Information security protection method for industrial internet communication terminal

By employing a two-way authentication mechanism combining device fingerprints and dynamic tokens, along with protocol identification and hierarchical encryption, and real-time monitoring of business traffic, the system addresses the issues of insufficient security authentication and full lifecycle protection for industrial internet communication terminals, thereby achieving comprehensive monitoring and management of the industrial internet environment.

CN122247658APending Publication Date: 2026-06-19浙江齐安信息科技有限公司

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
浙江齐安信息科技有限公司
Filing Date
2026-03-02
Publication Date
2026-06-19

Smart Images

  • Figure CN122247658A_ABST
    Figure CN122247658A_ABST
Patent Text Reader

Abstract

This invention discloses a method and apparatus for information security protection of industrial internet communication terminals. The method includes: receiving an access request initiated by the terminal to a platform, and completing access authentication based on the access request; collecting service traffic in real time during data transmission; and completing risk monitoring based on service traffic and preset security protection policy rules. This invention addresses the limitations of hardware resources and complex access scenarios of industrial internet communication terminals by using device fingerprinting and dynamic tokens to achieve two-way authentication between the terminal and the platform. This effectively prevents data leakage or illegal system intrusion, thus facilitating comprehensive monitoring and management of the industrial internet environment. Furthermore, during data transmission, a secure transmission scheme of protocol identification and hierarchical encryption is provided, and the encryption strategy can be dynamically adjusted according to the industrial protocol type and data sensitivity level, thereby resolving the conflict between real-time performance and security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of industrial internet security technology, specifically to a method for protecting the information security of industrial internet communication terminals. Background Technology

[0002] With the rapid development of industrial informatization, the Industrial Internet has become a significant driving force for the digital transformation of the manufacturing industry. During this rapid development, communication terminals, as a crucial component of the Industrial Internet, face enormous challenges to information security.

[0003] Currently, the security issues of industrial internet communication terminals mainly manifest in the following aspects:

[0004] 1. Existing industrial internet communication terminals often lack effective security authentication mechanisms when accessing the industrial internet, which can easily lead to data leakage or illegal system intrusion, making it difficult to achieve comprehensive monitoring and management of the industrial internet environment.

[0005] 2. Insufficient protocol security: Traditional industrial protocols (such as Modbus RTU / TCP and Profinet) were not designed with security factors in mind and lack robust encryption and integrity verification mechanisms, making them vulnerable to eavesdropping, tampering, and forgery during data transmission.

[0006] 3. Vulnerable terminal security: Industrial communication terminals often operate for long periods without human intervention, making their operating systems and firmware prone to unpatched vulnerabilities. Furthermore, they lack effective vulnerability scanning and emergency response mechanisms, making it difficult to quickly address attacks.

[0007] 4. Lack of full lifecycle protection: Existing protection measures mostly focus on the terminal operation stage, ignoring the security risks in the terminal's factory configuration, deployment and debugging, operation and maintenance upgrades, etc., creating blind spots in protection;

[0008] 5. Conflict between real-time performance and security: Common security protection algorithms (such as high-strength encryption) tend to consume a lot of terminal computing resources, leading to increased latency in industrial data transmission and affecting the real-time performance of industrial production processes.

[0009] Furthermore, traditional industrial internet security technologies lack flexibility and adaptability in dealing with the rapidly changing industrial internet environment. While existing access control technologies provide multi-layered security protection, they are insufficient to effectively address sudden security threats or abnormal behaviors in practice. At the same time, data security issues on industrial internet platforms are becoming increasingly prominent, necessitating research and development of a series of technologies for monitoring and protecting sensitive data to safeguard the deep interconnectivity of all industrial elements, the entire industrial chain, and the entire value chain.

[0010] Therefore, how to improve the information security of industrial internet communication terminals and achieve comprehensive monitoring and management of the industrial internet environment has become an urgent problem to be solved in the field of industrial internet security. Summary of the Invention

[0011] In view of the deficiencies in the prior art mentioned in the background section, the purpose of this invention is to provide an information security protection method and device for industrial internet communication terminals.

