CN110233814B - Intelligent virtual private network system for industrial Internet of things - Google Patents
Intelligent virtual private network system for industrial Internet of things Download PDFInfo
- Publication number
- CN110233814B CN110233814B CN201810179579.0A CN201810179579A CN110233814B CN 110233814 B CN110233814 B CN 110233814B CN 201810179579 A CN201810179579 A CN 201810179579A CN 110233814 B CN110233814 B CN 110233814B
- Authority
- CN
- China
- Prior art keywords
- data
- authorization
- network
- application
- data source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 68
- 238000013475 authorization Methods 0.000 claims description 116
- 238000007726 management method Methods 0.000 claims description 50
- 238000013523 data management Methods 0.000 claims description 31
- 238000000034 method Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 abstract description 4
- 230000009545 invasion Effects 0.000 abstract description 3
- 230000006872 improvement Effects 0.000 description 23
- 230000007246 mechanism Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 208000001491 myopia Diseases 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an industrial Internet of things intelligent virtual private network system, which is characterized in that firstly, data are directly stored in a local data source object node without being uploaded to a data center, the data are in a distributed state, and the difficulty of invasion and stealing of the data by the outside is enhanced while a large amount of data transmission and storage resources are saved. And secondly, as the object nodes for storing the data are distributed in the private second network and are completely isolated from the public first network, the data security is further ensured from the aspect of hardware configuration. In addition, only the management platform with the first network IP address is provided, and no data is stored on the management platform, so that an external hacker cannot acquire any data even if the external hacker attacks the management platform. The management platform is only responsible for authority verification of a data demander, and data are directly uploaded to a data demander passing the verification through the object node, so that data transmission is reduced to the minimum through the reserved nodes, the data leakage probability is reduced to the minimum, and transmission and storage resources are saved.
Description
Technical Field
The invention relates to an industrial internet platform, in particular to an industrial Internet of things intelligent virtual private network system.
Background
With the advent of the big data age, more and more government, enterprise, etc. organizations are becoming aware that data is becoming the most important asset for an organization, and data analysis capabilities are becoming the core competitiveness of an organization and are beginning to invest in large amounts.
In the informatization development process, the system is built in different periods and is limited by different investment sources of various projects, different construction and management, scattered operation and maintenance and the like, various business application systems exist in various links in large quantity, information resources are scattered, interfaces among the business systems are complicated, and information isolated islands exist. The method is lack of a unified management mechanism of information resources and insufficient in integration degree of information construction and business management service.
And a large amount of data are repeatedly acquired and stored, so that a large amount of information transmission and storage resources are occupied, and the data utilization rate is extremely low. According to the statistics of the utilization rate of the data collected, uploaded and stored by a pipeline company in the near-sighted years, the actual data utilization rate only accounts for 0.75% of the total data, and the collected data occupies a large amount of data transmission bandwidth resources and storage resources.
Data of the existing civil cloud platform are stored and managed by the platform, data security and privacy cannot be guaranteed, and the possibility of data leakage exists. Cannot be used in the industrial field.
The inventor of the invention finds that in the industrial field, a data control platform which can be used for various applications in an enterprise or used by multiple enterprises in public and can effectively guarantee the control right of data owners on the data is lacked.
Disclosure of Invention
The invention aims to provide an industrial Internet of things intelligent virtual private network system, which can effectively ensure the safety of industrial information, avoid repeated acquisition, transmission and processing of the industrial information, save data transmission and storage resources, effectively avoid external applications from directly contacting the industrial data, and provide a uniform and convenient data calling environment for various external applications while ensuring the safety of the industrial data.
In order to solve the above technical problem, an embodiment of the present invention provides an intelligent virtual private network system for industrial internet of things, including:
the management platform comprises a first network IP address, and each application establishes communication connection with the management platform through the first network and sends a data request to the management platform;
the management platform is connected with each data source object node through a second network, and the management platform and each data source object node respectively comprise a second network IP address; the first network and the second network are independent of each other;
the management platform comprises a data management server, the data management server is used for performing authorization authentication on the application when the management platform receives data requests from each application, if the data requests pass the authorization authentication, a second network IP address is distributed to the application, and the second network IP address and the data request content of the application are sent to a data source node to which the requested data belong; and instructing the data source object node to establish a second network security connection with the application through a second network IP address of the application, and sending the requested data to the application.
