CN119046911A - Equipment identity authentication method and system - Google Patents
Equipment identity authentication method and system Download PDFInfo
- Publication number
- CN119046911A CN119046911A CN202411523939.6A CN202411523939A CN119046911A CN 119046911 A CN119046911 A CN 119046911A CN 202411523939 A CN202411523939 A CN 202411523939A CN 119046911 A CN119046911 A CN 119046911A
- Authority
- CN
- China
- Prior art keywords
- equipment
- authenticated
- information
- identity
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本申请公开了一种设备身份认证方法及系统,方法包括:获取电力系统的当前业务场景、待认证设备的动态能力信息和所述待认证设备的第一静态能力信息;根据所述第一静态能力信息,确认所述待认证设备的设备类型;根据所述当前业务场景、所述动态能力信息和所述设备类型,获取认证策略;所述认证策略至少包括证明算法和证明算法参数;通过所述认证策略对所述待认证设备进行身份认证。采用本申请实施例能够提高认证过程的效率,进而提高认证方法的适用性和可扩展性,有效保障电力系统的整体安全。
The present application discloses a device identity authentication method and system, the method comprising: obtaining the current business scenario of the power system, the dynamic capability information of the device to be authenticated, and the first static capability information of the device to be authenticated; confirming the device type of the device to be authenticated according to the first static capability information; obtaining the authentication strategy according to the current business scenario, the dynamic capability information, and the device type; the authentication strategy at least includes a proof algorithm and proof algorithm parameters; and authenticating the device to be authenticated through the authentication strategy. The use of the embodiments of the present application can improve the efficiency of the authentication process, thereby improving the applicability and scalability of the authentication method, and effectively ensuring the overall safety of the power system.
Description
Technical Field
The present application relates to the field of authentication technologies, and in particular, to a method and a system for authenticating an equipment identity.
Background
Terminal equipment in an electric power system is various in variety, the information difference of computing capacity, storage capacity, communication bandwidth and the like is large, and the traditional terminal equipment identity authentication method adopts a unified authentication algorithm, so that the characteristics of different equipment are difficult to consider, and the authentication process is low in efficiency.
Disclosure of Invention
The application provides an equipment identity authentication method and system, which are used for solving the problems that in the prior art, the characteristics of different equipment are difficult to consider, the authentication process is low in efficiency, and the applicability and expandability of the authentication method are affected.
In order to achieve the above object, an embodiment of the present application provides an equipment identity authentication method, including:
acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
according to the first static capacity information, confirming the equipment type of the equipment to be authenticated;
acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
And carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
As an improvement of the above solution, said validating the certification algorithm and the certification algorithm parameters according to the current service scenario, the dynamic capability information and the device type includes:
according to the current service scene, acquiring the security requirement of the current service scene;
Selecting the proving algorithm from a preset algorithm library according to the safety requirement and the equipment type;
And selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capacity information and the proving algorithm.
As an improvement of the above solution, the identifying, according to the first static capability information, the device type of the device to be authenticated includes:
vectorizing the first static capacity information to obtain a first static capacity vector;
Performing similarity matching on the first static capacity vector and each capacity characteristic vector in a preset capacity library to obtain a target capacity characteristic vector;
And confirming the equipment type according to the target capability feature vector.
As an improvement of the above scheme, the capability library is constructed by the steps of:
acquiring second static capacity information of a plurality of test devices;
Vectorizing the second static capacity information to obtain second static capacity vectors;
Performing cluster analysis on a plurality of second static capacity vectors to obtain a plurality of clustering results;
and calculating the capability feature vector of each clustering result to form the capability library.
As an improvement of the above solution, the performing identity authentication on the device to be authenticated by using the authentication policy includes:
acquiring an identity token sent by the equipment to be authenticated, wherein the identity token is generated by the authentication strategy;
and carrying out identity authentication on the equipment to be authenticated according to the identity token.
As an improvement of the above solution, the identity token is generated by the device to be authenticated by:
Acquiring identity information of the equipment to be authenticated;
associating the first static capability information with the identity information;
And encrypting the associated first static capacity information and identity information by adopting the authentication strategy to obtain the identity token.
As an improvement of the above solution, the authenticating the device to be authenticated according to the identity token includes:
And matching the identity token with each token in a preset token library, and if the identity token is matched with the same token, passing the identity authentication.