[0012] To achieve the above objectives, in a first aspect, embodiments of the present invention provide an information security protection method for industrial internet communication terminals, comprising:

[0013] The platform receives access requests initiated by industrial internet communication terminals; the access requests carry the device fingerprint, dynamic token, and terminal identity identifier of the industrial internet communication terminals.

[0014] The access authentication of the industrial internet communication terminal is completed based on the access request;

[0015] During data transmission, the service traffic of the industrial internet communication terminal is collected in real time;

[0016] Risk monitoring is performed based on the business traffic and preset security protection policy rules.

[0017] As one specific implementation of this application, before receiving the access request initiated by the industrial internet communication terminal to the platform, the method further includes:

[0018] When the industrial internet communication terminal leaves the factory, a device fingerprint is pre-installed, and the industrial internet communication terminal is registered on the platform.

[0019] A dynamic token is generated based on the device fingerprint and the current timestamp using a symmetric encryption algorithm.

[0020] As a specific implementation of this application, the access authentication of the industrial internet communication terminal is completed based on the access request, specifically as follows:

[0021] The device fingerprint carried in the access request is compared with the device fingerprint stored in the platform to verify the legality of the received device fingerprint.

[0022] The validity of the received dynamic token is verified based on symmetric encryption algorithm and timestamp.

[0023] Send the platform's authentication information to the industrial internet communication terminal;

[0024] If the industrial internet communication terminal passes the identity verification information of the platform, a secure access channel is established between the two parties, and the access authentication process is completed; otherwise, access is rejected.

[0025] If the number of authentication failures by both parties exceeds a preset threshold, the industrial internet communication terminal will automatically enter a locked state and send an access anomaly alarm message to the platform.

[0026] As a specific implementation of this application, the security protection strategy rules include data security rules, protocol parsing rules, and anomaly monitoring rules; risk monitoring is performed based on the service traffic and the preset security protection strategy rules, specifically as follows:

[0027] The service traffic is classified and identified based on a deep learning model, and communication features are extracted from it. The communication features include the identity identifiers of the communicating parties, the communication duration, and the command interval.

[0028] Risk monitoring is performed based on the security protection strategy rules and communication characteristics.

[0029] As a preferred implementation of this application, the method further includes a method for protecting transmitted data based on a combination of protocol identification and hierarchical encryption, specifically:

[0030] The industrial protocol identification module built into the industrial internet communication terminal identifies the industrial protocol of the service traffic to obtain the type of industrial protocol currently being transmitted.

[0031] A hierarchical encryption strategy is used to encrypt the data to be transmitted, resulting in encrypted data.

[0032] The encrypted data is transmitted in segments based on the aforementioned industrial protocol type.

[0033] The hierarchical encryption strategy includes:

[0034] For highly sensitive data, the national cryptographic algorithm SM4 is used for data encryption, and the integrity is verified by combining it with the SM3 hash algorithm. The encryption key is dynamically updated through the temporary session key negotiated during the access authentication phase.

[0035] For general sensitive data, the AES-128 encryption algorithm is used;

[0036] For non-sensitive data, the SM3 encryption algorithm is used.

[0037] As a preferred implementation of this application, the method further includes:

[0038] When the industrial internet communication terminal starts up, the terminal firmware is hashed and verified using the built-in root key;

[0039] If the verification fails, it is determined that the terminal firmware has been tampered with, the startup is refused, and an alarm is reported.

[0040] As a preferred implementation of this application, the method further includes:

[0041] During the operation of the industrial internet communication terminal, the running status of the process is monitored in real time, and it is determined whether any unauthorized processes have been started based on the process whitelist; if so, the process is terminated immediately and the log is recorded.

[0042] Real-time monitoring of resource usage and automatic screening for malicious programs based on a resource usage whitelist; if found, real-time reporting or triggering of resource isolation mechanisms.

[0043] As a preferred implementation of this application, after risk monitoring is completed based on the business traffic and preset security protection policy rules, the method further includes:

[0044] Based on the risk monitoring results, the risk levels are classified as mild, moderate, and severe.

[0045] For minor risks, log entries and continuous monitoring are performed.

[0046] For medium-risk situations, disconnect the network connection, initiate temporary isolation measures, and report the risk details to the platform.

