CN106230856A - A kind of System of Industrial Device Controls based on Internet of Things - Google Patents
A kind of System of Industrial Device Controls based on Internet of Things Download PDFInfo
- Publication number
- CN106230856A CN106230856A CN201610778830.6A CN201610778830A CN106230856A CN 106230856 A CN106230856 A CN 106230856A CN 201610778830 A CN201610778830 A CN 201610778830A CN 106230856 A CN106230856 A CN 106230856A
- Authority
- CN
- China
- Prior art keywords
- information data
- key
- attribute
- identity
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a kind of System of Industrial Device Controls based on Internet of Things, including video surveillance devices, communication system, central monitoring center, customer mobile terminal, video monitoring display and Information Security Management System;Described video surveillance devices is arranged according to industrial equipment position;Described communication system includes multiple switch, and described video surveillance devices is connected with central monitoring center by switch, and central monitoring center connects customer mobile terminal and video monitoring display by wireless network;Described health center includes the health status monitoring system for monitoring industrial equipment health status;Described Information Security Management System is for managing the information data relevant to industrial equipment, and ensures the safety of described information data.Monitor while present invention achieves multiple customer mobile terminal and central monitoring center, and the monitoring management of Internet of things type, safety height.
Description
Technical field
The present invention relates to monitoring of tools technical field, be specifically related to a kind of System of Industrial Device Controls based on Internet of Things.
Background technology
Industrialized production is typically made up of a plurality of production line, a production line includes one even more than important
Equipment, whether the operation of these equipment normally by affecting the operation of whole production line, needs to carry out important equipment in real time
Monitoring ensure the properly functioning of whole production line.In correlation technique, the equipment in industrialized production is the most all installed commonly
Monitoring system, common monitoring system mainly by front end monitor equipment, transmission equipment, rear end control this three big portion of display device
Being grouped into, wherein rear end equipment can be further divided into central control equipment and sub-control control equipment.Front and back ends equipment has multiple composition
Mode, the contact between them can be realized by various ways such as cable, optical fiber or microwaves.Described common monitoring system is past
Toward processing delayed state, it is impossible to real-time notice to operator, operator need the moment to pay close attention to rear end control platform, with
The operator of Shi Houduan do not know about the operating mode of each key equipment of industrialized production equipment, it is impossible to real-time being monitored and doing
The process being suitable for, it is impossible to realize the management of net network type.
Summary of the invention
For solving the problems referred to above, it is desirable to provide a kind of System of Industrial Device Controls based on Internet of Things.
The purpose of the present invention realizes by the following technical solutions:
Provide a kind of System of Industrial Device Controls based on Internet of Things, including video surveillance devices, communication system, central authorities
Surveillance center, customer mobile terminal, video monitoring display and Information Security Management System;Described video surveillance devices root
It is arranged according to industrial equipment position;Described communication system includes that multiple switch, described video surveillance devices pass through switch
Being connected with central monitoring center, central monitoring center connects customer mobile terminal by wireless network and video monitoring shows
Device;Described health center includes the health status monitoring system for monitoring industrial equipment health status;Described information security pipe
Reason system is for managing the information data relevant to industrial equipment, and ensures the safety of described information data.
The invention have the benefit that and monitor while achieving multiple customer mobile terminal and central monitoring center, energy
In real time operation of industrial installation will be notified the mobile and management personnel of central monitoring center and show, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention
System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings
Other accompanying drawing.
Fig. 1 is present configuration connection diagram.
Fig. 2 is the structural representation of Information Security Management System of the present invention.
Reference:
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal
5, video monitoring display 6, source of early warning 7, information data service system 40, information data pretreatment system 41, cloud storage add
Decryption system 42, control system 43, security management center 44.
Detailed description of the invention
The invention will be further described with the following Examples.
Application scenarios 1
Seeing Fig. 1, Fig. 2, the System of Industrial Device Controls based on Internet of Things of an embodiment of this application scene includes
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal 5, video are supervised
Control display 6;Described video surveillance devices 1 is arranged according to industrial equipment position;Described communication system 2 includes multiple friendship
Changing planes, described video surveillance devices 1 is connected with central monitoring center 3 by switch, and central monitoring center 3 passes through wireless network
Connect customer mobile terminal 5 and video monitoring display 6;Described health center includes for monitoring industrial equipment health status
Health status monitoring system;Described Information Security Management System 4 is for managing the information data relevant to industrial equipment, and protects
Hinder the safety of described information data.
The above embodiment of the present invention achieves and monitors while multiple customer mobile terminal 5 and central monitoring center 3, can be by
In real time operation of industrial installation is notified the mobile and management personnel of central monitoring center 3 and shows, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Preferably, described central monitoring center 3 is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception
7。
This preferred embodiment adds the warning function of system, improves the safety of system.
Preferably, described customer mobile terminal 5 is connected by wireless network with described source of early warning 7.
This preferred embodiment is easy to customer mobile terminal 5 and is reported to the police, and further increases the safety of system.
Preferably, described Information Security Management System 4 includes information data service system 40, information data pretreatment system
41, cloud storage encrypting and deciphering system 42, control system 43 and security management center 44;Described information data service system 40 is used for bearing
Blame the storage of information data, back up and inquire about;Described information data pretreatment system 41 is for entering the information data that need to maintain secrecy
Row pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the Information Number to maintaining secrecy of the access control safety strategy according to optimization
According to being encrypted or deciphering;Described control system 43 is used for information data storing to corresponding storage device;Described bursting tube
Reason center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of Information Security Management System 4.
