.

[0028] Based on the trusted output result corresponding to each component to be corrected, the actual trust level corresponding to each component to be corrected, and the misjudgment parameter corresponding to each component to be corrected, a parameter correction operation is performed on the transmission judgment parameter in the secondary trust chain model to update the secondary trust chain model.

[0029] A second aspect of the present invention discloses a dynamic link access control device for use in power system distribution networks, the device comprising:

[0030] The acquisition module is used to acquire the trust root data corresponding to the platform trust root and the component data corresponding to all platform components. The platform trust root and all the platform components are used to construct a trust chain model. The trust chain model is used to perform preset trust verification operations on all components to be verified within the platform trust boundary to verify the trustworthiness of each component to be verified.

[0031] The first construction module is used to construct a first-level trusted chain model based on the trusted root data and the component data, taking the platform trusted root as the starting point of the trust main line, and combining the preset trusted chain control direction and trusted chain expansion rules. The first-level trusted chain model is used to perform trusted verification operations on each of the platform components.

[0032] The determination module is used to determine the trust level corresponding to each of the platform components based on the component data;

[0033] The second construction module is used to construct a second-level trusted chain model based on the trust level corresponding to each platform component and the data control flow determined by the first-level trusted chain model. This second-level trusted chain model serves as the target trusted chain model for performing data trust verification operations and data transmission judgment operations on the access data.

[0034] As an optional implementation, in the second aspect of the present invention, the method by which the first construction module constructs a first-level trusted chain model based on the trusted root data and the component data, taking the platform trusted root as the starting point of the trust main line, and combining a preset trusted chain management direction and trusted chain expansion rules, specifically includes:

[0035] Based on the trusted root data and the component data, and in accordance with the preset trusted chain control direction, the trusted control division order of each platform component is determined. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component.

[0036] Taking the platform's root of trust as the starting point of the trust main line, the trust management operation is performed on each platform component in sequence according to the trust management division order of each platform component and the trust chain management direction, so as to obtain the trust management result corresponding to each platform component. The trust management result corresponding to each platform component is used to determine whether the platform component is a trust component that meets the preset trust chain expansion rules.

[0037] All platform components whose trusted management results indicate that they satisfy the preset trusted chain expansion rules are identified as trusted components. Based on the platform's trusted root, all trusted components, the trusted chain management direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed.

[0038] As an optional implementation, in the second aspect of the present invention, the first construction module takes the platform's root of trust as the starting point of the trust main line, and sequentially performs the trust management operation on each platform component according to the trust management division order of each platform component and the trust chain management direction, to obtain the trust management result corresponding to each platform component. Specifically, this includes:

[0039] For each platform component, according to the preset trusted management components and the trusted management order, the trusted management operation is performed on the platform component to obtain the initial trusted management result corresponding to the platform component; wherein, the trusted management component is the platform component preceding the platform component in the trusted management order, when the platform component is ranked first in the trusted management order, the trusted management component is the trusted root of the platform, and each trusted management component is a component that meets the preset component complete parameter requirements;

[0040] Determine whether the trusted control result corresponding to the platform component indicates that the platform component meets the complete parameter requirements of the component. When the determination result is yes, generate a trust identifier for the platform component as the trusted control result corresponding to the platform component. The trust identifier is used to add the platform component corresponding to the trust identifier to the trust main line as a trusted chain component of the first-level trusted chain model to be constructed.

[0041] When the judgment result is negative, a disqualification flag is generated indicating that the platform component does not meet the complete parameter requirements of the component. This flag serves as the trust management result for the platform component. The disqualification flag indicates that the component trust value of the platform component corresponding to the disqualification flag is lower than a preset trust threshold.

[0042] As an optional implementation, in the second aspect of the present invention, the method by which the determining module determines the trust level corresponding to each platform component based on the component data specifically includes:

[0043] Based on the component data, determine the total number of platform components and the trusted parameters corresponding to each platform component. The trusted parameters corresponding to each platform component include the component type of the platform component. The component type includes the system component type corresponding to the platform component being located on a system platform or the application component type corresponding to the platform component being located on an application platform.

[0044] The trust level of each platform component is determined based on the total number of components in the platform and the component type corresponding to each platform component.

[0045] As an optional implementation, in the second aspect of the present invention, the second construction module constructs a second-level trusted chain model based on the trust level corresponding to each platform component, the first-level trusted chain model, and the determined data control flow, specifically including:

[0046] Based on the determined data control flow, the corresponding transmission judgment parameters are determined. The transmission judgment parameters are used to perform a preset data transmission judgment operation on the data control flow. The transmission judgment parameters include system initialization parameters before performing the data transmission judgment operation on the data control flow.

[0047] Based on the data transmission assessment process corresponding to the data control flow, and combined with the trust level of each platform component, the first-level trust chain model, the data control flow, and the transmission assessment parameters, a second-level trust chain model is constructed.

[0048] As an optional implementation, in a second aspect of the invention, the apparatus further includes:

[0049] The model testing module is used to perform parameter initialization operations on the secondary trusted chain model after the second construction module constructs the secondary trusted chain model based on the trust level corresponding to each platform component and the data control flow determined by the primary trusted chain model, according to the pre-generated initialization control instructions, and inputs the preset test data stream into the secondary trusted chain model. The test data stream includes multiple components to be tested, and all components to be tested include qualified components whose trust level is greater than or equal to the standard trust level corresponding to the secondary trusted chain model and untrustworthy components whose trust level is less than the standard trust level.