[0047] For severe risks, force the terminal to enter safe mode;

[0048] Secondly, embodiments of this application also provide an information security protection device for an industrial internet communication terminal, including a processor, an input device, an output device, and a memory, wherein the processor, input device, output device, and memory are interconnected, wherein the memory is used to store a computer program, the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method described in the first aspect.

[0049] The advantages of implementing the embodiments of the present invention are as follows:

[0050] 1. In view of the limited hardware resources and complex access scenarios of industrial internet communication terminals, this invention provides an effective security authentication mechanism by using device fingerprints and dynamic tokens to complete two-way authentication between the terminal and the platform. This mechanism can effectively prevent data leakage or illegal intrusion into the system, thereby facilitating comprehensive monitoring and management of the industrial internet environment.

[0051] 2. During data transmission, a secure transmission scheme combining protocol identification and hierarchical encryption is provided. The encryption strategy can be dynamically adjusted according to the industrial protocol type and data sensitivity level, thereby resolving the conflict between real-time performance and security.

[0052] 3. By verifying firmware integrity and combining it with techniques such as process whitelisting and resource usage monitoring, the security of the terminal itself can be guaranteed from the bottom layer.

[0053] 4. The solution of this invention can cover multiple aspects such as terminal security, access security and transmission security, and can provide comprehensive security control for the entire life cycle of communication terminals, effectively eliminating protection blind spots. Attached Figure Description

[0054] To more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the accompanying drawings used in the description of the specific embodiments or the prior art will be briefly introduced below.

[0055] Figure 1 This is a flowchart of the information security protection method for industrial internet communication terminals provided in this embodiment of the invention;

[0056] Figure 2 This is a structural diagram of the information security protection device for the industrial internet communication terminal provided in an embodiment of the present invention. Detailed Implementation

[0057] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0058] It should be understood that, when used in this specification and the appended claims, the terms "comprising" and "including" indicate the presence of the described features, integrals, steps, operations, elements and / or components, but do not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.

[0059] Please refer to Figure 1 The present invention provides an information security protection method for industrial internet communication terminals, which may include the following steps:

[0060] S1, Terminal identity registration and dynamic token generation.

[0061] Industrial Internet communication terminals are the core carriers for data access and transmission between industrial field equipment, production lines, and industrial Internet platforms / clouds. They are adapted to the high reliability, low latency, anti-interference, and wide temperature range characteristics of industrial scenarios. Currently, mainstream industrial communication terminals include Ethernet-based industrial gateways, edge terminals supporting 5G / 4G, communication modules adapted to industrial protocols such as Modbus, Profinet, and OPC UA, as well as various embedded industrial control terminals.

[0062] In practice, the terminal identity registration process can be implemented in the following way:

[0063] When industrial communication terminals leave the factory, they are pre-installed with a unique hardware device fingerprint and registered on the industrial internet platform. The platform stores the association between the device fingerprint and the terminal's identity information. The device fingerprint can be generated from the CPU serial number, MAC address, and firmware version number using a hash algorithm. The terminal identity information includes, but is not limited to, terminal serial number, workshop affiliation, and access permissions. For example, after an industrial gateway is deployed, it initiates a registration request to the industrial internet platform via the 5G network. After verifying the validity of the device fingerprint, the platform associates it with the gateway's identity information (serial number: GW-2024001, workshop affiliation: Smart Manufacturing Workshop A) to complete the registration.

[0064] After the terminal completes identity registration and activation, all subsequent operations, such as accessing the platform, reporting data, receiving instructions, and firmware upgrades, require identity verification through a dynamic token. Therefore, generating a dynamic token is also a necessary step. In this embodiment, the specific process of generating a dynamic token is as follows: before each access request, the terminal generates a dynamic token based on the device fingerprint and the current timestamp using a lightweight symmetric encryption algorithm (such as a simplified version of SM4). The token's validity period is set to 10-30 seconds.

[0065] S2, the platform receives access requests initiated by industrial internet communication terminals and completes access authentication based on the access requests.

[0066] In practice, step S2 includes:

[0067] The terminal sends an access request to the industrial internet platform, carrying device fingerprints, dynamic tokens, terminal identity identifiers, etc.