Preferably, the storage of described responsible information data, back up and inquire about, including:
(1) information data format is changed, set up and be applicable to the form that non-relation information data base carries out storing;
(2) information data is divided into basic information data and specialized information data, uses centralized and distributed combination
Information data is stored by strategy, and during storage, all information datas all back up;Described centralized and distributed combination
Strategy includes: using centralised storage for the basic information data higher than predeterminated frequency, by information data, administrative center unifies
Safeguard, for the specialized information data acquisition distributed storage less than predeterminated frequency, each specialized information data center tie up respectively
Protect;
(3) set up corresponding information data retrieval algorithm, information data is carried out quick-searching, described information data retrieval
The mode that algorithm uses catalogue retrieval and search engine to combine is carried out, and specifically includes: set up information data catalogue, according to catalogue
Information data is carried out preliminary search;Input key word at search engine, information data is carried out precise search;Search engine is pressed
Find the information data of coupling according to certain mode, and be ranked up feeding back to according to the matching degree of information data with key word
User.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Information data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for information data service system 40, information data pretreatment system 41, cloud storage encrypting and deciphering system 42, control
The security protection that system 43 processed is different requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, is formed
Complete security protection system;
(2) set up effective information data security strategy, the safety in information data storing, transmission, access process is entered
Row considers, and is not only encrypted information data, is encrypted the host-host protocol of information data simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal information data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described information data pretreatment system 41 includes information data cutting unit, information data extracting unit
With access control safety policy optimization unit, described information data cutting unit is for being divided into many to the information data that need to maintain secrecy
The information data set of individual mutual exclusion;Described information data extracting unit is used for the information data set to described mutual exclusion according to making by oneself
The ordering rule of justice is ranked up, and is sequentially extracted by first information data unit in each information data set, with
Described ordering rule preserves as fritter information data together, and wherein said mutual exclusion represents the information two-by-two in information data set
Any association is there is not between data cell;Described access control safety policy optimization unit is for based on fine granularity division of resources
Access control safety policy optimization method generate system access control safety strategy, including:
(1) information data set based on the mutual exclusion after being processed by information data extracting unit, builds Hierarchical Information number
According to table structure, described Hierarchical Information data tree structure is layer three information data tree structure, and it includes service layer, logical layer and thing
Reason layer, described service layer is the root vertex relevant to information data dispatch service, and described logical layer is access control safety plan
The information data of association in slightly, the information data unit in the information data set containing all mutual exclusions of the described physical layer packet;
(2) based on accessing the access control controlling markup language XACML formulation for the information data of different safety class
Security strategy, projects to the information data set of described mutual exclusion with information data by the rule associated in access control safety strategy
In information data unit on, thus the rule in access control safety strategy is refine to information data dimension;
(3) the information data unit enterprising line discipline optimization in the information data set of each described mutual exclusion, to delete
The conflict of distribution rule on each information data unit and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by information data storing to corresponding storage device, including:
(1) by fritter information data storing to local storage, and use user-defined encryption technology to little block message
Data are encrypted;
(2) after remaining information data being encrypted by cloud storage encrypting and deciphering system 42, storage is to the cloud of central monitoring center 3
In data base;Wherein, after the cloud data base of central monitoring center 3 receives information data, this information data has been carried out by cloud
It is saved in memory node after the verification of whole property.
Above-mentioned two preferred embodiment configuration information data pretreatment 41, first carries out letter to the information data that need to maintain secrecy
Breath data segmentation and information data extraction process, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce information
The amount of physical memory of data storage, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, carry
High access control decision efficiency;Extraction part information data storing is processed in local storage by information data extraction, its
Remaining information data stores to the cloud data base of central monitoring center 3 after arranging corresponding access control safety strategy, solves
Traditional cloud storage information data privacy security mechanism based on simple encryption technology is in actual information data operating process
The bigger overhead that brings and loaded down with trivial details, can effectively prevent malicious user or cloud storage manager from illegally stealing, distorting
The privacy information data of user, improve the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 mainly by information data owner, attribute mechanism, cloud, credible three
Side, five entities of user are constituted, and the described information data to maintaining secrecy is encrypted or deciphers, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for information data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes information data double secret key need to store the cloud data of central monitoring center 3
The information data in storehouse carries out information data encryption, obtains ciphertext CT, is then utilized respectively identity public key and attribute PKI to information
Data key is encrypted, and generates identity key ciphertext CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate information data key DK:
DK=IK | | AK
B, the information data of the information data key DK cloud data base to central monitoring center 3 need to be stored is utilized to carry out letter
Breath data encryption, after obtaining ciphertext CT, utilizes attribute PKI to encrypt AK, generates attribute key ciphertext CTA, utilize identity public key
IK is encrypted, generates identity key ciphertext CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the formation data request of user, cloud utilizes and acts on behalf of re-encrypted private key by body
Part key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is had by information data
Person's own private key and identity public key calculate and generate;
(5), when carrying out information data decryption, after user receives information data, it is utilized respectively identity private key CKUAIDAnd attribute
Private key CKAIDDecryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconfiguration information data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize thin to eurypalynous information data
Granularity accesses and controls and secret protection, resists user and the collusion of attribute mechanism simultaneously;To the information data that need to maintain secrecy, construct respectively
The encryption and decryption key of identity-based, attribute encryption and decryption key, merge configuration information data encryption key and carry out this information data
Encryption, thus the user only simultaneously meeting identity and attribute double condition can decipher, and greatly improves information security management
The security performance of system 4.
In this application scenarios, update cycle T takes 6, and the safety of system improves 12% relatively.
Application scenarios 2
Seeing Fig. 1, Fig. 2, the System of Industrial Device Controls based on Internet of Things of an embodiment of this application scene includes
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal 5, video are supervised
Control display 6;Described video surveillance devices 1 is arranged according to industrial equipment position;Described communication system 2 includes multiple friendship
Changing planes, described video surveillance devices 1 is connected with central monitoring center 3 by switch, and central monitoring center 3 passes through wireless network
Connect customer mobile terminal 5 and video monitoring display 6;Described health center includes for monitoring industrial equipment health status
Health status monitoring system;Described Information Security Management System 4 is for managing the information data relevant to industrial equipment, and protects
Hinder the safety of described information data.
The above embodiment of the present invention achieves and monitors while multiple customer mobile terminal 5 and central monitoring center 3, can be by
In real time operation of industrial installation is notified the mobile and management personnel of central monitoring center 3 and shows, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Preferably, described central monitoring center 3 is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception
7。
This preferred embodiment adds the warning function of system, improves the safety of system.
Preferably, described customer mobile terminal 5 is connected by wireless network with described source of early warning 7.
This preferred embodiment is easy to customer mobile terminal 5 and is reported to the police, and further increases the safety of system.