Compared with the prior art, the data are directly stored in the local data source object nodes and do not need to be uploaded to a data center, and the data are in a distributed state, so that a large amount of data transmission and storage resources are saved, and meanwhile, the difficulty of external invasion and stealing of the data is enhanced. And moreover, data source nodes for storing data are distributed in the private second network and are completely isolated from the public first network, so that the data security is further guaranteed from the aspect of hardware configuration. In addition, in the embodiment, only the management platform having the first network IP address does not store any data, and an external hacker cannot acquire any data even if the external hacker attacks the management platform. The management platform is only responsible for auditing the authority of a data demander, after the data demander passes the auditing, the data demander and the data source node are safely connected, and the data are directly uploaded to the data demander passing the auditing by the data source node, so that the data transmission is reduced to the minimum by the reserved node, the data leakage probability is reduced to the minimum, and the transmission and storage resources are saved to the maximum extent while the safety is ensured.
As a further improvement, the first network is typically a public internet and the second network is typically an industrial internet.
As a further improvement, the second network includes an independent domain name resolution server, and when each data source object node is registered in the management platform, the domain name resolution server allocates the second network IP address to the data source object node. Through an independent domain name resolution mechanism, the second network is guaranteed to be absolutely independent of the first network physically and mechanically.
As a further improvement, the data management server of the management platform performing authorization authentication on the application at least comprises:
authenticating the identity information of the application; and/or
And performing permission examination on the data request content of the application.
As a further improvement, the data management server is further configured to store data authorization files of the data source object nodes, find a data authorization file corresponding to the data source object node to which the requested data belongs when receiving a data request from an application, and perform authorization authentication on the application according to the data authorization file. And the data authorization file of each data source object node is set to the management platform by the owner of the data source object node. The data management server is only an executive party of the data authorization file, does not have the authority for setting the data authorization file, and cannot permit or prohibit data transmission without permission, so that the possibility of data leakage in the management platform can be effectively eliminated, the fact that only a data resource owner has the transmission control authority of the data resource is ensured, and the rights and interests of the data source object node owner are effectively guaranteed.
As a further improvement, the data management server is further configured to, when receiving a data authorization file set by a data source node owner, request a data authorization backup file stored by the data source node corresponding to the data authorization file, compare the data authorization file with the received data authorization backup file, and if the data authorization file is consistent with the received data authorization backup file, store the data authorization file. Therefore, even if the data authorization file is tampered in the transmission process, the data information cannot be actually influenced, and the safety of the data information is effectively guaranteed.
As a further improvement, the data management server is further configured to, when receiving a modified data authorization file from a data source node owner, request a data transmission authorization rule backup file stored in the data source node corresponding to the data authorization file to be modified, compare the received data authorization file with the data transmission authorization rule backup file, and if the received data authorization file is consistent with the data transmission authorization rule backup file, replace the original file with the modified data authorization file.
When an asset owner needs to modify a data authorization file of a data source object node owned by the asset owner, the modified data authorization file needs to be sent to the industrial data management platform, and meanwhile, a modified data transmission authorization rule backup file needs to be stored on the data source object node; and the data management server compares the received data authorization file with a data transmission authorization rule backup file on a data source object node, and if the received data authorization file is consistent with the data transmission authorization rule backup file, the modified data authorization file is replaced by the original file. Therefore, even if a hacker attacks the industrial data management platform and tampers with the data authorization file, the data authorization file cannot be stored, and the industrial data management platform compares the tampered authorization rule file with the backup file on the data source object node to find a bug, so that modification is refused. The data information security of the data asset owner is effectively guaranteed.
As a further improvement, the data management server is further configured to request all data source node under the owner name for a data transmission authorization rule backup file stored in the data source node when the number of the data source node owned by the data source node owner is more than one; and comparing the data authorization files to be stored or replaced with the received data transmission authorization rule backup files one by one, and if the matching rate is greater than a preset value, storing or replacing the data authorization files. Therefore, the difficulty of a hacker tampering with the data transmission rule backup file is further increased, and the data information security of the data asset owner is enhanced.
As a further improvement, the management platform is further configured to verify the identity of the owner of the data source object node according to the identity information of the owner set during registration of the data source object node, and receive the data authorization file of the owner of the data source object node after passing the identity authentication of the owner of the data source object node.