[0068] The platform compares the device fingerprint carried in the access request with the device fingerprint stored in the platform to verify the legitimacy of the received device fingerprint;

[0069] Verify the validity of the dynamic token using the same algorithm and timestamp. It should be noted that if the dynamic token was generated using the SM4 encryption algorithm, then the verification here must also use the SM4 encryption algorithm.

[0070] Simultaneously, platform identity authentication information is sent to the terminal;

[0071] The terminal verifies the platform identity using a pre-set platform public key. If the verification is successful, a secure access channel is established; otherwise, access is denied.

[0072] It should be noted that if the number of failed verification attempts by both parties exceeds a preset threshold (e.g., 5 times), the terminal will automatically lock the access function and report the access anomaly information to the platform.

[0073] As can be seen from steps S1 and S2, when the industrial internet communication terminal accesses the platform, this embodiment of the invention adopts a two-way authentication mechanism that combines device fingerprint and dynamic token.

[0074] S3 protects transmitted data by combining protocol identification with hierarchical encryption.

[0075] In specific implementation, step S3 includes:

[0076] (1) The protocol identification module built into the industrial Internet communication terminal automatically identifies the type of industrial protocol being transmitted, such as Modbus, OPC UA, Profinet, etc., by means of port number, data frame format and protocol field characteristics.

[0077] (2) The data to be transmitted is encrypted using a hierarchical encryption strategy to obtain encrypted data.

[0078] First, the transmitted data is classified into three categories: highly sensitive data (such as control commands and production process parameters), generally sensitive data (such as equipment operating status data), and non-sensitive data (such as log data). For different levels of data, this embodiment can employ different encryption methods, specifically:

[0079] Highly sensitive data (such as control commands and production process parameters): Data encryption is performed using the national cryptographic algorithm SM4, combined with the SM3 hash algorithm for integrity verification. The encryption key is dynamically updated through the temporary session key negotiated during the access authentication phase.

[0080] For general sensitive data (such as equipment operating status data): use lightweight encryption algorithms (such as a simplified version of AES-128) to reduce the consumption of computing resources;

[0081] Non-sensitive data (such as log data): Only SM3 integrity verification is performed to ensure that the data has not been tampered with.

[0082] (3) The encrypted data is transmitted in segments based on the industrial protocol type.

[0083] In practice, the encrypted data frames are fragmented, with the fragment size adapted to the MTU value of the industrial protocol to avoid increased latency caused by data frame fragmentation and retransmission; at the same time, a pipelined processing mechanism is adopted to complete data encryption and transmission in parallel to ensure real-time transmission.

[0084] S4. During data transmission, the service traffic of the industrial internet communication terminal is collected in real time.

[0085] S5. Risk monitoring is completed based on the business traffic and preset security protection policy rules.

[0086] In this embodiment, the security protection policy rules include data security rules, protocol parsing rules, and anomaly monitoring rules. Risk monitoring is performed based on the service traffic and the preset security protection policy rules, specifically as follows:

[0087] The service traffic is classified and identified based on a deep learning model, and communication features are extracted from it. The communication features include the identity identifiers of the communicating parties, the communication duration, and the command interval.

[0088] Risk monitoring is performed based on the security protection strategy rules and communication characteristics.

[0089] It should be noted that, in addition to using pre-set security protection policy rules to achieve risk monitoring, the following methods can also be used:

[0090] A lightweight intrusion detection module is built into the terminal, which, in conjunction with a signature database, detects intrusion behavior. The signature database stores common attack characteristics found in industrial scenarios, such as abnormal Modbus protocol commands and SQL injection attack characteristics.

[0091] Alternatively, a baseline for normal terminal behavior can be established using machine learning algorithms. If any abnormal behavior deviating from the baseline is detected, it is immediately marked as a risk event. The baseline for normal terminal behavior includes factors such as data transmission frequency, access IP range, and command issuance patterns; abnormal behaviors include suddenly transmitting large amounts of data to unfamiliar IPs and frequently issuing abnormal control commands.

[0092] S6, classifies risks based on monitoring results and applies different treatments accordingly.

[0093] In practice, step S6 includes:

[0094] Based on the risk monitoring results, the risks are classified into three levels: mild, moderate, and severe. Mild risk can be a single authentication failure or minor abnormal behavior; moderate risk can be multiple authentication failures or detection of known attack characteristics; and severe risk can be firmware tampering or detection of malicious programs.