Preferably, described Information Security Management System 4 includes information data service system 40, information data pretreatment system
41, cloud storage encrypting and deciphering system 42, control system 43 and security management center 44;Described information data service system 40 is used for bearing
Blame the storage of information data, back up and inquire about;Described information data pretreatment system 41 is for entering the information data that need to maintain secrecy
Row pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the Information Number to maintaining secrecy of the access control safety strategy according to optimization
According to being encrypted or deciphering;Described control system 43 is used for information data storing to corresponding storage device;Described bursting tube
Reason center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of Information Security Management System 4.
Preferably, the storage of described responsible information data, back up and inquire about, including:
(1) information data format is changed, set up and be applicable to the form that non-relation information data base carries out storing;
(2) information data is divided into basic information data and specialized information data, uses centralized and distributed combination
Information data is stored by strategy, and during storage, all information datas all back up;Described centralized and distributed combination
Strategy includes: using centralised storage for the basic information data higher than predeterminated frequency, by information data, administrative center unifies
Safeguard, for the specialized information data acquisition distributed storage less than predeterminated frequency, each specialized information data center tie up respectively
Protect;
(3) set up corresponding information data retrieval algorithm, information data is carried out quick-searching, described information data retrieval
The mode that algorithm uses catalogue retrieval and search engine to combine is carried out, and specifically includes: set up information data catalogue, according to catalogue
Information data is carried out preliminary search;Input key word at search engine, information data is carried out precise search;Search engine is pressed
Find the information data of coupling according to certain mode, and be ranked up feeding back to according to the matching degree of information data with key word
User.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Information data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for information data service system 40, information data pretreatment system 41, cloud storage encrypting and deciphering system 42, control
The security protection that system 43 processed is different requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, is formed
Complete security protection system;
(2) set up effective information data security strategy, the safety in information data storing, transmission, access process is entered
Row considers, and is not only encrypted information data, is encrypted the host-host protocol of information data simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal information data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described information data pretreatment system 41 includes information data cutting unit, information data extracting unit
With access control safety policy optimization unit, described information data cutting unit is for being divided into many to the information data that need to maintain secrecy
The information data set of individual mutual exclusion;Described information data extracting unit is used for the information data set to described mutual exclusion according to making by oneself
The ordering rule of justice is ranked up, and is sequentially extracted by first information data unit in each information data set, with
Described ordering rule preserves as fritter information data together, and wherein said mutual exclusion represents the information two-by-two in information data set
Any association is there is not between data cell;Described access control safety policy optimization unit is for based on fine granularity division of resources
Access control safety policy optimization method generate system access control safety strategy, including:
(1) information data set based on the mutual exclusion after being processed by information data extracting unit, builds Hierarchical Information number
According to table structure, described Hierarchical Information data tree structure is layer three information data tree structure, and it includes service layer, logical layer and thing
Reason layer, described service layer is the root vertex relevant to information data dispatch service, and described logical layer is access control safety plan
The information data of association in slightly, the information data unit in the information data set containing all mutual exclusions of the described physical layer packet;
(2) based on accessing the access control controlling markup language XACML formulation for the information data of different safety class
Security strategy, projects to the information data set of described mutual exclusion with information data by the rule associated in access control safety strategy
In information data unit on, thus the rule in access control safety strategy is refine to information data dimension;
(3) the information data unit enterprising line discipline optimization in the information data set of each described mutual exclusion, to delete
The conflict of distribution rule on each information data unit and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by information data storing to corresponding storage device, including:
(1) by fritter information data storing to local storage, and use user-defined encryption technology to little block message
Data are encrypted;
(2) after remaining information data being encrypted by cloud storage encrypting and deciphering system 42, storage is to the cloud of central monitoring center 3
In data base;Wherein, after the cloud data base of central monitoring center 3 receives information data, this information data has been carried out by cloud
It is saved in memory node after the verification of whole property.
Above-mentioned two preferred embodiment configuration information data pretreatment 41, first carries out letter to the information data that need to maintain secrecy
Breath data segmentation and information data extraction process, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce information
The amount of physical memory of data storage, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, carry
High access control decision efficiency;Extraction part information data storing is processed in local storage by information data extraction, its
Remaining information data stores to the cloud data base of central monitoring center 3 after arranging corresponding access control safety strategy, solves
Traditional cloud storage information data privacy security mechanism based on simple encryption technology is in actual information data operating process
The bigger overhead that brings and loaded down with trivial details, can effectively prevent malicious user or cloud storage manager from illegally stealing, distorting
The privacy information data of user, improve the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 mainly by information data owner, attribute mechanism, cloud, credible three
Side, five entities of user are constituted, and the described information data to maintaining secrecy is encrypted or deciphers, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for information data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes information data double secret key need to store the cloud data of central monitoring center 3
The information data in storehouse carries out information data encryption, obtains ciphertext CT, is then utilized respectively identity public key and attribute PKI to information
Data key is encrypted, and generates identity key ciphertext CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate information data key DK:
DK=IK | | AK
B, the information data of the information data key DK cloud data base to central monitoring center 3 need to be stored is utilized to carry out letter
Breath data encryption, after obtaining ciphertext CT, utilizes attribute PKI to encrypt AK, generates attribute key ciphertext CTA, utilize identity public key
IK is encrypted, generates identity key ciphertext CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the formation data request of user, cloud utilizes and acts on behalf of re-encrypted private key by body
Part key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is had by information data
Person's own private key and identity public key calculate and generate;
(5), when carrying out information data decryption, after user receives information data, it is utilized respectively identity private key CKUAIDAnd attribute
Private key CKAIDDecryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconfiguration information data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize thin to eurypalynous information data
Granularity accesses and controls and secret protection, resists user and the collusion of attribute mechanism simultaneously;To the information data that need to maintain secrecy, construct respectively
The encryption and decryption key of identity-based, attribute encryption and decryption key, merge configuration information data encryption key and carry out this information data
Encryption, thus the user only simultaneously meeting identity and attribute double condition can decipher, and greatly improves information security management
The security performance of system 4.
In this application scenarios, update cycle T takes 7, and the safety of system improves 11% relatively.