[0050] The acquisition module is used to acquire the trusted output result corresponding to each of the components under test after it is input into the secondary trusted chain model;

[0051] The judgment module is used to determine whether there is a component to be corrected in the trusted output results corresponding to all the components under test. When it is determined that there is no component to be corrected in the trusted output results corresponding to all the components under test, the model trust level corresponding to the second-level trust chain model is determined to meet the preset model trust threshold requirement. The component to be corrected is the output result corresponding to the untrustworthy component under test, which indicates that the trust level of the untrustworthy component under test is greater than or equal to the standard trust level.

[0052] As an optional implementation, in a second aspect of the invention, the apparatus further includes:

[0053] The analysis module is used to analyze the trusted output results corresponding to each component to be corrected when the judgment module determines that the component to be corrected exists in the trusted output results corresponding to all the components to be tested, and to obtain the misjudgment parameter corresponding to the misjudgment level of each component to be corrected in the second-level trusted chain model being misjudged as the component to be corrected being greater than or equal to the standard trusted level. The transmitted judgment parameter includes the misjudgment parameter.

[0054] The correction module is used to perform parameter correction operations on the transmission judgment parameters in the secondary trust chain model based on the trusted output result corresponding to each of the components to be corrected, the actual trust level corresponding to each of the components to be corrected, and the misjudgment parameters corresponding to each of the components to be corrected, so as to update the secondary trust chain model.

[0055] A third aspect of the present invention discloses another dynamic link access control device applied to power system distribution networks, the device comprising:

[0056] Memory containing executable program code;

[0057] A processor coupled to the memory;

[0058] The processor calls the executable program code stored in the memory to execute the dynamic link access control method for power system distribution networks disclosed in the first aspect of the present invention.

[0059] The fourth aspect of the present invention discloses a computer storage medium storing computer instructions, which, when invoked, are used to execute the dynamic link access control method for power system distribution networks disclosed in the first aspect of the present invention.

[0060] Compared with the prior art, the embodiments of the present invention have the following beneficial effects:

[0061] This invention provides a dynamic link access control method for power system distribution networks. The method includes: collecting trusted root data corresponding to the platform's trusted root and component data corresponding to all platform components; the platform's trusted root and all platform components are used to construct a trusted chain model; the trusted chain model is used to perform preset trusted verification operations on all components to be verified within the platform's trusted boundary to verify the trustworthiness of each component; based on the trusted root data and component data, using the platform's trusted root as the starting point of the trust main line, and combining preset trusted chain control directions and trusted chain expansion rules, a first-level trusted chain model is constructed; the first-level trusted chain model is used to perform trusted verification operations on each platform component; based on the component data, the trust level corresponding to each platform component is determined; and based on the trust level corresponding to each platform component, the first-level trusted chain model, and the determined data control flow, a second-level trusted chain model is constructed as the target trusted chain model for performing data trusted verification operations and data transmission judgment operations on access data. As can be seen, implementing this invention can intelligently collect the root trust data of the platform's root trust and the component data of all platform components. Combined with the preset trusted chain control direction and trusted chain expansion rules, a first-level trusted chain model is initially constructed. Then, based on this first-level trusted chain model, combined with the determined trust level and data control flow of each platform component, a second-level trusted chain model is intelligently constructed. The finally constructed second-level trusted chain model, in addition to being able to perform data transmission and analysis operations on the input data input to the second-level trusted chain model, further adds a dynamic trusted value analysis process for the input data. It realizes the dynamic trusted value analysis of the real-time status of each access request from the access terminal, improving the access control security and reliability when any terminal accesses the network. Attached Figure Description

[0062] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0063] Figure 1 This is a flowchart illustrating a dynamic link access control method for power system distribution networks disclosed in an embodiment of the present invention.

[0064] Figure 2 This is a flowchart illustrating another dynamic link access control method for power system distribution networks disclosed in an embodiment of the present invention;

[0065] Figure 3 This is a schematic diagram of the structure of a dynamic link access control device for power system distribution networks disclosed in an embodiment of the present invention;

[0066] Figure 4 This is a schematic diagram of another dynamic link access control device for power system distribution networks disclosed in an embodiment of the present invention;

[0067] Figure 5 This is a schematic diagram of another dynamic link access control device for power system distribution networks disclosed in the embodiments of the present invention;

[0068] Figure 6 This is a schematic diagram of the trusted chain construction process disclosed in an embodiment of the present invention;

[0069] Figure 7 This is a schematic diagram of the data transmission process between the trusted chain and the control chain disclosed in an embodiment of the present invention;

[0070] Figure 8 This is a schematic diagram of the trust level measurement process disclosed in an embodiment of the present invention;

[0071] Figure 9 This is a schematic diagram illustrating the relationship between the trusted chain and the trusted level as disclosed in the embodiments of the present invention;

[0072] Figure 10 This is a schematic diagram of the dynamic access control process disclosed in an embodiment of the present invention.

[0073] Explanation of icon numbers:

[0074] Acquisition module: 301; First construction module: 302; Determination module: 303; Second construction module: 304; Model testing module: 305; Acquisition module: 306; Judgment module: 307; Analysis module: 308; Correction module: 309; Memory: 401; Processor: 402. Detailed Implementation

[0075] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0076] The terms "first," "second," etc., used in the specification, claims, and accompanying drawings of this invention are used to distinguish different objects, not to describe a specific order. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, apparatus, product, or end that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or ends.

[0077] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of the invention. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.