[0095] For minor risks, the approach is to log and continuously monitor them.

[0096] For medium-risk situations, the approach is to disconnect the current network connection, initiate temporary isolation, and report the risk details to the platform.

[0097] For severe risks, the approach is to have the terminal enter a safe mode, stop all industrial communication functions, retain only a secure communication channel with the platform, and wait for the platform to issue a repair command.

[0098] It should be noted that, in addition to the access security protection, transmission security protection, and risk monitoring mentioned in the above steps, this embodiment of the invention also provides the following aspects for information security protection of industrial internet communication terminals:

[0099] 1. Terminal security protection

[0100] Terminal security protection mainly involves two aspects: firmware security hardening and operational status hardening. Firmware security hardening includes:

[0101] (1) Firmware integrity verification: When the terminal starts up, the firmware is checked by SM3 hash using the preset root key. If the verification result is inconsistent with the factory preset hash value, it is determined that the firmware has been tampered with, the terminal refuses to start and reports an alarm.

[0102] (2) Firmware vulnerability protection: Firmware encryption storage technology is adopted to prevent firmware from being reverse-engineered; firmware security upgrade is supported, and the upgrade package must be verified by the platform's digital signature. Only certified legitimate firmware can be upgraded.

[0103] Firmware hardening includes:

[0104] (1) Process whitelist mechanism: The terminal has a pre-set list of legal running processes and monitors the running status of processes in real time. If an unauthorized process is detected to be running, the process is terminated immediately and the log is recorded.

[0105] (2) Port and service management: Close redundant ports and unnecessary network services, retain only the ports necessary for industrial communication (such as Modbus port 502 and OPC UA port 4840), and restrict the IP range of port access;

[0106] (3) Resource usage monitoring: Real-time monitoring of terminal CPU, memory and network bandwidth usage. If abnormally high usage occurs (such as CPU usage exceeding 90% for 10 minutes), it will automatically check for malicious programs and trigger resource isolation mechanism if necessary.

[0107] 2. Full lifecycle safety management

[0108] Full lifecycle security management can cover multiple stages, as follows:

[0109] (1) Factory configuration stage: Pre-set unique device fingerprint, root key, platform public key, disable default account and redundant functions, and complete the initial security configuration; for example, when the industrial gateway leaves the factory, write the device fingerprint (generated by CPU serial number + MAC address through SM3 algorithm), root key, platform public key through hardware programming tool, disable the default SSH account, and only retain the 502 port required for Modbus TCP communication.

[0110] (2) Deployment and debugging phase: A temporary secure access channel is used. Debugging personnel must pass two authentications (such as dynamic verification code + permission verification) before they can access the terminal. The temporary channel will be automatically closed after debugging is completed.

[0111] (3) Operation and maintenance phase: Regularly and automatically scan for terminal vulnerabilities, synchronize the platform's security feature database updates, and support remote security operation and maintenance (operation and maintenance instructions must be transmitted in encrypted form and logged).

[0112] (4) Decommissioning and destruction stage: When the terminal is decommissioned, the platform issues a data clearing command to completely delete the sensitive data stored in the terminal (such as production process and control parameters) and cancel the device identity information to prevent the terminal from being illegally reused.

[0113] The advantages of implementing the information security protection method for industrial internet communication terminals provided in this embodiment of the invention are as follows:

[0114] 1. In view of the limited hardware resources and complex access scenarios of industrial internet communication terminals, this invention provides an effective security authentication mechanism by using device fingerprints and dynamic tokens to complete two-way authentication between the terminal and the platform. This mechanism can effectively prevent data leakage or illegal intrusion into the system, thereby facilitating comprehensive monitoring and management of the industrial internet environment.

[0115] 2. During data transmission, a secure transmission scheme combining protocol identification and hierarchical encryption is provided. The encryption strategy can be dynamically adjusted according to the industrial protocol type and data sensitivity level, thereby resolving the conflict between real-time performance and security.

[0116] 3. By verifying firmware integrity and combining it with techniques such as process whitelisting and resource usage monitoring, the security of the terminal itself can be guaranteed from the bottom layer.