Application scenarios 3
Seeing Fig. 1, Fig. 2, the System of Industrial Device Controls based on Internet of Things of an embodiment of this application scene includes
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal 5, video are supervised
Control display 6;Described video surveillance devices 1 is arranged according to industrial equipment position;Described communication system 2 includes multiple friendship
Changing planes, described video surveillance devices 1 is connected with central monitoring center 3 by switch, and central monitoring center 3 passes through wireless network
Connect customer mobile terminal 5 and video monitoring display 6;Described health center includes for monitoring industrial equipment health status
Health status monitoring system;Described Information Security Management System 4 is for managing the information data relevant to industrial equipment, and protects
Hinder the safety of described information data.
The above embodiment of the present invention achieves and monitors while multiple customer mobile terminal 5 and central monitoring center 3, can be by
In real time operation of industrial installation is notified the mobile and management personnel of central monitoring center 3 and shows, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Preferably, described central monitoring center 3 is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception
7。
This preferred embodiment adds the warning function of system, improves the safety of system.
Preferably, described customer mobile terminal 5 is connected by wireless network with described source of early warning 7.
This preferred embodiment is easy to customer mobile terminal 5 and is reported to the police, and further increases the safety of system.
Preferably, described Information Security Management System 4 includes information data service system 40, information data pretreatment system
41, cloud storage encrypting and deciphering system 42, control system 43 and security management center 44;Described information data service system 40 is used for bearing
Blame the storage of information data, back up and inquire about;Described information data pretreatment system 41 is for entering the information data that need to maintain secrecy
Row pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the Information Number to maintaining secrecy of the access control safety strategy according to optimization
According to being encrypted or deciphering;Described control system 43 is used for information data storing to corresponding storage device;Described bursting tube
Reason center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of Information Security Management System 4.
Preferably, the storage of described responsible information data, back up and inquire about, including:
(1) information data format is changed, set up and be applicable to the form that non-relation information data base carries out storing;
(2) information data is divided into basic information data and specialized information data, uses centralized and distributed combination
Information data is stored by strategy, and during storage, all information datas all back up;Described centralized and distributed combination
Strategy includes: using centralised storage for the basic information data higher than predeterminated frequency, by information data, administrative center unifies
Safeguard, for the specialized information data acquisition distributed storage less than predeterminated frequency, each specialized information data center tie up respectively
Protect;
(3) set up corresponding information data retrieval algorithm, information data is carried out quick-searching, described information data retrieval
The mode that algorithm uses catalogue retrieval and search engine to combine is carried out, and specifically includes: set up information data catalogue, according to catalogue
Information data is carried out preliminary search;Input key word at search engine, information data is carried out precise search;Search engine is pressed
Find the information data of coupling according to certain mode, and be ranked up feeding back to according to the matching degree of information data with key word
User.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Information data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for information data service system 40, information data pretreatment system 41, cloud storage encrypting and deciphering system 42, control
The security protection that system 43 processed is different requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, is formed
Complete security protection system;
(2) set up effective information data security strategy, the safety in information data storing, transmission, access process is entered
Row considers, and is not only encrypted information data, is encrypted the host-host protocol of information data simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal information data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described information data pretreatment system 41 includes information data cutting unit, information data extracting unit
With access control safety policy optimization unit, described information data cutting unit is for being divided into many to the information data that need to maintain secrecy
The information data set of individual mutual exclusion;Described information data extracting unit is used for the information data set to described mutual exclusion according to making by oneself
The ordering rule of justice is ranked up, and is sequentially extracted by first information data unit in each information data set, with
Described ordering rule preserves as fritter information data together, and wherein said mutual exclusion represents the information two-by-two in information data set
Any association is there is not between data cell;Described access control safety policy optimization unit is for based on fine granularity division of resources
Access control safety policy optimization method generate system access control safety strategy, including:
(1) information data set based on the mutual exclusion after being processed by information data extracting unit, builds Hierarchical Information number
According to table structure, described Hierarchical Information data tree structure is layer three information data tree structure, and it includes service layer, logical layer and thing
Reason layer, described service layer is the root vertex relevant to information data dispatch service, and described logical layer is access control safety plan
The information data of association in slightly, the information data unit in the information data set containing all mutual exclusions of the described physical layer packet;
(2) based on accessing the access control controlling markup language XACML formulation for the information data of different safety class
Security strategy, projects to the information data set of described mutual exclusion with information data by the rule associated in access control safety strategy
In information data unit on, thus the rule in access control safety strategy is refine to information data dimension;
(3) the information data unit enterprising line discipline optimization in the information data set of each described mutual exclusion, to delete
The conflict of distribution rule on each information data unit and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by information data storing to corresponding storage device, including:
(1) by fritter information data storing to local storage, and use user-defined encryption technology to little block message
Data are encrypted;
(2) after remaining information data being encrypted by cloud storage encrypting and deciphering system 42, storage is to the cloud of central monitoring center 3
In data base;Wherein, after the cloud data base of central monitoring center 3 receives information data, this information data has been carried out by cloud
It is saved in memory node after the verification of whole property.
Above-mentioned two preferred embodiment configuration information data pretreatment 41, first carries out letter to the information data that need to maintain secrecy
Breath data segmentation and information data extraction process, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce information
The amount of physical memory of data storage, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, carry
High access control decision efficiency;Extraction part information data storing is processed in local storage by information data extraction, its
Remaining information data stores to the cloud data base of central monitoring center 3 after arranging corresponding access control safety strategy, solves
Traditional cloud storage information data privacy security mechanism based on simple encryption technology is in actual information data operating process
The bigger overhead that brings and loaded down with trivial details, can effectively prevent malicious user or cloud storage manager from illegally stealing, distorting
The privacy information data of user, improve the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 mainly by information data owner, attribute mechanism, cloud, credible three
Side, five entities of user are constituted, and the described information data to maintaining secrecy is encrypted or deciphers, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for information data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes information data double secret key need to store the cloud data of central monitoring center 3
The information data in storehouse carries out information data encryption, obtains ciphertext CT, is then utilized respectively identity public key and attribute PKI to information
Data key is encrypted, and generates identity key ciphertext CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate information data key DK:
DK=IK | | AK
B, the information data of the information data key DK cloud data base to central monitoring center 3 need to be stored is utilized to carry out letter
Breath data encryption, after obtaining ciphertext CT, utilizes attribute PKI to encrypt AK, generates attribute key ciphertext CTA, utilize identity public key
IK is encrypted, generates identity key ciphertext CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the formation data request of user, cloud utilizes and acts on behalf of re-encrypted private key by body
Part key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is had by information data
Person's own private key and identity public key calculate and generate;
(5), when carrying out information data decryption, after user receives information data, it is utilized respectively identity private key CKUAIDAnd attribute
Private key CKAIDDecryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconfiguration information data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize thin to eurypalynous information data
Granularity accesses and controls and secret protection, resists user and the collusion of attribute mechanism simultaneously;To the information data that need to maintain secrecy, construct respectively
The encryption and decryption key of identity-based, attribute encryption and decryption key, merge configuration information data encryption key and carry out this information data
Encryption, thus the user only simultaneously meeting identity and attribute double condition can decipher, and greatly improves information security management
The security performance of system 4.