[0078] This invention discloses a dynamic link access control method and device applied to power system distribution networks. It intelligently collects trusted root data of the platform's trusted root and component data of all platform components. Combining this with preset trusted chain control directions and trusted chain expansion rules, a preliminary first-level trusted chain model is constructed. Then, based on this first-level trusted chain model, and combining the determined trust level and data control flow of each platform component, a second-level trusted chain model is intelligently constructed. The final constructed second-level trusted chain model, in addition to performing data transmission and analysis operations on the input data, further enhances the dynamic trusted value analysis process for the input data. This enables dynamic trusted value analysis of the real-time status of each access request from the access terminal, improving the security and reliability of access control when any terminal accesses the network. Detailed descriptions follow.

[0079] Example 1

[0080] Please see Figure 1 as well as Figure 6 , Figure 1 This is a flowchart illustrating a dynamic link access control method for power system distribution networks disclosed in an embodiment of the present invention. Figure 6 This is a schematic diagram illustrating the construction process of the trusted chain disclosed in an embodiment of the present invention. Figure 1 The described dynamic link access control method for power system distribution networks can be applied to dynamic link access control devices used in power system distribution networks, and the embodiments of the present invention are not limited thereto. Figure 1 As shown, the dynamic link access control method applied to the power system distribution network may include the following operations:

[0081] 101. Collect the trusted root data corresponding to the platform's trusted root and the component data corresponding to all platform components. The platform's trusted root and all platform components are used to build the trusted chain model.

[0082] In this embodiment of the invention, the constructed trusted chain model is used to perform preset trusted verification operations on all components to be verified within the platform's trusted boundary, so as to verify the trustworthiness of each component to be verified.

[0083] 102. Based on the root of trust data and component data, and taking the platform root of trust as the starting point of the trust line, combined with the preset trust chain management direction and trust chain expansion rules, a first-level trust chain model is constructed.

[0084] In this embodiment of the invention, the constructed first-level trusted chain model is used to perform trusted verification operations on each platform component.

[0085] In the embodiments of this invention, please refer to Figure 6 Step 102, based on the root of trust data and component data, and taking the platform's root of trust as the starting point of the trust main line, combined with the preset trust chain management direction and trust chain expansion rules, constructs a first-level trust chain model. This can specifically include the following operations:

[0086] Based on the root of trust data and component data, and in accordance with the preset trusted chain control direction, the order of trusted control division for each platform component is determined. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component.

[0087] Starting from the platform's root of trust, the trust management operation is performed on each platform component in sequence according to the order of trust management division and the direction of trust chain management. The trust management result corresponding to each platform component is obtained. The trust management result corresponding to each platform component is used to determine whether the platform component is a trust component that meets the preset trust chain expansion rules.

[0088] All platform components whose trusted control results indicate that they meet the preset trusted chain expansion rules are identified as trusted components. Based on the platform's trusted root, all trusted components, the trusted chain control direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed.

[0089] In this embodiment of the invention, the method of taking the platform's root of trust as the starting point of the trust main line, and sequentially performing trust management operations on each platform component according to the trust management division order and trust chain management direction of each platform component to obtain the trust management result corresponding to each platform component may specifically include the following operations:

[0090] For each platform component, based on the preset trusted control components and in the trusted control order, trusted control operations are performed on the platform component to obtain the initial trusted control result corresponding to that platform component; wherein, the trusted control component is the platform component preceding the platform component in the trusted control order. When the platform component is ranked first in the trusted control order, the trusted control component is the trusted root of the platform, and each trusted control component is a component that meets the preset component complete parameter requirements;

[0091] Determine whether the trusted control result corresponding to the platform component indicates that the platform component meets the component complete parameter requirements. When the determination result is yes, generate a trust identifier for the platform component as the trusted control result corresponding to the platform component. The trust identifier is used to add the platform component corresponding to the trust identifier to the trust mainline as a trusted chain component of the first-level trusted chain model to be built.

[0092] When the judgment result is negative, a disqualification flag is generated to indicate that the platform component does not meet the component complete parameter requirements. This flag serves as the trust management result for the platform component. The disqualification flag indicates that the component trust value of the platform component corresponding to the disqualification flag is lower than the preset trust threshold.

[0093] In this embodiment of the invention, the steps for constructing the first-level trusted chain model described above can be referred to... Figure 6 ,in, Figure 6 Each arrow in the diagram corresponds to two actions: 1. The integrity of the next-level component to be inspected is verified by the previous-level trust source; 2. After integrity verification, the trust is transferred and the component that has passed the inspection is included in the trusted chain, thus expanding the trusted chain.

[0094] In this embodiment of the invention, it should be noted that, Figure 6 The arrow sequence along the two main functional lines indicates the transfer of platform control. During the transfer of control along these two main lines and the expansion of the trusted chain, the following four basic rules are followed:

[0095] (1) All components are considered untrustworthy before they have been measured; only components that have been measured and meet the predefined state can be included in the trust chain.

[0096] (2) The platform does not allow the operation of component entities outside the trusted chain. Only components within the trusted boundary can obtain the corresponding platform control.

[0097] (3) Only components within the trusted chain can act as verification agents to perform integrity verification on unverified components.

[0098] (4) If the integrity of the trust measurement of a component fails during the trust chain transmission, the trust main line ends and the trust chain and measurement result of this terminal are returned; while the control right transmission based on the control flow continues.

[0099] 103. Based on the component data, determine the trust level corresponding to each platform component.

[0100] 104. Based on the trust level corresponding to each platform component, the first-level trust chain model, and the determined data control flow, a second-level trust chain model is constructed.

[0101] In this embodiment of the invention, the constructed two-level trusted chain model is used as the target trusted chain model for performing data trust verification operations and data transmission judgment operations on the access data.