[0117] 4. The solution of this invention can cover multiple aspects such as terminal security, access security and transmission security, and can provide comprehensive security control for the entire life cycle of communication terminals, effectively eliminating protection blind spots.

[0118] 5. Comprehensive security protection: Construct a five-dimensional security protection system that covers key aspects such as access, transmission, terminal, monitoring, and the entire lifecycle, solving the problem of blind spots in existing technology protection;

[0119] 6. Strong scenario adaptability: The lightweight algorithm design is adapted to the limited hardware resources of industrial communication terminals, and the hierarchical encryption strategy balances real-time performance and security, supporting multiple industrial protocols and terminal types.

[0120] 7. Proactive defense capability: Through real-time risk monitoring and tiered emergency response, it achieves a shift from "passive protection" to "proactive defense," reducing the losses caused by attacks;

[0121] 8. Easy to deploy and maintain: The terminal does not require large-scale hardware modification, and the protection function can be implemented at the software level. The platform supports remote management and upgrades, reducing deployment and maintenance costs.

[0122] 9. Compliance Guarantee: Adopting national cryptographic algorithms, it complies with relevant national standards and industry norms for industrial internet security, ensuring the security and compliance of industrial production data.

[0123] Based on the same inventive concept, embodiments of the present invention provide an information security protection device for an industrial internet communication terminal, comprising:

[0124] The access authentication unit is used to receive access requests initiated by industrial internet communication terminals to the platform, and to complete access authentication of the industrial internet communication terminals based on the access requests; the access requests carry the device fingerprint, dynamic token and terminal identity identifier of the industrial internet communication terminals.

[0125] The real-time acquisition unit is used to acquire the service traffic of the industrial internet communication terminal in real time during data transmission.

[0126] The risk monitoring unit is used to perform risk monitoring based on the business traffic and preset security protection policy rules.

[0127] Furthermore, the access authentication unit is also used for:

[0128] When the industrial internet communication terminal leaves the factory, a device fingerprint is pre-installed, and the industrial internet communication terminal is registered on the platform.

[0129] A dynamic token is generated based on the device fingerprint and the current timestamp using a symmetric encryption algorithm.

[0130] In specific implementation, the access authentication unit is used for:

[0131] The device fingerprint carried in the access request is compared with the device fingerprint stored in the platform to verify the legality of the received device fingerprint.

[0132] The validity of the received dynamic token is verified based on symmetric encryption algorithm and timestamp.

[0133] Send the platform's authentication information to the industrial internet communication terminal;

[0134] If the industrial internet communication terminal passes the identity verification information of the platform, a secure access channel is established between the two parties, and the access authentication process is completed; otherwise, access is rejected.

[0135] If the number of authentication failures by both parties exceeds a preset threshold, the industrial internet communication terminal will automatically enter a locked state and send an access anomaly alarm message to the platform.

[0136] In specific implementation, the security protection strategy rules include data security rules, protocol parsing rules, and anomaly monitoring rules; the risk monitoring unit is specifically used for:

[0137] The service traffic is classified and identified based on a deep learning model, and communication features are extracted from it. The communication features include the identity identifiers of the communicating parties, the communication duration, and the command interval.

[0138] Risk monitoring is performed based on the security protection strategy rules and communication characteristics.

[0139] Furthermore, as a preferred implementation of this application, the apparatus further includes a transmission protection unit, used to complete the transmission data protection based on a combination of protocol identification and hierarchical encryption, specifically:

[0140] The industrial protocol identification module built into the industrial internet communication terminal identifies the industrial protocol of the service traffic to obtain the type of industrial protocol currently being transmitted.

[0141] A hierarchical encryption strategy is used to encrypt the data to be transmitted, resulting in encrypted data.

[0142] The encrypted data is transmitted in segments based on the aforementioned industrial protocol type.

[0143] The hierarchical encryption strategy includes:

[0144] For highly sensitive data, the national cryptographic algorithm SM4 is used for data encryption, and the integrity is verified by combining it with the SM3 hash algorithm. The encryption key is dynamically updated through the temporary session key negotiated during the access authentication phase.