As a further improvement, the second network security connection between the data source node and the application is: a unidirectional virtual private connection of the data source object node to the application. Therefore, even if the connection is established between the external application and the data source object node, the data which passes the authorization and the verification can only be obtained from the object node, and the data source object node cannot be operated at all, so that the safety of the data source object node in the second network is guaranteed.
As a further refinement, the application is from any of the following devices: personal PCs, mobile terminals, cloud platforms, or central servers, etc.
As a further improvement, when the management platform sends the second network IP address of the application and the data request content to the data source node to which the requested data belongs, the management platform further includes data set transmission control information; the data transmission control information includes one of the following or any combination thereof: data transmission starting time, data transmission time length, data transmission ending time, data transmission file type and connection establishing type; and instructing the data source object node to establish a second network security connection with the application within the range indicated by the transmission control information, and sending the requested data to the application. By carrying out safety limitation on the data transmission time and the transmission form, the data transmission chain can be further prevented from being cracked and stolen by lawbreakers.
As a further improvement, the data source object node at least includes a data acquisition and storage function, and is used to acquire and store various industrial data information of the industrial control equipment, where the industrial data information at least includes one of the following:
industrial data information generated in the operation process of the industrial control equipment, detection data information obtained by monitoring the industrial control equipment, and the like.
Drawings
Fig. 1 is a block diagram of an industrial internet of things intelligent virtual private network system according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solutions claimed in the claims of the present application can be implemented without these technical details and with various changes and modifications based on the following embodiments.
A preferred embodiment of the present invention relates to an industrial internet of things intelligent virtual private network system, as shown in fig. 1, including:
the management platform comprises a first network IP address, and each application establishes communication connection with the management platform through the first network and sends a data request to the management platform;
the management platform is connected with each data source object node through a second network, and the management platform and each data source object node respectively comprise a second network IP address; the first network and the second network are independent of each other;
the management platform comprises a data management server, the data management server is used for performing authorization authentication on the application when the management platform receives data requests from each application, if the data requests pass the authorization authentication, a second network IP address is distributed to the application, and the second network IP address and the data request content of the application are sent to a data source node to which the requested data belong; and instructing the data source object node to establish a second network security connection with the application through a second network IP address of the application, and sending the requested data to the application.
Compared with the prior art, the data are directly stored in the local data source object nodes and do not need to be uploaded to a data center, and the data are in a distributed state, so that a large amount of data transmission and storage resources are saved, and meanwhile, the difficulty of external invasion and stealing of the data is enhanced. And moreover, data source nodes for storing data are distributed in the private second network and are completely isolated from the public first network, so that the data security is further guaranteed from the aspect of hardware configuration. In addition, in the embodiment, only the management platform having the first network IP address does not store any data, and an external hacker cannot acquire any data even if the external hacker attacks the management platform. The management platform is only responsible for auditing the authority of the data demander, after the data demander passes the auditing, the data demander and the data source object node are connected safely, and the data is directly uploaded to the data demander passing the auditing by the data source object node, so that the transmission and storage resources are saved to the greatest extent while the safety is ensured.
As a further improvement, the first network is typically a public internet and the second network is typically an industrial internet.
As a further improvement, the second network includes an independent domain name resolution server, and when each data source object node is registered in the management platform, the domain name resolution server allocates the second network IP address to the data source object node. Through an independent domain name resolution mechanism, the second network is guaranteed to be absolutely independent of the first network physically and mechanically.
As a further improvement, the data management server of the management platform performing authorization authentication on the application at least comprises:
authenticating the identity information of the application; and/or
And performing permission examination on the data request content of the application.
As a further improvement, the data management server is further configured to store data authorization files of the data source object nodes, find a data authorization file corresponding to the data source object node to which the requested data belongs when receiving a data request from an application, and perform authorization authentication on the application according to the data authorization file. The data management server is only an executive party of the data authorization file, does not have the authority for setting the data authorization file, and cannot permit or prohibit data transmission without permission, so that the possibility of data leakage in the management platform can be effectively eliminated, and the rights and interests of the owner of the data source object node can be effectively guaranteed.
As a further improvement, the data authorization file of each data source object node is set to the management platform by a data source object node owner. Thereby ensuring that only and not all data resource owners have transmission control authority of the data resources.