[0102] It is evident that implementation Figure 1 The described dynamic link access control method for power system distribution networks can intelligently collect the trusted root data of the platform's trusted root and the component data of all platform components. Combined with the preset trusted chain control direction and trusted chain expansion rules, a first-level trusted chain model is initially constructed. Then, based on this first-level trusted chain model, combined with the determined trust level and data control flow of each platform component, a second-level trusted chain model is intelligently constructed. The final constructed second-level trusted chain model, in addition to performing data transmission and analysis operations on the input data, further adds a dynamic trusted value analysis process for the input data. It realizes the dynamic trusted value analysis of the real-time status of each access request from the access terminal, improving the access control security and reliability when any terminal accesses the network.

[0103] Example 2

[0104] Please see Figure 2 , Figure 2 This is a flowchart illustrating another dynamic link access control method for power system distribution networks disclosed in an embodiment of the present invention. Figure 2 The described dynamic link access control method for power system distribution networks can be applied to dynamic link access control devices used in power system distribution networks, and the embodiments of the present invention are not limited thereto. Figure 2 As shown, the dynamic link access control method applied to the power system distribution network may include the following operations:

[0105] 201. Collect the trusted root data corresponding to the platform's trusted root and the component data corresponding to all platform components. The platform's trusted root and all platform components are used to build the trusted chain model.

[0106] 202. Based on the root of trust data and component data, taking the platform root of trust as the starting point of the trust main line, and combining the preset trust chain control direction and trust chain expansion rules, a first-level trust chain model is constructed.

[0107] 203. Based on the component data, determine the trust level corresponding to each platform component.

[0108] 204. Based on the trust level corresponding to each platform component, the first-level trust chain model, and the determined data control flow, a second-level trust chain model is constructed.

[0109] For further descriptions of steps 201-204 in this embodiment of the invention, please refer to the other specific descriptions of steps 101-104 in Embodiment 1. These descriptions will not be repeated in this embodiment of the invention.

[0110] 205. Based on the pre-generated initialization control instructions, perform parameter initialization operations on the secondary trusted chain model and input the preset test data stream into the secondary trusted chain model.

[0111] In this embodiment of the invention, the test data stream includes multiple components under test, and all components under test include qualified components with a trust level greater than or equal to the standard trust level corresponding to the second-level trust chain model, and untrustworthy components with a trust level less than the standard trust level.

[0112] 206. Obtain the trusted output results corresponding to each component under test after inputting it into the two-level trusted chain model.

[0113] 207. Determine whether there is a component to be corrected in the reliable output results corresponding to all components under test.

[0114] In this embodiment of the invention, the output result corresponding to the untrustworthy test component indicates that the trust level of the untrustworthy test component is greater than or equal to the standard trust level.

[0115] 208. When it is determined that there is no component to be corrected in the trusted output results corresponding to all components under test, the model trust level corresponding to the second-level trust chain model is determined to meet the preset model trust threshold requirement.

[0116] In this embodiment of the invention, optionally, when it is determined that there is a component to be corrected among the reliable output results corresponding to all components under test, the method may further include the following operations:

[0117] Analyze the trusted output results corresponding to each component to be corrected, and obtain the misjudgment parameter corresponding to the misjudgment level of each component to be corrected in the two-level trusted chain model being greater than or equal to the standard trusted level. The judgment parameters include the misjudgment parameters.

[0118] Based on the trusted output result corresponding to each component to be corrected, the actual trust level corresponding to each component to be corrected, and the misjudgment parameter corresponding to each component to be corrected, the parameter correction operation is performed on the transmission judgment parameter in the second-level trusted chain model to update the second-level trusted chain model.

[0119] In this embodiment of the invention, it should be noted that the operation flow for the secondary judgment model constructed in step 204 above to perform data credibility verification and data transmission judgment operations on the input data is described in the following reference. Figure 7 ,against Figure 7 Further explanation is as follows:

[0120] (1) After the system is powered on and started, perform TCM initialization.

[0121] (2) Establish a connection between the motherboard and the TCM. After the platform is powered on, the BIOS boot module measures the integrity value of the BIOS and stores it on the TCM. It also verifies the integrity of the BIOS. If the verification fails, the trusted transfer ends and the current trusted chain and the measured result are returned. Regardless of the verification result, the BootLoader is read into the TCM.

[0122] (3) TCM checks the integrity of the BootLoader in the BIOS. TCM calculates the hash value of the BootLoader and compares it with the baseline value. If the verification passes, it proceeds to step (4). If the verification fails, the trusted transfer ends and the current trusted chain and the measured results are returned. Regardless of the verification result, control is handed over to the BootLoader.

[0123] (4) Start the BootLoader, complete the basic operations such as initializing memory, interrupts, and peripherals, and then copy the second stage code of the Bootloader from the BIOS to the initialized external RAM to continue execution.

[0124] (5) The BootLoader calls the TCM interface command to calculate the BootLoader's hash value and perform integrity verification. If the verification fails, the trusted transfer ends, and the current trusted chain and the measured results are returned; if the verification passes, the trusted chain extension is completed. Regardless of the verification result, control is handed over to the operating system, and the process proceeds to the next step.

[0125] (6) After the trusted platform starts up, the trusted operating system begins to run. The subsequent trusted chain transmission is controlled and executed by the operating system, which verifies the integrity of the operating system. If the verification fails, the trusted transmission ends and the current trusted chain and the measured results are returned; if the verification passes, the trusted chain extension is completed. The operating system and application programs use various information security authentication mechanisms to call the relevant security functions of TCM to verify secure and trusted applications.

[0126] (7) Control is handed over to the operating system to verify the integrity of secure and trusted applications. If the verification fails, the trust transfer ends and the current trusted chain and the measured results are returned; if the verification passes, the trusted chain extension is completed.