As an improvement of the above solution, the device identity authentication method further includes:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
and adjusting the access strategy of the equipment to be authenticated according to the security state information of the equipment to be authenticated.
As an improvement of the above solution, the device identity authentication method further includes:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
Judging whether the equipment to be authenticated is in a safe state or not according to the safety state information of the equipment to be authenticated;
and if the equipment to be authenticated is judged not to be in the safety state, sending a safety control instruction to the equipment to be authenticated.
To achieve the above object, an embodiment of the present application further provides an equipment identity authentication system, including a controller configured to:
acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
And carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
Compared with the prior art, the equipment identity authentication method and system provided by the embodiment of the application have the advantages that the current service scene of the power system, the dynamic capacity information of equipment to be authenticated and the first static capacity information of the equipment to be authenticated are obtained, the equipment type of the equipment to be authenticated is confirmed according to the first static capacity information, the authentication strategy is obtained according to the current service scene, the dynamic capacity information and the equipment type, the authentication strategy at least comprises a proving algorithm and proving algorithm parameters, and the identity authentication is carried out on the equipment to be authenticated through the authentication strategy. Therefore, the embodiment of the application not only considers the characteristics of different equipment, but also considers the service scene, can improve the efficiency of the authentication process, further improve the applicability and the expandability of the authentication method, and effectively ensure the overall safety of the power system.
Drawings
Fig. 1 is a flowchart of an equipment identity authentication method provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, fig. 1 is a flowchart of an equipment identity authentication method provided in an embodiment of the present application, where the equipment identity authentication method includes:
S1, acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
S2, confirming the equipment type of the equipment to be authenticated according to the first static capacity information;
s3, acquiring an authentication strategy according to the current service scene, the dynamic capability information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
S4, carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
It will be appreciated that the dynamic capability information of the device is used to indicate the current capabilities of the device, including, for example, at least one of the current occupancy of the CPU, the current usage of the memory, and the current communication delay. The static capability information (first static capability information, second static capability information) of the device is used to indicate the specification of the device, i.e. the maximum capability that can be achieved, including, for example, at least one of computing capability, storage capacity, communication bandwidth. The characteristics of the equipment are expressed in all aspects through the dynamic capability information and the static capability information of the equipment, so that the authentication process takes the characteristics of different equipment into consideration.
The embodiment of the application can be provided with the authentication policy library in advance, wherein the authentication policy library comprises the corresponding relation between the current service scene, the dynamic capability information and the equipment type and the authentication policy, so that the authentication policy library can obtain the authentication policy conforming to the current situation, the characteristics of different equipment are considered, the efficiency of the authentication process can be improved by considering the service scene, the applicability and the expandability of the authentication method are improved, and the overall safety of the power system is effectively ensured. The authentication policy library can be obtained by testing in advance, specifically, various authentication policies are adopted for authentication testing for various conditions, and the optimal authentication policies are selected for various conditions according to the authentication time obtained each time to form a corresponding relationship.
In an alternative embodiment, said validating the attestation algorithm and attestation algorithm parameters based on said current traffic scenario, said dynamic capability information, and said device type comprises:
according to the current service scene, acquiring the security requirement of the current service scene;
Selecting the proving algorithm from a preset algorithm library according to the safety requirement and the equipment type;
And selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capacity information and the proving algorithm.
In the embodiment of the application, the current service scene can be analyzed through a machine learning algorithm to obtain the security requirement of the current service scene, for example, the security requirement is high, medium, low and the like. And selecting the proving algorithm from a preset algorithm library by combining the safety requirement and the equipment type, wherein the algorithm library comprises the corresponding relation of the safety requirement, the equipment type and the proving algorithm, and the proving algorithm is dynamically adjusted to meet the requirement change of the equipment type in the scene. And finally, selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capability information and the proving algorithm, wherein the parameter library comprises the corresponding relation among the dynamic capability information, the proving algorithm and the parameters of the proving algorithm, and adapting to the change of the capability of the equipment by dynamically adjusting the parameters of the proving algorithm.