As a further improvement, the data management server is further configured to, when receiving a data authorization file set by a data source node owner, request a data authorization backup file stored by the data source node corresponding to the data authorization file, compare the data authorization file with the received data authorization backup file, and if the data authorization file is consistent with the received data authorization backup file, store the data authorization file. Therefore, even if the data authorization file is tampered in the transmission process, the data information cannot be actually influenced, and the safety of the data information is effectively guaranteed.
As a further improvement, the data management server is further configured to, when receiving a modified data authorization file from a data source node owner, request a data transmission authorization rule backup file stored in the data source node corresponding to the data authorization file to be modified, compare the received data authorization file with the data transmission authorization rule backup file, and if the received data authorization file is consistent with the data transmission authorization rule backup file, replace the original file with the modified data authorization file.
When an asset owner needs to modify a data authorization file of a data source object node owned by the asset owner, the modified data authorization file needs to be sent to the industrial data management platform, and meanwhile, a modified data transmission authorization rule backup file needs to be stored on the data source object node; and the data management server compares the received data authorization file with a data transmission authorization rule backup file on a data source object node, and if the received data authorization file is consistent with the data transmission authorization rule backup file, the modified data authorization file is replaced by the original file. Therefore, even if a hacker attacks the industrial data management platform and tampers with the data authorization file, the data authorization file cannot be stored, and the industrial data management platform compares the tampered authorization rule file with the backup file on the data source object node to find a bug, so that modification is refused. The data information security of the data asset owner is effectively guaranteed.
As a further improvement, the data management server is further configured to request all data source node under the owner name for a data transmission authorization rule backup file stored in the data source node when the number of the data source node owned by the data source node owner is more than one; and comparing the data authorization files to be stored or replaced with the received data transmission authorization rule backup files one by one, and if the matching rate is greater than a preset value, storing or replacing the data authorization files. Therefore, the difficulty of a hacker tampering with the data transmission rule backup file is further increased, and the data information security of the data asset owner is enhanced.
As a further improvement, the management platform is further configured to verify the identity of the owner of the data source object node according to the identity information of the owner set during registration of the data source object node, receive the data authorization file of the owner after passing the identity authentication of the owner of the data source object node, and store or replace the original file.
As a further improvement, the second network security connection between the data source node and the application is: a unidirectional virtual private connection of the data source object node to the application. Therefore, even if the connection is established between the external application and the data source object node, the data which passes the authorization and the verification can only be obtained from the object node, and the data source object node cannot be operated at all, so that the safety of the data source object node in the second network is guaranteed.
As a further refinement, the application is from any of the following devices: personal PCs, mobile terminals, cloud platforms, or central servers, etc.
As a further improvement, when the management platform sends the second network IP address of the application and the data request content to the data source node to which the requested data belongs, the management platform further includes data set transmission control information; the data transmission control information includes one of the following or any combination thereof: data transmission starting time, data transmission time length, data transmission ending time, data transmission file type and connection establishing type; and instructing the data source object node to establish a second network security connection with the application within the range indicated by the transmission control information, and sending the requested data to the application. By carrying out safety limitation on the data transmission time and the transmission form, the data transmission chain can be further prevented from being cracked and embezzled by lawless persons.
As a further improvement, the data source object node at least includes a data acquisition and storage function, and is used to acquire and store various industrial data information of the industrial control equipment, where the industrial data information at least includes one of the following:
industrial data information generated in the operation process of the industrial control equipment, detection data information obtained by monitoring the industrial control equipment, and the like.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.
Claims (10)
1. The utility model provides an industry thing allies oneself with intelligent virtual private network system which characterized in that includes:
the management platform comprises a first network IP address, and each application establishes communication connection with the management platform through the first network and sends a data request to the management platform;
the management platform is connected with each data source object node through a second network, and the management platform and each data source object node respectively comprise a second network IP address; the first network and the second network are independent of each other;
the management platform comprises a data management server, the data management server is used for performing authorization authentication on the application when the management platform receives data requests from each application, if the data requests pass the authorization authentication, a second network IP address is distributed to the application, and the second network IP address and the data request content of the application are sent to a data source node to which the requested data belong; instructing the data source object node to establish a second network security connection with the application through a second network IP address of the application, and sending the requested data to the application;
the data management server is also used for storing data authorization files of all data source object nodes, finding out the data authorization file corresponding to the data source object node to which the requested data belongs when receiving a data request from an application, and performing authorization authentication on the application according to the data authorization file; the data authorization file of each data source object node is set to the management platform by a data source object node owner;
the data management server is also used for requesting the data transmission authorization rule backup files stored by all the data source object nodes under the owner name when the number of the data source object nodes owned by the data source object node owner is more than one; and comparing the data authorization file required to be stored or replaced by the owner with the received backup files of the data transmission authorization rules one by one, and if the matching rate is greater than a preset value, storing or replacing the data authorization file.