In this application scenarios, update cycle T takes 8, and the safety of system improves 10% relatively.
Application scenarios 4
Seeing Fig. 1, Fig. 2, the System of Industrial Device Controls based on Internet of Things of an embodiment of this application scene includes
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal 5, video are supervised
Control display 6;Described video surveillance devices 1 is arranged according to industrial equipment position;Described communication system 2 includes multiple friendship
Changing planes, described video surveillance devices 1 is connected with central monitoring center 3 by switch, and central monitoring center 3 passes through wireless network
Connect customer mobile terminal 5 and video monitoring display 6;Described health center includes for monitoring industrial equipment health status
Health status monitoring system;Described Information Security Management System 4 is for managing the information data relevant to industrial equipment, and protects
Hinder the safety of described information data.
The above embodiment of the present invention achieves and monitors while multiple customer mobile terminal 5 and central monitoring center 3, can be by
In real time operation of industrial installation is notified the mobile and management personnel of central monitoring center 3 and shows, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Preferably, described central monitoring center 3 is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception
7。
This preferred embodiment adds the warning function of system, improves the safety of system.
Preferably, described customer mobile terminal 5 is connected by wireless network with described source of early warning 7.
This preferred embodiment is easy to customer mobile terminal 5 and is reported to the police, and further increases the safety of system.
Preferably, described Information Security Management System 4 includes information data service system 40, information data pretreatment system
41, cloud storage encrypting and deciphering system 42, control system 43 and security management center 44;Described information data service system 40 is used for bearing
Blame the storage of information data, back up and inquire about;Described information data pretreatment system 41 is for entering the information data that need to maintain secrecy
Row pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the Information Number to maintaining secrecy of the access control safety strategy according to optimization
According to being encrypted or deciphering;Described control system 43 is used for information data storing to corresponding storage device;Described bursting tube
Reason center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of Information Security Management System 4.
Preferably, the storage of described responsible information data, back up and inquire about, including:
(1) information data format is changed, set up and be applicable to the form that non-relation information data base carries out storing;
(2) information data is divided into basic information data and specialized information data, uses centralized and distributed combination
Information data is stored by strategy, and during storage, all information datas all back up;Described centralized and distributed combination
Strategy includes: using centralised storage for the basic information data higher than predeterminated frequency, by information data, administrative center unifies
Safeguard, for the specialized information data acquisition distributed storage less than predeterminated frequency, each specialized information data center tie up respectively
Protect;
(3) set up corresponding information data retrieval algorithm, information data is carried out quick-searching, described information data retrieval
The mode that algorithm uses catalogue retrieval and search engine to combine is carried out, and specifically includes: set up information data catalogue, according to catalogue
Information data is carried out preliminary search;Input key word at search engine, information data is carried out precise search;Search engine is pressed
Find the information data of coupling according to certain mode, and be ranked up feeding back to according to the matching degree of information data with key word
User.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Information data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for information data service system 40, information data pretreatment system 41, cloud storage encrypting and deciphering system 42, control
The security protection that system 43 processed is different requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, is formed
Complete security protection system;
(2) set up effective information data security strategy, the safety in information data storing, transmission, access process is entered
Row considers, and is not only encrypted information data, is encrypted the host-host protocol of information data simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal information data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described information data pretreatment system 41 includes information data cutting unit, information data extracting unit
With access control safety policy optimization unit, described information data cutting unit is for being divided into many to the information data that need to maintain secrecy
The information data set of individual mutual exclusion;Described information data extracting unit is used for the information data set to described mutual exclusion according to making by oneself
The ordering rule of justice is ranked up, and is sequentially extracted by first information data unit in each information data set, with
Described ordering rule preserves as fritter information data together, and wherein said mutual exclusion represents the information two-by-two in information data set
Any association is there is not between data cell;Described access control safety policy optimization unit is for based on fine granularity division of resources
Access control safety policy optimization method generate system access control safety strategy, including:
(1) information data set based on the mutual exclusion after being processed by information data extracting unit, builds Hierarchical Information number
According to table structure, described Hierarchical Information data tree structure is layer three information data tree structure, and it includes service layer, logical layer and thing
Reason layer, described service layer is the root vertex relevant to information data dispatch service, and described logical layer is access control safety plan
The information data of association in slightly, the information data unit in the information data set containing all mutual exclusions of the described physical layer packet;
(2) based on accessing the access control controlling markup language XACML formulation for the information data of different safety class
Security strategy, projects to the information data set of described mutual exclusion with information data by the rule associated in access control safety strategy
In information data unit on, thus the rule in access control safety strategy is refine to information data dimension;
(3) the information data unit enterprising line discipline optimization in the information data set of each described mutual exclusion, to delete
The conflict of distribution rule on each information data unit and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by information data storing to corresponding storage device, including:
(1) by fritter information data storing to local storage, and use user-defined encryption technology to little block message
Data are encrypted;
(2) after remaining information data being encrypted by cloud storage encrypting and deciphering system 42, storage is to the cloud of central monitoring center 3
In data base;Wherein, after the cloud data base of central monitoring center 3 receives information data, this information data has been carried out by cloud
It is saved in memory node after the verification of whole property.