In an exemplary power consumption information collection scenario of the smart grid, for a LXSK-2000 type electric energy meter, a proving algorithm with a high security requirement is selected from a preset algorithm library, wherein the proving algorithm comprises an elliptic curve cryptography algorithm, a hash algorithm, a zero knowledge proving algorithm and the like. And selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capability information and the selected proving algorithm. The certification algorithm and the certification algorithm parameters construct an authentication flow for high-efficiency authentication of LXSK-2000 type electric meters. For example, if the dynamic capability information is that the current occupancy rate of the CPU of the electric meter exceeds 80%, the proving algorithm parameter of the elliptic curve cryptography algorithm is adjusted from ECC-256 to ECC-224 so as to reduce the calculation load of the electric meter. The dynamic capability information is that the current communication delay exceeds 500 ms, and the number of interaction rounds in the proving algorithm is reduced from 3 rounds to 2 rounds so as to adapt to the change of the network condition. In addition, the system also monitors the change of the safety requirement of the electricity consumption information acquisition scene in real time, and the electricity consumption information acquisition scene is changed from high to medium, so that the hash algorithm SM3 is switched to the hash algorithm SHA-256, and the authentication efficiency is further improved while the safety requirement is met.
In an optional embodiment, the validating the device type of the device to be authenticated according to the first static capability information includes:
vectorizing the first static capacity information to obtain a first static capacity vector;
Performing similarity matching on the first static capacity vector and each capacity characteristic vector in a preset capacity library to obtain a target capacity characteristic vector;
And confirming the equipment type according to the target capability feature vector.
In the embodiment of the application, the first static capacity information of the equipment to be authenticated is vectorized to obtain a first static capacity vector, the similarity matching is carried out on the first static capacity vector and each capacity characteristic vector in a preset capacity library, the capacity characteristic vector with the largest similarity is taken as a target capacity characteristic vector, and the equipment type is confirmed according to the target capacity characteristic vector. The capability library comprises corresponding relations between capability feature vectors and device types.
Illustratively, the identity token is "0x3a5c", and the first static capability information of the device is "computing capability is 5 GFLOPS, storage capacity is 128 GB, and communication bandwidth is 100 Mbps" according to "0x3a5 c". The first static capability vector is [5,128,100] when the quantized value of the computing capability is 5, the quantized value of the storage capacity is 128, and the quantized value of the communication bandwidth is 100. And calculating the similarity between [5,128,100] and each capability feature vector, wherein the capability feature vector with the maximum similarity is used as a target capability feature vector, and the device type corresponding to the target capability feature vector is the device type of the device to be authenticated.
In an alternative embodiment, the capability library is built by:
acquiring second static capacity information of a plurality of test devices;
Vectorizing the second static capacity information to obtain second static capacity vectors;
Performing cluster analysis on a plurality of second static capacity vectors to obtain a plurality of clustering results;
and calculating the capability feature vector of each clustering result to form the capability library.
In the embodiment of the application, a plurality of second static capacity vectors are obtained by vectorizing second static capacity information of a plurality of test devices, a plurality of clustering results are obtained by carrying out cluster analysis on the plurality of second static capacity vectors, and capacity characteristic vectors of each clustering result are calculated, wherein the capacity characteristic vectors form the capacity library. The capability library comprises corresponding relations between capability feature vectors and device types.
Illustratively, the second static capacity vector of the test apparatus is [5,128,100]. And (3) analyzing the energy moment array by adopting a K-means clustering algorithm, dividing the equipment with similar distances into the same category by calculating Euclidean distance between the equipment, forming a clustering result, namely an equipment classification result, and dividing the equipment with the calculation capability of 0-100 GFLOPS, the storage capacity of 100-200 GB and the communication bandwidth of 50-150 Mbps into one category. And counting the average value, the maximum value, the minimum value and other statistical characteristics of all the devices in each capability dimension in each device category, and obtaining the capability feature vector of the device category, wherein the capability feature vector of a certain category is [5,150,100,100,200,150], and the capability feature vector respectively represents the average computing capability, the average storage capacity, the average communication bandwidth, the maximum computing capability, the maximum storage capacity and the maximum communication bandwidth of the device of the category. The correspondence between the device type and the capability feature vector is included in the capability library, for example, in the capability library, the device type with the capability feature vector of [5,150,100,100,200,150] is the first device type.
In an optional embodiment, the authenticating the identity of the device to be authenticated through the authentication policy includes:
acquiring an identity token sent by the equipment to be authenticated, wherein the identity token is generated by the authentication strategy;
and carrying out identity authentication on the equipment to be authenticated according to the identity token.