[0127] It is evident that after the entire trusted chain transmission process of the model is completed, through process analysis and this... Figure 7 The flowchart is restrained. In this model, the control flow and trusted flow are relatively independent. Although the trusted flow depends on the transmission of the control flow, when the trusted flow fails due to integrity verification, the control flow can continue, ensuring the normal startup of the general system. The terminal will not fail to start due to trusted authentication failure, thus ensuring the normal startup of ordinary terminals.

[0128] In this embodiment of the invention, optionally, determining the trust level of each platform component based on component data may specifically include the following operations:

[0129] Based on the component data, determine the total number of platform components and the trusted parameters corresponding to each platform component. The trusted parameters corresponding to each platform component include the component type of the platform component. The component type includes the system component type corresponding to the platform component being located on a system platform or the application component type corresponding to the platform component being located on an application platform.

[0130] The trust level of each platform component is determined based on the total number of platform components and the component type corresponding to each platform component.

[0131] In this embodiment of the invention, optionally, the construction of the second-level trust chain model based on the trust level corresponding to each platform component, the first-level trust chain model, and the determined data control flow may specifically include the following operations:

[0132] Based on the determined data control flow, the corresponding transmission judgment parameters are determined. The transmission judgment parameters are used to perform preset data transmission judgment operations on the data control flow. The transmission judgment parameters include system initialization parameters before performing data transmission judgment operations on the data control flow.

[0133] Based on the data transmission assessment process corresponding to the data control flow, and combined with the trust level, first-level trust chain model, data control flow, and transmission assessment parameters corresponding to each platform component, a second-level trust chain model is constructed.

[0134] For further details, please refer to Figure 8 , Figure 8This is a schematic diagram of the trust level measurement process disclosed in this embodiment of the invention. The system trusted platform and the application trusted platform each correspond to a determined trust weight percentage, and the sum of their trust weight percentages is 1. Based on a trusted chain, during the establishment of the trusted chain, TCM, BIOS, BootLoader, operating system, security application, and trusted application are used as trusted components for measurement. Therefore, in the system trusted platform attributes, TCM, BIOS, BootLoader, and operating system are selected as platform security factors; in the application trusted platform attributes, antivirus software, firewall, and access client are selected as application security factors.

[0135] In this embodiment of the invention, since the trust level is generated based on the trust chain, the security factors of the trust level only calculate the security factors contained in the actual trust chain. For specific correspondences, please refer to [link / reference needed]. Figure 9 Current network access control is based on port authentication. Before authentication, users have no access rights. After successful authentication, users are granted specific internet access permissions. However, if a user's security status changes, the system cannot dynamically adjust the access permissions accordingly, and the user is still granted the original authentication permissions. Therefore, dynamic access control adjusts user access permissions or denies access based on changes in the user's security status to achieve adaptive user access control. In other words, different access permissions can be assigned to different VLANs (Virtual Local Area Networks) based on their trust levels.

[0136] In this embodiment of the invention, the specific application process and effect diagram of the constructed two-level trusted chain model can be found in the following references. Figure 10 ,against Figure 10 The process is explained as follows:

[0137] (1) When a user initiates an access request, the user's identity is first authenticated.

[0138] (2) If user authentication is successful, determine whether the access terminal has a trusted TCM chip. If it does, proceed to step (3); if not, the user is dynamically assigned to the Guest-VLAN and has guest access rights; if user authentication fails, the terminal access is denied.

[0139] (3) After the user is authenticated, the user's security attributes are measured and the platform trustworthiness of the access terminal is verified. If the security and trustworthiness authentication is successful, the trustworthiness level of the terminal platform is evaluated. If the security and trustworthiness authentication fails, the user is dynamically assigned to VLAN40 and the access terminal is isolated and repaired.

[0140] (4) After the trust level assessment, low-trust terminals are dynamically assigned to VLAN 30 and have multiple restricted access permissions (restricted E-mail, restricted WEB, restricted subnet); medium-trust terminals are dynamically assigned to VLAN 20 and have restricted access permissions (restricted WEB, restricted subnet); high-trust terminals are dynamically assigned to VLAN 10 and have no specific restricted access permissions.

[0141] (5) When the trust status of the terminal changes, the user's trust status is reassessed and the trust level is reclassified.

[0142] It is evident that implementation Figure 2 The described dynamic link access control method for power system distribution networks can intelligently verify the reliability of the secondary judgment model through test data streams after the secondary judgment model is constructed. In cases where there are components to be corrected in the trusted output results of all components under test, the method automatically performs parameter correction operations on the transmission judgment parameters in the secondary trusted chain model based on the trusted output results of each component to be corrected, the actual trust level of each component to be corrected, and the misjudgment parameters of each component to be corrected, thereby improving the reliability and accuracy of the finally determined secondary trusted chain model.

[0143] Example 3

[0144] Please see Figure 3 , Figure 3 This is a schematic diagram of a dynamic link access control device for power system distribution networks disclosed in an embodiment of the present invention. The dynamic link access control device for power system distribution networks can be a dynamic link access control terminal, a dynamic link access control device, a dynamic link access control system, or a dynamic link access control server. The dynamic link access control server can be a local server, a remote server, or a cloud server (also known as a cloud server). When the dynamic link access control server is not a cloud server, it can communicate with the cloud server; this embodiment of the present invention does not impose limitations. Figure 3 As shown, the dynamic link access control device applied to the power system distribution network may include a data acquisition module 301, a first construction module 302, a determination module 303, and a second construction module 304, wherein:

[0145] The acquisition module 301 is used to acquire the trust root data corresponding to the platform trust root and the component data corresponding to all platform components. The platform trust root and all platform components are used to construct the trust chain model. The trust chain model is used to perform preset trust verification operations on all components to be verified within the platform trust boundary to verify the trustworthiness of each component to be verified.