Above-mentioned two preferred embodiment configuration information data pretreatment 41, first carries out letter to the information data that need to maintain secrecy
Breath data segmentation and information data extraction process, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce information
The amount of physical memory of data storage, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, carry
High access control decision efficiency;Extraction part information data storing is processed in local storage by information data extraction, its
Remaining information data stores to the cloud data base of central monitoring center 3 after arranging corresponding access control safety strategy, solves
Traditional cloud storage information data privacy security mechanism based on simple encryption technology is in actual information data operating process
The bigger overhead that brings and loaded down with trivial details, can effectively prevent malicious user or cloud storage manager from illegally stealing, distorting
The privacy information data of user, improve the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 mainly by information data owner, attribute mechanism, cloud, credible three
Side, five entities of user are constituted, and the described information data to maintaining secrecy is encrypted or deciphers, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for information data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes information data double secret key need to store the cloud data of central monitoring center 3
The information data in storehouse carries out information data encryption, obtains ciphertext CT, is then utilized respectively identity public key and attribute PKI to information
Data key is encrypted, and generates identity key ciphertext CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate information data key DK:
DK=IK | | AK
B, the information data of the information data key DK cloud data base to central monitoring center 3 need to be stored is utilized to carry out letter
Breath data encryption, after obtaining ciphertext CT, utilizes attribute PKI to encrypt AK, generates attribute key ciphertext CTA, utilize identity public key
IK is encrypted, generates identity key ciphertext CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the formation data request of user, cloud utilizes and acts on behalf of re-encrypted private key by body
Part key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is had by information data
Person's own private key and identity public key calculate and generate;
(5), when carrying out information data decryption, after user receives information data, it is utilized respectively identity private key CKUAIDAnd attribute
Private key CKAIDDecryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconfiguration information data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize thin to eurypalynous information data
Granularity accesses and controls and secret protection, resists user and the collusion of attribute mechanism simultaneously;To the information data that need to maintain secrecy, construct respectively
The encryption and decryption key of identity-based, attribute encryption and decryption key, merge configuration information data encryption key and carry out this information data
Encryption, thus the user only simultaneously meeting identity and attribute double condition can decipher, and greatly improves information security management
The security performance of system 4.
In this application scenarios, update cycle T takes 9, and the safety of system improves 9% relatively.
Application scenarios 5
Seeing Fig. 1, Fig. 2, the System of Industrial Device Controls based on Internet of Things of an embodiment of this application scene includes
Video surveillance devices 1, communication system 2, central monitoring center 3, Information Security Management System 4, customer mobile terminal 5, video are supervised
Control display 6;Described video surveillance devices 1 is arranged according to industrial equipment position;Described communication system 2 includes multiple friendship
Changing planes, described video surveillance devices 1 is connected with central monitoring center 3 by switch, and central monitoring center 3 passes through wireless network
Connect customer mobile terminal 5 and video monitoring display 6;Described health center includes for monitoring industrial equipment health status
Health status monitoring system;Described Information Security Management System 4 is for managing the information data relevant to industrial equipment, and protects
Hinder the safety of described information data.
The above embodiment of the present invention achieves and monitors while multiple customer mobile terminal 5 and central monitoring center 3, can be by
In real time operation of industrial installation is notified the mobile and management personnel of central monitoring center 3 and shows, it is achieved that thing
The monitoring management of network type, thus solve above-mentioned technical problem.
Preferably, described central monitoring center 3 is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception
7。
This preferred embodiment adds the warning function of system, improves the safety of system.
Preferably, described customer mobile terminal 5 is connected by wireless network with described source of early warning 7.
This preferred embodiment is easy to customer mobile terminal 5 and is reported to the police, and further increases the safety of system.
Preferably, described Information Security Management System 4 includes information data service system 40, information data pretreatment system
41, cloud storage encrypting and deciphering system 42, control system 43 and security management center 44;Described information data service system 40 is used for bearing
Blame the storage of information data, back up and inquire about;Described information data pretreatment system 41 is for entering the information data that need to maintain secrecy
Row pretreatment;Described cloud storage encrypting and deciphering system 42 is used for the Information Number to maintaining secrecy of the access control safety strategy according to optimization
According to being encrypted or deciphering;Described control system 43 is used for information data storing to corresponding storage device;Described bursting tube
Reason center 44 is for carrying out unified monitoring management to each security of system.
This preferred embodiment constructs the system structure of Information Security Management System 4.
Preferably, the storage of described responsible information data, back up and inquire about, including:
(1) information data format is changed, set up and be applicable to the form that non-relation information data base carries out storing;
(2) information data is divided into basic information data and specialized information data, uses centralized and distributed combination
Information data is stored by strategy, and during storage, all information datas all back up;Described centralized and distributed combination
Strategy includes: using centralised storage for the basic information data higher than predeterminated frequency, by information data, administrative center unifies
Safeguard, for the specialized information data acquisition distributed storage less than predeterminated frequency, each specialized information data center tie up respectively
Protect;
(3) set up corresponding information data retrieval algorithm, information data is carried out quick-searching, described information data retrieval
The mode that algorithm uses catalogue retrieval and search engine to combine is carried out, and specifically includes: set up information data catalogue, according to catalogue
Information data is carried out preliminary search;Input key word at search engine, information data is carried out precise search;Search engine is pressed
Find the information data of coupling according to certain mode, and be ranked up feeding back to according to the matching degree of information data with key word
User.
This preferred embodiment uses the searching algorithm that catalogue retrieval and search engine combine, it is possible to obtain fast and accurately
Information data.
Preferably, described each security of system is carried out unified monitoring management, including:
(1) for information data service system 40, information data pretreatment system 41, cloud storage encrypting and deciphering system 42, control
The security protection that system 43 processed is different requires to take the safety protection technique of correspondence, is equipped with relevant safety protection equipment, is formed
Complete security protection system;
(2) set up effective information data security strategy, the safety in information data storing, transmission, access process is entered
Row considers, and is not only encrypted information data, is encrypted the host-host protocol of information data simultaneously;
(3) setting up virus and wooden horse defense mechanism, regular update virus base and upgrading fire wall, the update cycle is that T, T take
The abnormal information data detected, for 6-10 days, will be analyzed, and send early warning by value.