In the embodiment of the application, the equipment to be authenticated generates the identity token through the authentication strategy and sends the identity token to the power system for identity authentication. If the identity authentication is passed, the equipment to be authenticated is legal equipment, and the equipment to be authenticated is allowed to be accessed into the power system so as to access the power system, and the overall safety of the power system is ensured. If the identity authentication is not passed, the equipment to be authenticated is illegal to access, and the equipment to be authenticated is refused to access the power system.
In an alternative embodiment, the identity token is generated by the device to be authenticated by:
Acquiring identity information of the equipment to be authenticated;
associating the first static capability information with the identity information;
And encrypting the associated first static capacity information and identity information by adopting the authentication strategy to obtain the identity token.
In the embodiment of the application, the identity token of the equipment is obtained by combining the first static capacity information and the identity information of the equipment, so that the accuracy of authentication is improved.
Exemplary, the first static capability information of the device to be authenticated is obtained, for example, "computing capability: 5 GFLOPS, storage capacity: 128 GB, communication bandwidth: 100 Mbps", the identity information of the device to be authenticated is obtained, for example, "a001" device identifier, the hardware information is "CPU:4 GHz, the memory: 8 GB", and the software information is "operating system: android 10". The method comprises the steps of associating 'computing capacity: 5 GFLOPS, storage capacity: 128 GB, communication bandwidth: 100 Mbps' with 'A001, CPU:4 GHz, memory: 8 GB', operating system: android 10 ', associating the associated' A001, CPU:4 GHz, memory: 8 GB ', operating system: android 10, computing capacity: 5 GFLOPS, storage capacity: 128 GB, communication bandwidth: 100 Mbps', obtaining the identity token, and carrying out hash operation by using a SHA-256 (secure hash) algorithm to obtain a hash value of '0 x3a5 c' as the identity token. In addition, a mapping relationship between the device identifier "a001" and the identity token "0x3a5c" may be established, so that the device identifier may be queried according to the identity token, and further, the first static capability information of the device may be queried according to the device identifier.
In an optional embodiment, the authenticating the device to be authenticated according to the identity token includes:
And matching the identity token with each token in a preset token library, and if the identity token is matched with the same token, passing the identity authentication.
In the embodiment of the application, the electric power system is preset with a token library, the token library stores a plurality of tokens, and when the identity token of the equipment to be authenticated can be inquired in the token library, the identity authentication of the equipment to be authenticated is indicated to pass.
In an alternative embodiment, the device identity authentication method further includes:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
and adjusting the access strategy of the equipment to be authenticated according to the security state information of the equipment to be authenticated.
In the embodiment of the application, the safety state information of the equipment to be authenticated can be analyzed through a machine learning algorithm, the access strategy of the equipment to be authenticated is timely adjusted, the continuous management and control of the equipment are realized, and the influence of the abnormal behavior of the equipment on the safety of the power system can be avoided. Optionally, the security state information includes an operation log and a security event.
For example, the power system queries 5000 operation logs and 200 security events of the electric meter in the last 1 year, if it is determined that the electric meter is currently in a security state according to the data, the system adjusts an access policy of the electric meter to a first access policy, for example, allows the electric meter to upload electric quantity data once every 5 minutes, synchronizes charging information once a day, and so on. If the current abnormal state of the ammeter is judged according to the data, for example, the abnormal times exceeds 3 times in 1 hour, the system adjusts the access strategy of the ammeter to the second access strategy so as to limit the ammeter function and ensure the overall safety of the electric power system. If the electric meter is judged to be in a dangerous state according to the data, the system changes the access strategy of the electric meter to a third access strategy, such as refusing the access of the electric meter, so as to ensure the overall safety of the electric power system.
In an alternative embodiment, the device identity authentication method further includes:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
Judging whether the equipment to be authenticated is in a safe state or not according to the safety state information of the equipment to be authenticated;
and if the equipment to be authenticated is judged not to be in the safety state, sending a safety control instruction to the equipment to be authenticated.
In the embodiment of the application, the safety state information of the equipment to be authenticated is analyzed, and the safety control instruction is sent to the equipment to be authenticated so as to limit or close the operation of the equipment to be authenticated, so that the safety risk of the equipment can be found in time, and the safety of the equipment is improved.