[0146] The first construction module 302 is used to construct a first-level trusted chain model based on the trusted root data and component data, taking the platform trusted root as the starting point of the trust main line, and combining the preset trusted chain control direction and trusted chain expansion rules. The first-level trusted chain model is used to perform trusted verification operations on each platform component.

[0147] The determination module 303 is used to determine the trust level of each platform component based on the component data.

[0148] The second construction module 304 is used to construct a second-level trusted chain model based on the trust level corresponding to each platform component, the first-level trusted chain model, and the determined data control flow. This second-level trusted chain model serves as the target trusted chain model for performing data trust verification operations and data transmission judgment operations on the access data.

[0149] In this embodiment of the invention, optionally, the first construction module 302 constructs a first-level trusted chain model based on the trusted root data and component data, taking the platform trusted root as the starting point of the trust main line, and combining preset trusted chain management directions and trusted chain expansion rules. The specific methods include:

[0150] Based on the root of trust data and component data, and in accordance with the preset trusted chain control direction, the order of trusted control division for each platform component is determined. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component.

[0151] Starting from the platform's root of trust, the trust management operation is performed on each platform component in sequence according to the order of trust management division and the direction of trust chain management. The trust management result corresponding to each platform component is obtained. The trust management result corresponding to each platform component is used to determine whether the platform component is a trust component that meets the preset trust chain expansion rules.

[0152] All platform components whose trusted control results indicate that they meet the preset trusted chain expansion rules are identified as trusted components. Based on the platform's trusted root, all trusted components, the trusted chain control direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed.

[0153] In this embodiment of the invention, optionally, the first construction module 302 takes the platform's root of trust as the starting point of the trust main line, and performs trust management operations on each platform component sequentially according to the trust management division order and trust chain management direction of each platform component, and obtains the trust management result corresponding to each platform component in the following ways:

[0154] For each platform component, based on the preset trusted control components and in the trusted control order, trusted control operations are performed on the platform component to obtain the initial trusted control result corresponding to that platform component; wherein, the trusted control component is the platform component preceding the platform component in the trusted control order. When the platform component is ranked first in the trusted control order, the trusted control component is the trusted root of the platform, and each trusted control component is a component that meets the preset component complete parameter requirements;

[0155] Determine whether the trusted control result corresponding to the platform component indicates that the platform component meets the component complete parameter requirements. When the determination result is yes, generate a trust identifier for the platform component as the trusted control result corresponding to the platform component. The trust identifier is used to add the platform component corresponding to the trust identifier to the trust mainline as a trusted chain component of the first-level trusted chain model to be built.

[0156] When the judgment result is negative, a disqualification flag is generated to indicate that the platform component does not meet the component complete parameter requirements. This flag serves as the trust management result for the platform component. The disqualification flag indicates that the component trust value of the platform component corresponding to the disqualification flag is lower than the preset trust threshold.

[0157] In this embodiment of the invention, optionally, the method by which the determining module 303 determines the trust level corresponding to each platform component based on the component data specifically includes:

[0158] Based on the component data, determine the total number of platform components and the trusted parameters corresponding to each platform component. The trusted parameters corresponding to each platform component include the component type of the platform component. The component type includes the system component type corresponding to the platform component being located on a system platform or the application component type corresponding to the platform component being located on an application platform.

[0159] The trust level of each platform component is determined based on the total number of platform components and the component type corresponding to each platform component.

[0160] In this embodiment of the invention, optionally, the second construction module 304 constructs a second-level trusted chain model based on the trust level corresponding to each platform component, the first-level trusted chain model, and the determined data control flow, specifically including the following methods:

[0161] Based on the determined data control flow, the corresponding transmission judgment parameters are determined. The transmission judgment parameters are used to perform preset data transmission judgment operations on the data control flow. The transmission judgment parameters include system initialization parameters before performing data transmission judgment operations on the data control flow.

[0162] Based on the data transmission assessment process corresponding to the data control flow, and combined with the trust level, first-level trust chain model, data control flow, and transmission assessment parameters corresponding to each platform component, a second-level trust chain model is constructed.

[0163] It is evident that implementation is as follows Figure 3 The described dynamic link access control device for power system distribution networks can intelligently collect the trusted root data of the platform's trusted root and the component data of all platform components. Combined with preset trusted chain control directions and trusted chain expansion rules, a preliminary first-level trusted chain model is constructed. Then, based on this first-level trusted chain model, and combined with the determined trust level and data control flow of each platform component, a second-level trusted chain model is intelligently constructed. The final constructed second-level trusted chain model, in addition to performing data transmission and analysis operations on the input data, further adds a dynamic trusted value analysis process for the input data. This enables dynamic trusted value analysis of the real-time status of each access request from the access terminal, improving the access control security and reliability when any terminal accesses the network.

[0164] In an optional embodiment, such as Figure 4 As shown, the device may further include a model testing module 305, an acquisition module 306, and a judgment module 307, wherein:

[0165] The model testing module 305 is used to perform parameter initialization operations on the secondary trusted chain model after the second construction module 304 constructs the secondary trusted chain model based on the trust level corresponding to each platform component and the data control flow determined by the primary trusted chain model. The module also inputs the preset test data stream into the secondary trusted chain model. The test data stream includes multiple components to be tested, and all components to be tested include qualified components with a trust level greater than or equal to the standard trust level corresponding to the secondary trusted chain model and untrustworthy components with a trust level less than the standard trust level.