[0145] For general sensitive data, the AES-128 encryption algorithm is used;

[0146] For non-sensitive data, the SM3 encryption algorithm is used.

[0147] Furthermore, as a preferred implementation of this application, the device further includes a firmware security protection unit, used for:

[0148] When the industrial internet communication terminal starts up, the terminal firmware is hashed and verified using the built-in root key;

[0149] If the verification fails, it is determined that the terminal firmware has been tampered with, the startup is refused, and an alarm is reported.

[0150] Furthermore, the firmware security protection unit is also used for:

[0151] During the operation of the industrial internet communication terminal, the running status of the process is monitored in real time, and it is determined whether any unauthorized processes have been started based on the process whitelist; if so, the process is terminated immediately and the log is recorded.

[0152] Real-time monitoring of resource usage and automatic screening for malicious programs based on a resource usage whitelist; if found, real-time reporting or triggering of resource isolation mechanisms.

[0153] Furthermore, as a preferred implementation of this application, the risk monitoring unit is also used for:

[0154] Based on the risk monitoring results, the risk levels are classified as mild, moderate, and severe.

[0155] For minor risks, log entries and continuous monitoring are performed.

[0156] For medium-risk situations, disconnect the network connection, initiate temporary isolation measures, and report the risk details to the platform.

[0157] For severe risks, force the terminal to enter safe mode.

[0158] It should be noted that the specific workflow of this embodiment is described in the foregoing method embodiment section, and will not be repeated here.

[0159] Furthermore, such as Figure 2 As shown, another embodiment of the present invention also provides an information security protection device for an industrial internet communication terminal, which may include: one or more processors 101, one or more input devices 102, one or more output devices 103, and a memory 104. The processors 101, input devices 102, output devices 103, and memory 104 are interconnected via a bus 105. The memory 104 is used to store a computer program, the computer program including program instructions, and the processor 101 is configured to invoke the program instructions to execute the method described in the above-described method embodiment.

[0160] It should be understood that, in this embodiment of the invention, the processor 101 may be a central processing unit (CPU), but it may also be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or any conventional processor.

[0161] Input device 102 may include a keyboard, etc., and output device 103 may include a display (LCD, etc.), a speaker, etc.

[0162] The memory 104 may include read-only memory and random access memory, and provides instructions and data to the processor 101. A portion of the memory 104 may also include non-volatile random access memory. For example, the memory 104 may also store device type information.

[0163] In specific implementations, the processor 101, input device 102, and output device 103 described in the embodiments of the present invention can execute the implementation methods described in the embodiments of the information security protection method for industrial internet communication terminals provided by the present invention, which will not be repeated here.

[0164] Accordingly, embodiments of the present invention provide a computer-readable storage medium storing a computer program, the computer program including program instructions, which, when executed by a processor, implement the above-described information security protection method for industrial internet communication terminals.

[0165] The computer-readable storage medium can be an internal storage unit of the system described in any of the foregoing embodiments, such as the system's hard disk or memory. The computer-readable storage medium can also be an external storage device of the system, such as a plug-in hard disk, Smart Media Card (SMC), Secure Digital (SD) card, or Flash Card. Furthermore, the computer-readable storage medium can include both internal storage units and external storage devices. The computer-readable storage medium is used to store the computer program and other programs and data required by the system. The computer-readable storage medium can also be used to temporarily store data that has been output or will be output.

[0166] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this invention.

[0167] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative. For instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, or may be electrical, mechanical or other forms of connection.

[0168] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of the embodiments of the present invention, depending on actual needs.

[0169] Furthermore, the functional units in the various embodiments of this invention can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated units can be implemented in hardware or as software functional units. When using each module, user information is collected and stored only with the user's full authorization and in compliance with relevant laws and regulations, protecting the security and privacy of user data, and strictly prohibiting unauthorized access; data processing will be conducted within the scope stipulated by law and will not exceed the purpose and scope authorized by the user; at the same time, users have the rights to access, correct, delete, restrict processing, and refuse their personal data; and must strictly comply with applicable laws and regulations and conduct compliance reviews.