The system acquires the operation log and the security event of the device every 5 minutes, analyzes the security states as security state information, judges whether the device is in a security state, such as an unknown process, initiating a suspicious connection to the outside, and judges that the device is in an abnormal state, i.e. the device is not in a security state, or is in a security state. For the equipment which is not in the safety state, a safety control instruction, such as a virus checking and killing instruction, a high-risk port closing instruction, a limiting operation instruction and the like, is sent to the equipment to be authenticated, specifically, according to the safety state information of the equipment to be authenticated, the abnormal description information of the equipment to be authenticated is obtained, and then the safety control instruction to be sent is determined according to the abnormal description information.
In addition, the embodiment of the application also provides a device identity authentication system, which comprises a controller, wherein the controller is configured to:
acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
according to the first static capacity information, confirming the equipment type of the equipment to be authenticated;
acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
And carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
Optionally, the validating the proving algorithm and proving algorithm parameters according to the current service scenario, the dynamic capability information and the device type includes:
according to the current service scene, acquiring the security requirement of the current service scene;
Selecting the proving algorithm from a preset algorithm library according to the safety requirement and the equipment type;
And selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capacity information and the proving algorithm.
Optionally, the confirming the device type of the device to be authenticated according to the first static capability information includes:
vectorizing the first static capacity information to obtain a first static capacity vector;
Performing similarity matching on the first static capacity vector and each capacity characteristic vector in a preset capacity library to obtain a target capacity characteristic vector;
And confirming the equipment type according to the target capability feature vector.
Optionally, the capability library is constructed by:
acquiring second static capacity information of a plurality of test devices;
Vectorizing the second static capacity information to obtain second static capacity vectors;
Performing cluster analysis on a plurality of second static capacity vectors to obtain a plurality of clustering results;
and calculating the capability feature vector of each clustering result to form the capability library.
Optionally, the authenticating the identity of the device to be authenticated through the authentication policy includes:
acquiring an identity token sent by the equipment to be authenticated, wherein the identity token is generated by the authentication strategy;
and carrying out identity authentication on the equipment to be authenticated according to the identity token.
Optionally, the identity token is generated by the device to be authenticated by:
Acquiring identity information of the equipment to be authenticated;
associating the first static capability information with the identity information;
And encrypting the associated first static capacity information and identity information by adopting the authentication strategy to obtain the identity token.
Optionally, the authenticating the identity of the device to be authenticated according to the identity token includes:
And matching the identity token with each token in a preset token library, and if the identity token is matched with the same token, passing the identity authentication.
Optionally, the controller is further configured to:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
and adjusting the access strategy of the equipment to be authenticated according to the security state information of the equipment to be authenticated.
Optionally, the controller is further configured to:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
Judging whether the equipment to be authenticated is in a safe state or not according to the safety state information of the equipment to be authenticated;
and if the equipment to be authenticated is judged not to be in the safety state, sending a safety control instruction to the equipment to be authenticated.
It should be noted that, the working process of the equipment identity authentication system according to the embodiment of the present application may refer to the working process of the equipment identity authentication method according to the foregoing embodiment, which is not described herein again.
The equipment identity authentication system provided by the embodiment of the application is used for acquiring a current service scene of a power system, dynamic capacity information of equipment to be authenticated and first static capacity information of the equipment to be authenticated, confirming the equipment type of the equipment to be authenticated according to the first static capacity information, acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters, and carrying out identity authentication on the equipment to be authenticated through the authentication strategy. Therefore, the embodiment of the application not only considers the characteristics of different equipment, but also considers the service scene, can improve the efficiency of the authentication process, further improve the applicability and the expandability of the authentication method, and effectively ensure the overall safety of the power system.
In addition, the embodiment of the application also provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program controls equipment where the computer readable storage medium is located to execute the equipment identity authentication method according to any embodiment.
In addition, the embodiment of the application also provides a computer program product, which comprises a computer program/instruction, wherein the computer program/instruction realizes the equipment identity authentication method according to any one of the above embodiments when being executed by a processor.
The embodiment of the application also provides an authentication device which comprises a processor, a memory and a computer program stored in the memory and capable of running on the processor. The steps in the above-mentioned equipment identity authentication method embodiment are implemented when the processor executes the computer program. Or the processor, when executing the computer program, performs the functions of the modules/units in the above-described device embodiments.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present application, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program in the authentication device.