[0166] The acquisition module 306 is used to acquire the trusted output result corresponding to each component under test after it is input into the two-level trusted chain model.

[0167] The judgment module 307 is used to determine whether there is a component to be corrected in the trusted output results corresponding to all components under test. When it is determined that there is no component to be corrected in the trusted output results corresponding to all components under test, the model trust level corresponding to the second-level trust chain model is determined to meet the preset model trust threshold requirement. The output results corresponding to the component to be corrected as a dishonest component under test indicate that the trust level of the dishonest component under test is greater than or equal to the standard trust level.

[0168] In this optional embodiment, optionally, such as Figure 4 As shown, the device may further include an analysis module 308 and a correction module 309, wherein:

[0169] The analysis module 308 is used to analyze the trusted output results corresponding to each component to be corrected when the judgment module 307 determines that there is a component to be corrected in the trusted output results corresponding to all components to be tested. It obtains the misjudgment parameter corresponding to the misjudgment level of each component to be corrected in the two-level trusted chain model being misjudged as the component to be corrected being greater than or equal to the standard trusted level. The judgment parameters include the misjudgment parameters.

[0170] The correction module 309 is used to perform parameter correction operations on the transmission judgment parameters in the secondary trust chain model based on the trusted output result corresponding to each component to be corrected, the actual trust level corresponding to each component to be corrected, and the misjudgment parameters corresponding to each component to be corrected, so as to update the secondary trust chain model.

[0171] It is evident that implementation is as follows Figure 4 The described dynamic link access control device for power system distribution networks can intelligently verify the reliability of the secondary judgment model through test data streams after the secondary judgment model is constructed. In cases where there are components to be corrected in the trusted output results of all components under test, the device automatically performs parameter correction operations on the transmission judgment parameters in the secondary trusted chain model based on the trusted output results of each component to be corrected, the actual trust level of each component to be corrected, and the misjudgment parameters of each component to be corrected, thereby improving the reliability and accuracy of the finally determined secondary trusted chain model.

[0172] Example 4

[0173] Please see Figure 5 , Figure 5 This is a schematic diagram of another dynamic link access control device for power system distribution networks disclosed in this embodiment of the invention. Figure 5 As shown, the dynamic link access control device applied to the power system distribution network may include:

[0174] Memory 401 storing executable program code;

[0175] Processor 402 coupled to memory 401;

[0176] The processor 402 calls the executable program code stored in the memory 401 to execute the steps in the dynamic link access control method for power system distribution networks described in Embodiment 1 or Embodiment 2 of the present invention.

[0177] Example 5

[0178] This invention discloses a computer storage medium storing computer instructions. When these computer instructions are invoked, they are used to execute the steps in the dynamic link access control method for power system distribution networks described in Embodiment 1 or Embodiment 2 of this invention.

[0179] Example 6

[0180] This invention discloses a computer program product, which includes a non-transitory computer storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps in the dynamic link access control method for power system distribution networks described in Embodiment 1 or Embodiment 2.

[0181] The device embodiments described above are merely illustrative. The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical modules; that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.

[0182] Through the detailed description of the above embodiments, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer storage medium, including read-only memory (ROM), random access memory (RAM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), one-time programmable read-only memory (OTPROM), electrically-erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, disk storage, magnetic tape storage, or any other computer-readable medium that can be used to carry or store data.

[0183] Finally, it should be noted that the dynamic link access control method and apparatus for power system distribution networks disclosed in the embodiments of the present invention are merely preferred embodiments of the present invention and are only used to illustrate the technical solutions of the present invention, not to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A dynamic link access control method applied to power system distribution networks, characterized in that, The method includes: The system collects the trusted root data corresponding to the platform's trusted root and the component data corresponding to all platform components. The platform's trusted root and all the platform components are used to construct a trusted chain model. The trusted chain model is used to perform preset trusted verification operations on all components to be verified within the platform's trusted boundary in order to verify the trustworthiness of each component to be verified. Based on the trusted root data and the component data, and in accordance with the preset trusted chain control direction, the trusted control division order of each platform component is determined. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component. Taking the platform's root of trust as the starting point of the trust main line, the trust management operation is performed on each platform component in sequence according to the trust management division order of each platform component and the trust chain management direction, so as to obtain the trust management result corresponding to each platform component. The trust management result corresponding to each platform component is used to determine whether the platform component is a trust component that meets the preset trust chain expansion rules. All platform components whose trusted control results indicate that they satisfy the preset trusted chain expansion rules are identified as trusted components. Based on the platform trusted root, all trusted components, the trusted chain control direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed. The first-level trusted chain model is used to perform trusted verification operations on each platform component. Based on the component data, the trust level corresponding to each platform component is determined. Based on the trust level corresponding to each platform component, the first-level trust chain model, and the determined data control flow, a second-level trust chain model is constructed as the target trust chain model for performing data trust verification operations and data transmission judgment operations on the access data.

2. The dynamic link access control method for power system distribution networks according to claim 1, characterized in that, The process begins with the platform's root of trust as the starting point of the trust mainline. Following the order of trust management for each platform component and the direction of the trust chain, the trust management operation is sequentially performed on each platform component to obtain the trust management result corresponding to each platform component, including: For each platform component, according to the preset trusted management component and the trusted management division order, the trusted management operation is performed on the platform component to obtain the initial trusted management result corresponding to the platform component; wherein, the trusted management component is the platform component preceding the platform component in the trusted management division order, when the platform component is ranked first in the trusted management division order, the trusted management component is the trusted root of the platform, and each trusted management component is a component that meets the preset component complete parameter requirements; Determine whether the trusted control result corresponding to the platform component indicates that the platform component meets the complete parameter requirements of the component. When the determination result is yes, generate a trust identifier for the platform component as the trusted control result corresponding to the platform component. The trust identifier is used to add the platform component corresponding to the trust identifier to the trust main line as a trusted chain component of the first-level trusted chain model to be constructed. When the judgment result is negative, a disqualification flag is generated indicating that the platform component does not meet the complete parameter requirements of the component. This flag serves as the trust management result for the platform component. The disqualification flag indicates that the component trust value of the platform component corresponding to the disqualification flag is lower than a preset trust threshold.