[0170] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0171] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in the present invention, and these modifications or substitutions should all be covered within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

1. A method for information security protection of an industrial internet communication terminal, characterized in that, include: Receive access requests initiated by industrial internet communication terminals to the platform; The access request carries the device fingerprint, dynamic token and terminal identity identifier of the industrial internet communication terminal. The access authentication of the industrial internet communication terminal is completed based on the access request; During data transmission, the service traffic of the industrial internet communication terminal is collected in real time; Risk monitoring is performed based on the business traffic and preset security protection policy rules.

2. The method as described in claim 1, characterized in that, Before receiving an access request initiated by an industrial internet communication terminal to the platform, the method further includes: When the industrial internet communication terminal leaves the factory, a device fingerprint is pre-installed, and the industrial internet communication terminal is registered on the platform. A dynamic token is generated based on the device fingerprint and the current timestamp using a symmetric encryption algorithm.

3. The method as described in claim 1, characterized in that, The access authentication of the industrial internet communication terminal is completed based on the access request, specifically as follows: The device fingerprint carried in the access request is compared with the device fingerprint stored in the platform to verify the legality of the received device fingerprint. The validity of the received dynamic token is verified based on symmetric encryption algorithm and timestamp. Send the platform's authentication information to the industrial internet communication terminal; If the industrial internet communication terminal passes the identity verification information of the platform, a secure access channel is established between the two parties, and the access authentication process is completed; otherwise, access is rejected. If the number of authentication failures by both parties exceeds a preset threshold, the industrial internet communication terminal will automatically enter a locked state and send an access anomaly alarm message to the platform.

4. The method as described in claim 1, characterized in that, The security protection strategy rules include data security rules, protocol parsing rules, and anomaly monitoring rules; risk monitoring is performed based on the service traffic and the preset security protection strategy rules, specifically as follows: The service traffic is classified and identified based on a deep learning model, and communication features are extracted from it. The communication features include the identity identifiers of the communicating parties, the communication duration, and the command interval. Risk monitoring is performed based on the security protection strategy rules and communication characteristics.

5. The method as described in claim 1, characterized in that, The method also includes a combination of protocol identification and hierarchical encryption to protect transmitted data, specifically: The industrial protocol identification module built into the industrial internet communication terminal identifies the industrial protocol of the service traffic to obtain the type of industrial protocol currently being transmitted. A hierarchical encryption strategy is used to encrypt the data to be transmitted, resulting in encrypted data. The encrypted data is transmitted in segments based on the aforementioned industrial protocol type.

6. The method as described in claim 5, characterized in that, The hierarchical encryption strategy includes: For highly sensitive data, the national cryptographic algorithm SM4 is used for data encryption, and the integrity is verified by combining it with the SM3 hash algorithm. The encryption key is dynamically updated through the temporary session key negotiated during the access authentication phase. For general sensitive data, the AES-128 encryption algorithm is used; For non-sensitive data, the SM3 encryption algorithm is used.

7. The method as described in claim 1, characterized in that, The method further includes: When the industrial internet communication terminal starts up, the terminal firmware is hashed and verified using the built-in root key; If the verification fails, it is determined that the terminal firmware has been tampered with, the startup is refused, and an alarm is reported.

8. The method as described in claim 7, characterized in that, The method further includes: During the operation of the industrial internet communication terminal, the running status of the process is monitored in real time, and it is determined whether any unauthorized processes have been started based on the process whitelist; if so, the process is terminated immediately and the log is recorded. Real-time monitoring of resource usage and automatic screening for malicious programs based on a resource usage whitelist; if found, real-time reporting or triggering of resource isolation mechanisms.

9. The method as described in claim 1 or 4, characterized in that, After completing risk monitoring based on the aforementioned business traffic and preset security protection policy rules, the method further includes: Based on the risk monitoring results, the risk levels are classified as mild, moderate, and severe. For minor risks, log entries and continuous monitoring are performed. For medium-risk situations, disconnect the network connection, initiate temporary isolation measures, and report the risk details to the platform. For severe risks, force the terminal to enter safe mode.

10. An information security protection device for an industrial internet communication terminal, characterized in that, The system includes a processor, an input device, an output device, and a memory, which are interconnected. The memory is used to store a computer program, which includes program instructions. The processor is configured to invoke the program instructions to perform the method as described in any one of claims 1-9.