2. The intelligent virtual private network system of industrial internet of things according to claim 1, wherein the first network is a public internet and the second network is an industrial internet.
3. The intelligent virtual private network system of claim 1, wherein the second network comprises an independent domain name resolution server, and when each data source node is registered in the management platform, the domain name resolution server assigns the second network IP address to the data source node.
4. The industrial IoT intelligent VPN system according to claim 1, wherein the data management server of the management platform authorizing and authenticating the application at least comprises:
authenticating the identity information of the application; and/or
And performing permission examination on the data request content of the application.
5. The intelligent virtual private network system of industrial internet of things according to claim 1, wherein the data management server is further configured to, when receiving a data authorization file set by a data source node owner, request a data source node corresponding to the data authorization file for a data authorization backup file stored therein, compare the data authorization file with the received data authorization backup file, and if the data authorization file is consistent with the received data authorization backup file, store the data authorization file.
6. The intelligent virtual private network system of industrial internet of things according to claim 5, wherein the data management server is further configured to, when receiving the modified data authorization file from the data source node owner, request the data source node corresponding to the data authorization file to be modified for the data transmission authorization rule backup file stored therein, compare the received data authorization file with the data transmission authorization rule backup file, and if the received data authorization file is consistent with the data transmission authorization rule backup file, replace the original file with the modified data authorization file.
7. The system of claim 1, wherein the management platform is further configured to verify the identity of the owner of the data source object node according to owner identity information set during registration of the data source object node, and receive a data authorization file of the owner of the data source object node after passing through the identity authentication of the owner of the data source object node.
8. The intelligent virtual private network system of industrial internet of things according to claim 1, wherein the second network security connection between the data source object node and the application is: a unidirectional virtual private connection of the data source object node to the application.
9. The intelligent virtual private network system of industrial internet of things according to claim 1, wherein when the management platform sends the second network IP address of the application and the data request content to the data source object node to which the requested data belongs, the management platform further includes data set transmission control information; the data transmission control information includes one of the following or any combination thereof: data transmission starting time, data transmission time length, data transmission ending time, data transmission file type and connection establishing type; and instructing the data source object node to establish a second network security connection with the application within the range indicated by the transmission control information, and sending the requested data to the application.
10. The system according to claim 1, wherein the data source node at least includes a data acquisition and storage function for acquiring and storing industrial data information of each item of industrial control equipment, and the industrial data information at least includes one of:
industrial data information generated in the operation process of the industrial control equipment and detection data information obtained by monitoring the industrial control equipment;
the application comes from the following devices: personal PCs, mobile terminals, cloud platforms, or central servers.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210378720.6A CN114978583A (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
| CN201810179579.0A CN110233814B (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810179579.0A CN110233814B (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210378720.6A Division CN114978583A (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110233814A CN110233814A (en) | 2019-09-13 |
| CN110233814B true CN110233814B (en) | 2022-05-17 |
Family
ID=67861658
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210378720.6A Pending CN114978583A (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
| CN201810179579.0A Active CN110233814B (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210378720.6A Pending CN114978583A (en) | 2018-03-05 | 2018-03-05 | Intelligent virtual private network system for industrial Internet of things |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114978583A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁***软件有限公司 | Industrial internet distributed system safety access control device |