The authentication device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of an authentication device and is not limiting of the authentication device, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the authentication device may also include an input-output device, a network access device, a bus, etc.
The Processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field-Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that is a control center of the authentication device, connecting various parts of the entire authentication device using various interfaces and lines.
The memory may be used to store the computer program and/or module, and the processor may implement various functions of the authentication device by running or executing the computer program and/or module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area which may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), etc., and a storage data area which may store data created according to the use of the cellular phone (such as audio data, a phonebook, etc.), etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the integrated modules/units of the authentication device may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.
While the foregoing is directed to the preferred embodiments of the present application, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the application, such changes and modifications are also intended to be within the scope of the application.
Claims (10)
1. A device identity authentication method, comprising:
acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
according to the first static capacity information, confirming the equipment type of the equipment to be authenticated;
acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
And carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
2. The device identity authentication method of claim 1, wherein said validating the attestation algorithm and attestation algorithm parameters based on the current traffic scenario, the dynamic capability information, and the device type comprises:
according to the current service scene, acquiring the security requirement of the current service scene;
Selecting the proving algorithm from a preset algorithm library according to the safety requirement and the equipment type;
And selecting the parameters of the proving algorithm from a preset parameter library according to the dynamic capacity information and the proving algorithm.
3. The device identity authentication method of claim 1, wherein the validating the device type of the device to be authenticated according to the first static capability information comprises:
vectorizing the first static capacity information to obtain a first static capacity vector;
Performing similarity matching on the first static capacity vector and each capacity characteristic vector in a preset capacity library to obtain a target capacity characteristic vector;
And confirming the equipment type according to the target capability feature vector.
4. The device identity authentication method of claim 3, wherein the capability library is constructed by:
acquiring second static capacity information of a plurality of test devices;
Vectorizing the second static capacity information to obtain second static capacity vectors;
Performing cluster analysis on a plurality of second static capacity vectors to obtain a plurality of clustering results;
and calculating the capability feature vector of each clustering result to form the capability library.
5. The device identity authentication method of claim 1, wherein the authenticating the device to be authenticated by the authentication policy comprises:
acquiring an identity token sent by the equipment to be authenticated, wherein the identity token is generated by the authentication strategy;
and carrying out identity authentication on the equipment to be authenticated according to the identity token.
6. The device identity authentication method of claim 5, wherein the identity token is generated by the device to be authenticated by:
Acquiring identity information of the equipment to be authenticated;
associating the first static capability information with the identity information;
And encrypting the associated first static capacity information and identity information by adopting the authentication strategy to obtain the identity token.
7. The device identity authentication method of claim 5, wherein authenticating the device to be authenticated based on the identity token comprises:
And matching the identity token with each token in a preset token library, and if the identity token is matched with the same token, passing the identity authentication.
8. The device identity authentication method of claim 1, wherein the device identity authentication method further comprises:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
and adjusting the access strategy of the equipment to be authenticated according to the security state information of the equipment to be authenticated.
9. The device identity authentication method of claim 1, wherein the device identity authentication method further comprises:
after the identity authentication is passed, acquiring the safety state information of the equipment to be authenticated;
Judging whether the equipment to be authenticated is in a safe state or not according to the safety state information of the equipment to be authenticated;
and if the equipment to be authenticated is judged not to be in the safety state, sending a safety control instruction to the equipment to be authenticated.