This preferred embodiment achieves the management of the unified monitoring to each security of system.
Preferably, described information data pretreatment system 41 includes information data cutting unit, information data extracting unit
With access control safety policy optimization unit, described information data cutting unit is for being divided into many to the information data that need to maintain secrecy
The information data set of individual mutual exclusion;Described information data extracting unit is used for the information data set to described mutual exclusion according to making by oneself
The ordering rule of justice is ranked up, and is sequentially extracted by first information data unit in each information data set, with
Described ordering rule preserves as fritter information data together, and wherein said mutual exclusion represents the information two-by-two in information data set
Any association is there is not between data cell;Described access control safety policy optimization unit is for based on fine granularity division of resources
Access control safety policy optimization method generate system access control safety strategy, including:
(1) information data set based on the mutual exclusion after being processed by information data extracting unit, builds Hierarchical Information number
According to table structure, described Hierarchical Information data tree structure is layer three information data tree structure, and it includes service layer, logical layer and thing
Reason layer, described service layer is the root vertex relevant to information data dispatch service, and described logical layer is access control safety plan
The information data of association in slightly, the information data unit in the information data set containing all mutual exclusions of the described physical layer packet;
(2) based on accessing the access control controlling markup language XACML formulation for the information data of different safety class
Security strategy, projects to the information data set of described mutual exclusion with information data by the rule associated in access control safety strategy
In information data unit on, thus the rule in access control safety strategy is refine to information data dimension;
(3) the information data unit enterprising line discipline optimization in the information data set of each described mutual exclusion, to delete
The conflict of distribution rule on each information data unit and redundancy;
(4) merge the rule after optimizing, generate the access control safety strategy optimized.
Preferably, described by information data storing to corresponding storage device, including:
(1) by fritter information data storing to local storage, and use user-defined encryption technology to little block message
Data are encrypted;
(2) after remaining information data being encrypted by cloud storage encrypting and deciphering system 42, storage is to the cloud of central monitoring center 3
In data base;Wherein, after the cloud data base of central monitoring center 3 receives information data, this information data has been carried out by cloud
It is saved in memory node after the verification of whole property.
Above-mentioned two preferred embodiment configuration information data pretreatment 41, first carries out letter to the information data that need to maintain secrecy
Breath data segmentation and information data extraction process, then the rule refinement controlled in security strategy that conducts interviews, it is possible to reduce information
The amount of physical memory of data storage, reduces the expense of storage, and eliminates the conflict in access control safety strategy and redundancy, carry
High access control decision efficiency;Extraction part information data storing is processed in local storage by information data extraction, its
Remaining information data stores to the cloud data base of central monitoring center 3 after arranging corresponding access control safety strategy, solves
Traditional cloud storage information data privacy security mechanism based on simple encryption technology is in actual information data operating process
The bigger overhead that brings and loaded down with trivial details, can effectively prevent malicious user or cloud storage manager from illegally stealing, distorting
The privacy information data of user, improve the security performance of the information data storing that need to maintain secrecy.
Preferably, described cloud storage encrypting and deciphering system 42 mainly by information data owner, attribute mechanism, cloud, credible three
Side, five entities of user are constituted, and the described information data to maintaining secrecy is encrypted or deciphers, including:
(1) credible tripartite is respectively allocated User Identity UAID and attribute authority identity mark for user and attribute mechanism
AID, including:
A, initializing, credible tripartite's initialization system parameter isWherein α is random integers;
B, for each validated user, credible tripartite distributes UAID and Generates Certificate for it:
Meanwhile, the authentication parameter of validated user is announcedWherein, CUAID∈ZP;
C, generate identity key pair for information data owner and validated user;
(2) generate the encryption and decryption key of identity-based, attribute encryption and decryption key and act on behalf of re-encrypted private key, wherein said
The encryption and decryption key of identity-based includes identity public key GKUAIDWith identity private key CKUAID, described attribute encryption and decryption key includes belonging to
Property PKI GKAIDWith attribute private key CKAID:
Wherein, ASAIDThe community set that can distribute for single attribute mechanism, GKxFor the PKI of attribute x, BxFor attribute x's
Version number, ∝AIDFor the private key parameter of attribute mechanism, βAIDFor attribute undated parameter, ASUAID,AIDFor the identity according to attribute mechanism
The community set of distribution, γ is the parameter that attribute mechanism randomly chooses, γ, ∝AID,βAID∈ZP;
(3) cloud storage encrypting and deciphering system 42 utilizes information data double secret key need to store the cloud data of central monitoring center 3
The information data in storehouse carries out information data encryption, obtains ciphertext CT, is then utilized respectively identity public key and attribute PKI to information
Data key is encrypted, and generates identity key ciphertext CTUWith attribute key ciphertext CTA, including:
A, character string IK of two regular lengths of stochastic generation, AK, merge and generate information data key DK:
DK=IK | | AK
B, the information data of the information data key DK cloud data base to central monitoring center 3 need to be stored is utilized to carry out letter
Breath data encryption, after obtaining ciphertext CT, utilizes attribute PKI to encrypt AK, generates attribute key ciphertext CTA, utilize identity public key
IK is encrypted, generates identity key ciphertext CTU;
(4) carrying out acting on behalf of re-encryption, when receiving the formation data request of user, cloud utilizes and acts on behalf of re-encrypted private key by body
Part key ciphertext CTUBeing converted into the ciphertext specifying user to decipher, wherein said re-encrypted private key of acting on behalf of is had by information data
Person's own private key and identity public key calculate and generate;
(5), when carrying out information data decryption, after user receives information data, it is utilized respectively identity private key CKUAIDAnd attribute
Private key CKAIDDecryption identity key ciphertext CTUWith attribute key ciphertext CTA, then reconfiguration information data key, decrypting ciphertext CT;
(6) renewal of attribute and identity key is carried out.