3. The dynamic link access control method for power system distribution networks according to any one of claims 1 to 2, characterized in that, The step of determining the trust level corresponding to each platform component based on the component data includes: Based on the component data, determine the total number of platform components and the trusted parameters corresponding to each platform component. The trusted parameters corresponding to each platform component include the component type of the platform component. The component type includes the system component type corresponding to the platform component being located on a system platform or the application component type corresponding to the platform component being located on an application platform. The trust level of each platform component is determined based on the total number of components in the platform and the component type corresponding to each platform component.

4. The dynamic link access control method for power system distribution networks according to any one of claims 1 to 2, characterized in that, The step of constructing a second-level trust chain model based on the trust level corresponding to each platform component and the data control flow determined by the first-level trust chain model includes: Based on the determined data control flow, the corresponding transmission judgment parameters are determined. The transmission judgment parameters are used to perform a preset data transmission judgment operation on the data control flow. The transmission judgment parameters include system initialization parameters before performing the data transmission judgment operation on the data control flow. Based on the data transmission assessment process corresponding to the data control flow, and combined with the trust level of each platform component, the first-level trust chain model, the data control flow, and the transmission assessment parameters, a second-level trust chain model is constructed.

5. The dynamic link access control method for power system distribution networks according to claim 4, characterized in that, After constructing the second-level trust chain model based on the trust level corresponding to each platform component and the data control flow determined by the first-level trust chain model, the method further includes: According to the pre-generated initialization control instructions, the parameter initialization operation is performed on the secondary trusted chain model, and the preset test data stream is input into the secondary trusted chain model. The test data stream includes multiple components to be tested, and all the components to be tested include qualified components whose trust level is greater than or equal to the standard trust level corresponding to the secondary trusted chain model, and untrustworthy components whose trust level is less than the standard trust level. Obtain the trusted output result corresponding to each of the components under test after inputting into the two-level trusted chain model; Determine whether there is a component to be corrected among the trusted output results corresponding to all the components under test. When it is determined that there is no component to be corrected among the trusted output results corresponding to all the components under test, determine that the model trust level corresponding to the second-level trust chain model meets the preset model trust threshold requirement. The component to be corrected is the output result corresponding to the untrustworthy component under test, which indicates that the trust level of the untrustworthy component under test is greater than or equal to the standard trust level.

6. The dynamic link access control method applied to power system distribution networks according to claim 5, characterized in that, When it is determined that the component to be corrected exists in the reliable output results corresponding to all the components under test, the method further includes: Analyze the trusted output results corresponding to each of the components to be corrected to obtain the misjudgment parameter corresponding to the misjudgment of the trusted level of each component to be corrected in the second-level trusted chain model being greater than or equal to the standard trusted level. The transmission judgment parameter includes the misjudgment parameter. Based on the trusted output result corresponding to each component to be corrected, the actual trust level corresponding to each component to be corrected, and the misjudgment parameter corresponding to each component to be corrected, a parameter correction operation is performed on the transmission judgment parameter in the secondary trust chain model to update the secondary trust chain model.

7. A dynamic link access control device for use in power system distribution networks, characterized in that, The device includes: The acquisition module is used to acquire the trust root data corresponding to the platform trust root and the component data corresponding to all platform components. The platform trust root and all the platform components are used to construct a trust chain model. The trust chain model is used to perform preset trust verification operations on all components to be verified within the platform trust boundary to verify the trustworthiness of each component to be verified. The first construction module is used to determine the trusted control division order of each platform component according to the trusted root data and the component data, and according to the preset trusted chain control direction. The earlier the trusted control division order of each platform component is, the earlier the preset trusted control operation is performed on that platform component. Taking the platform trusted root as the starting point of the trust main line, the trusted control operation is performed on each platform component in sequence according to the trusted control division order of each platform component and the trusted chain control direction to obtain the trusted control result corresponding to each platform component. The trusted control result corresponding to each platform component is used to determine whether the platform component is a trusted component that meets the preset trusted chain expansion rules. All platform components whose trusted control results indicate that the platform component meets the preset trusted chain expansion rules are determined as trusted components. Based on the platform trusted root, all trusted components, the trusted chain control direction, and the trusted chain expansion rules, a first-level trusted chain model is constructed. The first-level trusted chain model is used to perform trusted verification operations on each platform component. The determination module is used to determine the trust level corresponding to each of the platform components based on the component data; The second construction module is used to construct a second-level trusted chain model based on the trust level corresponding to each platform component and the data control flow determined by the first-level trusted chain model. This second-level trusted chain model serves as the target trusted chain model for performing data trust verification operations and data transmission judgment operations on the access data.

8. A dynamic link access control device for use in power system distribution networks, characterized in that, The device includes: Memory containing executable program code; A processor coupled to the memory; The processor calls the executable program code stored in the memory to execute the dynamic link access control method for power system distribution networks as described in any one of claims 1-6.

9. A computer storage medium, characterized in that, The computer storage medium stores computer instructions, which, when invoked, are used to execute the dynamic link access control method for power system distribution networks as described in any one of claims 1-6.