| CN103119907A (en) * | 2010-07-21 | 2013-05-22 | 思杰***有限公司 | Systems and methods for providing a smart group |
| CN107005547A (en) * | 2014-09-30 | 2017-08-01 | 思杰***有限公司 | For the system and method for the single-sign-on that the remote desktop session for client computer is performed by middle device |
| CN107078936A (en) * | 2014-08-19 | 2017-08-18 | 思杰***有限公司 | For the system and method for the fine granularity control for providing the MSS values connected to transport layer |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8259597B1 (en) * | 2006-08-16 | 2012-09-04 | Bally Gaming, Inc. | System for managing IP addresses in a network gaming environment |
| DE102010041804A1 (en) * | 2010-09-30 | 2012-04-05 | Siemens Aktiengesellschaft | Method for secure data transmission with a VPN box |
| CN104767715B (en) * | 2014-01-03 | 2018-06-26 | 华为技术有限公司 | Access control method and equipment |
| CN105871950A (en) * | 2015-01-21 | 2016-08-17 | 上海可鲁***软件有限公司 | Method and system for managing industrial internet of things automatic access and data authorization |
| CN107231336A (en) * | 2016-03-25 | 2017-10-03 | 中兴通讯股份有限公司 | A kind of access control method, device and the gateway device of LAN Intranet resource |
| CN107426339B (en) * | 2017-09-04 | 2020-05-26 | 珠海迈越信息技术有限公司 | Access method, device and system of data connection channel |
-
2018
- 2018-03-05 CN CN202210378720.6A patent/CN114978583A/en active Pending
- 2018-03-05 CN CN201810179579.0A patent/CN110233814B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478398A (en) * | 2009-01-07 | 2009-07-08 | 中国人民解放军信息工程大学 | Authorization management system oriented to resource management and establishing method |
| CN103119907A (en) * | 2010-07-21 | 2013-05-22 | 思杰***有限公司 | Systems and methods for providing a smart group |
| CN102487383A (en) * | 2010-12-02 | 2012-06-06 | 上海可鲁***软件有限公司 | Industrial internet distributed system safety access control device |
| CN107078936A (en) * | 2014-08-19 | 2017-08-18 | 思杰***有限公司 | For the system and method for the fine granularity control for providing the MSS values connected to transport layer |
| CN107005547A (en) * | 2014-09-30 | 2017-08-01 | 思杰***有限公司 | For the system and method for the single-sign-on that the remote desktop session for client computer is performed by middle device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978583A (en) | 2022-08-30 |
| CN110233814A (en) | 2019-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019206006B2 (en) | System and method for biometric protocol standards | |
| CN107579958B (en) | Data management method, device and system | |
| KR20190136011A (en) | Core network access provider | |
| US11930010B2 (en) | Access control system and method | |
| US20160323323A1 (en) | Method and apparatus for centralized policy programming and distributive policy enforcement | |
| US9473481B2 (en) | Method and system for providing a virtual asset perimeter | |
| US10148637B2 (en) | Secure authentication to provide mobile access to shared network resources | |
| CN110069911B (en) | Access control method, device, system, electronic equipment and readable storage medium | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| US11477096B2 (en) | Federated mobile device management | |
| CN112948842A (en) | Authentication method and related equipment | |
| US20170270602A1 (en) | Object manager | |
| CN114422197A (en) | Permission access control method and system based on policy management | |
| CN105704094A (en) | Application access authority control method and device | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN109977644B (en) | Hierarchical authority management method under Android platform | |
| CN116260656B (en) | Main body trusted authentication method and system in zero trust network based on blockchain | |
| US9143517B2 (en) | Threat exchange information protection | |
| CN110233814B (en) | Intelligent virtual private network system for industrial Internet of things | |
| US9232078B1 (en) | Method and system for data usage accounting across multiple communication networks | |
| CN116089970A (en) | Power distribution operation and maintenance user dynamic access control system and method based on identity management | |
| US20220311777A1 (en) | Hardening remote administrator access | |
| CN111159736B (en) | Application control method and system of block chain | |
| CN110233816B (en) | Industrial data asset authorization management method and equipment | |
| CN110969321B (en) | Industrial information asset management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 201203 403d, building 5, No. 3000, Longdong Avenue, Pudong New Area, Shanghai Applicant after: Shanghai Kelu Software Co.,Ltd. Address before: 201203 Shanghai city Pudong New Area road 887 Lane 82 Zuchongzhi Building No. two North Applicant before: Shanghai Kelu Software Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231106 Address after: 201203 north, 2nd floor, No.82, Lane 887, Zuchongzhi Road, Pudong New Area, Shanghai Patentee after: Shanghai Kelu Software Co.,Ltd. Patentee after: Shanghai Left Bank Investment Management Co.,Ltd. Address before: 201203 403D 5, 3000 Longdong Avenue, Pudong New Area, Shanghai. Patentee before: Shanghai Kelu Software Co.,Ltd. |
|
| TR01 | Transfer of patent right |