This preferred embodiment is by arranging cloud storage encrypting and deciphering system 42, it is possible to realize thin to eurypalynous information data
Granularity accesses and controls and secret protection, resists user and the collusion of attribute mechanism simultaneously;To the information data that need to maintain secrecy, construct respectively
The encryption and decryption key of identity-based, attribute encryption and decryption key, merge configuration information data encryption key and carry out this information data
Encryption, thus the user only simultaneously meeting identity and attribute double condition can decipher, and greatly improves information security management
The security performance of system 4.
In this application scenarios, update cycle T takes 10, and the safety of system improves 8% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected
Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should
Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention
Matter and scope.
Claims (3)
1. a System of Industrial Device Controls based on Internet of Things, is characterized in that, including video surveillance devices, communication system, in
Centre Surveillance center, customer mobile terminal, video monitoring display and Information Security Management System;Described video surveillance devices
It is arranged according to industrial equipment position;Described communication system includes multiple switch, and described video surveillance devices is by exchange
Machine is connected with central monitoring center, and central monitoring center connects customer mobile terminal by wireless network and video monitoring shows
Device;Described health center includes the health status monitoring system for monitoring industrial equipment health status;Described information security pipe
Reason system is for managing the information data relevant to industrial equipment, and ensures the safety of described information data.
A kind of System of Industrial Device Controls based on Internet of Things the most according to claim 1, is characterized in that, described central authorities prison
Control center is also connected with the source of early warning for carrying out reporting to the police when industrial equipment exception.
A kind of System of Industrial Device Controls based on Internet of Things the most according to claim 2, is characterized in that, described user moves
Dynamic terminal is connected by wireless network with described source of early warning.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610778830.6A CN106230856A (en) | 2016-08-30 | 2016-08-30 | A kind of System of Industrial Device Controls based on Internet of Things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610778830.6A CN106230856A (en) | 2016-08-30 | 2016-08-30 | A kind of System of Industrial Device Controls based on Internet of Things |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106230856A true CN106230856A (en) | 2016-12-14 |
Family
ID=58072215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610778830.6A Pending CN106230856A (en) | 2016-08-30 | 2016-08-30 | A kind of System of Industrial Device Controls based on Internet of Things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106230856A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108470047A (en) * | 2018-03-07 | 2018-08-31 | 谭亮 | Remote platform based on Internet of Things monitors system |
CN110419195A (en) * | 2017-11-21 | 2019-11-05 | 顺天乡大学校产学协力团 | Data managing method and system in IOT lightweight terminal environments based on proxy re-encryption |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
CN102510476A (en) * | 2011-10-28 | 2012-06-20 | 河海大学 | Platform system of video monitoring integration information of network of things |
CN103034213A (en) * | 2012-12-20 | 2013-04-10 | 武汉北斗睿华科技有限公司 | Remote monitoring and controlling system |
CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
CN103747279A (en) * | 2013-11-18 | 2014-04-23 | 南京邮电大学 | Cloud storage and sharing coded video encryption and access control strategy updating method |
CN204802162U (en) * | 2015-08-06 | 2015-11-25 | 安徽博天亚企业管理咨询有限公司 | Information safety control system |
-
2016
- 2016-08-30 CN CN201610778830.6A patent/CN106230856A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075542A (en) * | 2011-01-26 | 2011-05-25 | 中国科学院软件研究所 | Cloud computing data security supporting platform |
CN102510476A (en) * | 2011-10-28 | 2012-06-20 | 河海大学 | Platform system of video monitoring integration information of network of things |
CN103034213A (en) * | 2012-12-20 | 2013-04-10 | 武汉北斗睿华科技有限公司 | Remote monitoring and controlling system |
CN103747279A (en) * | 2013-11-18 | 2014-04-23 | 南京邮电大学 | Cloud storage and sharing coded video encryption and access control strategy updating method |
CN103607393A (en) * | 2013-11-21 | 2014-02-26 | 浪潮电子信息产业股份有限公司 | Data safety protection method based on data partitioning |
CN204802162U (en) * | 2015-08-06 | 2015-11-25 | 安徽博天亚企业管理咨询有限公司 | Information safety control system |
Non-Patent Citations (1)
Title |
---|
裴新、虞慧群: "《安全策略驱动的资源分割技术》", 《中国科技论文在线》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110419195A (en) * | 2017-11-21 | 2019-11-05 | 顺天乡大学校产学协力团 | Data managing method and system in IOT lightweight terminal environments based on proxy re-encryption |
CN108470047A (en) * | 2018-03-07 | 2018-08-31 | 谭亮 | Remote platform based on Internet of Things monitors system |
CN108470047B (en) * | 2018-03-07 | 2023-09-26 | 谭亮 | Remote platform monitoring system based on Internet of Things |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI714219B (en) | Block chain-based business data encryption method and device | |
CN109561047B (en) | Encrypted data storage system and method based on key remote storage | |
CN102761521B (en) | Cloud security storage and sharing service platform | |
CN106203146B (en) | Big data safety management system | |
CN103618728B (en) | A kind of encryption attribute method at more mechanism centers | |
CN106330868A (en) | Encrypted storage key management system and method of high-speed network | |
US20110158405A1 (en) | Key management method for scada system | |
CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
CN105227566A (en) | Cipher key processing method, key handling device and key handling system | |
DE112019001441T5 (en) | FORGETTABLE PSEUDO ACCIDENT FUNCTION IN A KEY MANAGEMENT SYSTEM | |
CN106131225A (en) | The security system accessed for medical treatment case information | |
WO2017061950A1 (en) | Data security system and method for operation thereof | |
CN102752109A (en) | Secret key management method and device for encrypting data base column | |
CN106686010A (en) | Multi-mechanism attribute-based encryption method supporting strategy dynamic updating | |
CN106356066A (en) | Speech recognition system based on cloud computing | |
CN108881240B (en) | Member privacy data protection method based on block chain | |
CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
US8401183B2 (en) | Method and system for keying and securely storing data | |
KR20120091507A (en) | Data access privilege managing method and apparatus | |
CN106161654A (en) | A kind of cloud educational system | |
CN106230856A (en) | A kind of System of Industrial Device Controls based on Internet of Things | |
CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
CN110098924A (en) | Support can search for the level cipher key technique of transparent encryption | |
CN109726584A (en) | Cloud database key management system | |
CN106131224A (en) | A kind of data transmission system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161214 |