10. An equipment identity authentication system is characterized in that, including a controller configured to:
acquiring a current service scene of a power system, dynamic capability information of equipment to be authenticated and first static capability information of the equipment to be authenticated;
according to the first static capacity information, confirming the equipment type of the equipment to be authenticated;
acquiring an authentication strategy according to the current service scene, the dynamic capacity information and the equipment type, wherein the authentication strategy at least comprises a proving algorithm and proving algorithm parameters;
And carrying out identity authentication on the equipment to be authenticated through the authentication strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411523939.6A CN119046911B (en) | 2024-10-30 | 2024-10-30 | Device identity authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411523939.6A CN119046911B (en) | 2024-10-30 | 2024-10-30 | Device identity authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119046911A true CN119046911A (en) | 2024-11-29 |
| CN119046911B CN119046911B (en) | 2025-04-18 |
Family
ID=93587209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411523939.6A Active CN119046911B (en) | 2024-10-30 | 2024-10-30 | Device identity authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119046911B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
| US20170180362A1 (en) * | 2014-09-03 | 2017-06-22 | Alibaba Group Holding Limited | Identity authentication method and apparatus, terminal and server |
| CN112600860A (en) * | 2021-03-02 | 2021-04-02 | 浙江口碑网络技术有限公司 | Method and device for authenticating equipment identity |
| CN116090021A (en) * | 2021-11-05 | 2023-05-09 | 中国移动通信有限公司研究院 | Authentication method and device of access equipment and communication equipment |
| CN116527291A (en) * | 2022-01-20 | 2023-08-01 | 慧与发展有限责任合伙企业 | Authenticating a client device |
-
2024
- 2024-10-30 CN CN202411523939.6A patent/CN119046911B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170180362A1 (en) * | 2014-09-03 | 2017-06-22 | Alibaba Group Holding Limited | Identity authentication method and apparatus, terminal and server |
| CN106453422A (en) * | 2016-12-08 | 2017-02-22 | 上海众人网络安全技术有限公司 | Dynamic authentication method and system based on mobile terminal |
| CN112600860A (en) * | 2021-03-02 | 2021-04-02 | 浙江口碑网络技术有限公司 | Method and device for authenticating equipment identity |
| CN116090021A (en) * | 2021-11-05 | 2023-05-09 | 中国移动通信有限公司研究院 | Authentication method and device of access equipment and communication equipment |
| CN116527291A (en) * | 2022-01-20 | 2023-08-01 | 慧与发展有限责任合伙企业 | Authenticating a client device |
Non-Patent Citations (2)
| Title |
|---|
| PEDRO MIGUEL SANCHEZ SANCHEZ 等: "AuthCODE:A privacy-preserving and multi-device continuous authentication architecture based on machine and deep learning", 《ELSEVIER》, 4 January 2021 (2021-01-04) * |
| 唐大圆 等: "电力物联网零信任架构下的分布式认证模型", 《信息安全研究》, 31 January 2024 (2024-01-31) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119046911B (en) | 2025-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | {REM}:{Resource-Efficient} mining for blockchains | |
| AU2014342834B2 (en) | Method and system for validating a virtual asset | |
| CN111131412B (en) | Method, system, mobile terminal and cloud server for realizing 5G mobile terminal calculation | |
| CN110197541A (en) | A kind of shared automobile management method based on block chain | |
| CN106790129A (en) | A kind of identity authentication method and device | |
| CN110910148A (en) | Block chain-based article authentication method and device and storage medium | |
| JP7434690B2 (en) | Method, apparatus, system, device and computer program for detecting user data of user equipment UE | |
| AU2014342834A1 (en) | Method and system for validating a virtual asset | |
| TWI812366B (en) | A data sharing method, device, equipment and storage medium | |
| WO2022036909A1 (en) | High security transaction block system | |
| CN119071053A (en) | Identification authentication method, system, device and storage medium for IoT device | |
| CN111970112B (en) | Ether house deployment method and system based on ZYNQ heterogeneous computing platform | |
| CN119046911B (en) | Device identity authentication method and system | |
| CN108363740B (en) | IP address analysis method and device, storage medium and terminal | |
| CN115174160A (en) | Malicious encrypted traffic classification method and device based on stream level and host level | |
| CN118278901B (en) | Engineering auditing method and device based on blockchain, electronic equipment and storage medium | |
| CN112995111B (en) | Block chain-based Internet of things security detection method, equipment, system and medium | |
| Bui et al. | A clustering-based shrink autoencoder for detecting anomalies in intrusion detection systems | |
| CN115345254B (en) | Multi-attribute physical layer authentication method, device, terminal and storage medium | |
| CN115118466B (en) | Policy generation method and device, electronic equipment and storage medium | |
| Ye et al. | Investigation of Properties of ICmetric in Cloud | |
| CN110399750A (en) | A threshold voting method and related devices based on block chain consensus | |
| CN117874738A (en) | User information authentication method and system based on trusted execution environment | |
| CN114745191A (en) | Credible real-time measurement method, device, equipment and medium for energy internet terminal | |
| CN115408702A (en) | Stacking interface operation risk level evaluation method and application thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |