CN115426203B - Industrial firewall and protection method thereof - Google Patents

Industrial firewall and protection method thereof Download PDF

Info

Publication number
CN115426203B
CN115426203B CN202211372938.7A CN202211372938A CN115426203B CN 115426203 B CN115426203 B CN 115426203B CN 202211372938 A CN202211372938 A CN 202211372938A CN 115426203 B CN115426203 B CN 115426203B
Authority
CN
China
Prior art keywords
information
industrial
requirement
user
open
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211372938.7A
Other languages
Chinese (zh)
Other versions
CN115426203A (en
Inventor
张晓东
孔令武
黄建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Luoan Technology Co Ltd
Original Assignee
Beijing Luoan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Luoan Technology Co Ltd filed Critical Beijing Luoan Technology Co Ltd
Priority to CN202211372938.7A priority Critical patent/CN115426203B/en
Publication of CN115426203A publication Critical patent/CN115426203A/en
Application granted granted Critical
Publication of CN115426203B publication Critical patent/CN115426203B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of firewalls, and particularly discloses an industrial firewall and a protection method thereof. The method receives the use requirement information of the industrial user, and carries out identity verification and identification on the industrial user; determining protection open authority of the industrial user according to the user identity information; the method comprises the steps of performing demand analysis by integrating use demand information and a plurality of pieces of open website information, and judging whether protection open authority meets the use demand of an industrial user; if the use requirements of industrial users are met, marking a plurality of demand websites for guidance display; and if the use requirements of the industrial users are not met, performing upper-level authority application. The method and the device can carry out identity verification on the industrial user, determine the corresponding protection open authority according to the user identity information of the industrial user, and realize the adaptive adjustment of the protection authority to different industrial users, so that the use of enterprise employees with large authority requirements is not limited, and the risk of information leakage of enterprise employees with small authority requirements is reduced.

Description

Industrial firewall and protection method thereof
Technical Field
The invention belongs to the technical field of firewalls, and particularly relates to an industrial firewall and a protection method thereof.
Background
An industrial firewall is a protective barrier constructed with a combination of software and hardware devices at the boundary between an intranet and an extranet, and between a private network and a public network. The main functions of the industrial firewall comprise deep analysis of an industrial protocol, packet filtering, port scanning protection, security audit, malicious code protection, vulnerability protection, access permission limitation and the like.
In an industrial design and manufacturing enterprise, in order to prevent leakage of the technology of the enterprise, information of products not on the market, and the like, an industrial firewall is generally provided, and authority is set between an intranet and an extranet of the enterprise, so that the risk of information leakage is reduced. However, the existing industrial firewall is applied to an enterprise, a computer limited in authority by an industrial firewall part is usually set in a department or department, after the authority is set, the authority of the computer is usually fixed, and different protection authorities cannot be adjusted according to the use of different enterprise employees, so that the use of the enterprise employees with large authority requirements is limited, and the risk that the enterprise employees with small authority requirements reveal information is easily caused.
Disclosure of Invention
The embodiment of the invention aims to provide an industrial firewall and a protection method thereof, and aims to solve the problems in the background art.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
a method for protecting an industrial firewall specifically comprises the following steps:
receiving the use requirement information of the industrial user, performing identity verification and identification on the industrial user, and acquiring the user identity information of the industrial user after the verification is passed;
according to the user identity information, determining protection open authority of the industrial user, and acquiring a plurality of open website information according to the protection open authority;
integrating the use requirement information and the plurality of open website information to perform requirement analysis, and judging whether the protection open permission meets the use requirement of an industrial user;
if the use requirements of industrial users are met, screening the information of the plurality of open websites according to the use requirement information, and marking a plurality of required websites for guidance display;
and if the use requirements of the industrial users are not met, performing upper-level authority application, and performing related use processing according to the authority application result.
As a further limitation of the technical solution of the embodiment of the present invention, the receiving the use requirement information of the industrial user, performing identity verification and identification on the industrial user, and after the verification is passed, acquiring the user identity information of the industrial user specifically includes the following steps:
in the use process of an industrial user, displaying a demand receiving interface, and carrying out face shooting to obtain face shooting data;
acquiring the use requirement information of an industrial user on the requirement receiving interface;
according to the face shooting data, carrying out identity verification on the industrial user;
and after the identity authentication is passed, matching according to the face shooting data to obtain the user identity information of the industrial user.
As a further limitation of the technical solution of the embodiment of the present invention, the determining a protection open right of an industrial user according to the user identity information, and acquiring information of a plurality of open websites according to the protection open right specifically includes the following steps:
determining protection open authority of the industrial user according to the user identity information;
analyzing the protection opening authority to generate opening category information;
and acquiring a plurality of pieces of open website information according to the open type information.
As a further limitation of the technical solution of the embodiment of the present invention, the integrating the usage requirement information and the multiple pieces of open website information to perform requirement analysis and determining whether the protection open authority meets the usage requirement of the industrial user specifically includes the following steps:
analyzing the use requirement information to generate requirement category information;
matching a plurality of pieces of required website information according to the required category information;
performing demand difference analysis according to the plurality of open website information and the plurality of demand website information to generate a difference analysis result;
and judging whether the corresponding protection open authority meets the use requirement of the industrial user or not according to the difference analysis result.
As a further limitation of the technical solution of the embodiment of the present invention, if the usage requirement of the industrial user is met, the step of screening the information of the plurality of open websites according to the usage requirement information and marking the plurality of required websites for guidance display specifically includes the following steps:
if the use requirements of the industrial users are met, generating a requirement screening signal;
screening and marking a plurality of demand websites according to the demand screening signals and the use demand information;
analyzing and determining the use sequence of the plurality of required websites according to the use requirement information;
and arranging a plurality of the demand websites according to the using sequence, and generating and displaying a demand using interface.
As a further limitation of the technical solution of the embodiment of the present invention, if the usage requirement of the industrial user is not satisfied, the performing of the upper-level permission application specifically includes the following steps:
if the use requirements of the industrial users are not met, generating an authority application interface;
receiving application selection of an industrial user on the permission application interface;
performing superior authority application according to the difference analysis result, and receiving an authority application result;
and performing temporary permission opening or demand refusing operation according to the permission application result.
An industrial firewall, comprising an authentication identification unit, a permission analysis unit, a demand analysis unit, a website display unit and a permission processing unit, wherein:
the verification and identification unit is used for receiving the use requirement information of the industrial user, verifying and identifying the identity of the industrial user, and acquiring the user identity information of the industrial user after the verification is passed;
the authority analysis unit is used for determining the protection open authority of the industrial user according to the user identity information and acquiring a plurality of pieces of open website information according to the protection open authority;
the demand analysis unit is used for integrating the use demand information and the open website information to carry out demand analysis and judging whether the protection open authority meets the use demand of the industrial user or not;
the website display unit is used for screening the information of the plurality of open websites according to the use requirement information and marking a plurality of required websites for guidance display when the use requirement of an industrial user is met;
and the authority processing unit is used for carrying out superior authority application when the use requirements of the industrial users are not met, and carrying out related use processing according to the authority application result.
As a further limitation of the technical solution of the embodiment of the present invention, the verification identification unit specifically includes:
the interface shooting module is used for displaying a demand receiving interface and carrying out face shooting to obtain face shooting data in the use process of an industrial user;
the demand receiving module is used for receiving the demand information of the industrial user;
the identity authentication module is used for authenticating the identity of the industrial user according to the face shooting data;
and the identity matching module is used for matching and acquiring the user identity information of the industrial user according to the face shooting data after the identity verification is passed.
As a further limitation of the technical solution of the embodiment of the present invention, the permission analysis unit specifically includes:
the authority determining module is used for determining the protection open authority of the industrial user according to the user identity information;
the permission analysis module is used for analyzing the protection open permission to generate open type information;
and the permission processing module is used for acquiring a plurality of pieces of open website information according to the open type information.
As a further limitation of the technical solution of the embodiment of the present invention, the demand analysis unit specifically includes:
the demand analysis module is used for analyzing the use demand information to generate demand type information;
the website matching module is used for matching a plurality of pieces of required website information according to the required category information;
the difference analysis module is used for carrying out requirement difference analysis according to the plurality of pieces of open website information and the plurality of pieces of requirement website information to generate a difference analysis result;
and the satisfaction judging module is used for judging whether the corresponding protection open permission meets the use requirement of the industrial user or not according to the difference analysis result.
Compared with the prior art, the invention has the beneficial effects that:
the embodiment of the invention receives the use requirement information of the industrial user and carries out identity verification and identification on the industrial user; determining protection open authority of the industrial user according to the user identity information; the method comprises the steps of performing demand analysis by integrating use demand information and a plurality of pieces of open website information, and judging whether protection open authority meets the use demand of an industrial user; if the use requirements of industrial users are met, marking a plurality of demand websites for guidance display; and if the use requirements of the industrial users are not met, performing upper-level authority application. The method and the device can carry out identity verification on the industrial user, determine the corresponding protection open authority according to the user identity information of the industrial user, and realize the adaptive adjustment of the protection authority to different industrial users, so that the use of enterprise employees with large authority requirements is not limited, and the risk of information leakage of enterprise employees with small authority requirements is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
FIG. 1 is a flow chart illustrating a method provided by an embodiment of the present invention
FIG. 2 is a flow chart illustrating verification of demand information acquisition in a method provided by an embodiment of the present invention;
FIG. 3 is a flow chart illustrating analysis of protection open permissions in a method provided by an embodiment of the present invention;
FIG. 4 is a flowchart illustrating the analysis and judgment of the permission requirement in the method according to the embodiment of the present invention;
FIG. 5 is a flow chart illustrating the display of a desired website tag in the method according to the embodiment of the present invention;
fig. 6 shows a flowchart of upper-level permission application processing in the method provided by the embodiment of the present invention;
FIG. 7 is a diagram illustrating an application architecture of a firewall provided by an embodiment of the invention;
fig. 8 is a block diagram illustrating an authentication identification unit in a firewall according to an embodiment of the present invention;
fig. 9 is a block diagram illustrating a structure of a permission analysis unit in a firewall according to an embodiment of the present invention;
fig. 10 is a block diagram illustrating a structure of a requirement analysis unit in a firewall according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It can be understood that, the industrial firewall in the prior art is applied to an enterprise, and a computer limited in authority by the industrial firewall part is usually set in a department or department, and after the authority is set, the authority of the computer is usually fixed, and different protection authorities cannot be adjusted according to different employees, so that the use of the employees with the larger authority requirements is limited, and the risk that the employees with the smaller authority requirements reveal information is easily caused.
In order to solve the above problems, the embodiment of the present invention receives the usage requirement information of the industrial user, and performs authentication and identification on the industrial user; determining protection open authority of the industrial user according to the user identity information; the method comprises the steps of performing demand analysis by integrating use demand information and a plurality of pieces of open website information, and judging whether protection open authority meets the use demand of an industrial user; if the use requirements of industrial users are met, marking a plurality of demand websites for guidance display; and if the use requirements of the industrial users are not met, performing upper-level authority application. The method and the device can carry out identity verification on the industrial user, determine the corresponding protection open authority according to the user identity information of the industrial user, and realize the adaptive adjustment of the protection authority to different industrial users, so that the use of enterprise employees with large authority requirements is not limited, and the risk of information leakage of enterprise employees with small authority requirements is reduced.
Fig. 1 shows a flow chart of a method provided by an embodiment of the invention.
Specifically, the method for protecting the industrial firewall specifically comprises the following steps:
step S101, receiving the use requirement information of the industrial user, performing identity authentication and identification on the industrial user, and acquiring the user identity information of the industrial user after the authentication is passed.
In the embodiment of the invention, a computer limited by the authority of the industrial firewall part is arranged in a corresponding department of an enterprise, when an industrial user starts the computer for use, a requirement receiving interface is generated and displayed, the industrial user can input own requirements on the requirement receiving interface, the industrial user is shot in the input process of the requirements of the industrial user, the face shooting data of the industrial user is obtained, the use requirement information of the industrial user is further obtained, the identity authentication is carried out on the face shooting data of the industrial user, and the user identity information of the industrial user is obtained from the database in a matching way after the identity authentication is passed.
Specifically, fig. 2 shows a flowchart of verification of obtaining demand information in the method provided by the embodiment of the present invention.
In an embodiment of the present invention, the receiving the information of the use requirement of the industrial user, and performing authentication and identification on the industrial user, and after the authentication is passed, acquiring the user identity information of the industrial user specifically includes the following steps:
and step S1011, in the use process of the industrial user, displaying the demand receiving interface, and carrying out face shooting to obtain face shooting data.
Step S1012, obtaining the use requirement information of the industrial user on the requirement receiving interface.
And S1013, performing identity verification on the industrial user according to the face shooting data.
And step S1014, after the identity authentication is passed, matching and acquiring the user identity information of the industrial user according to the face shooting data.
Further, the method for adjusting the industrial intelligent terminal display further comprises the following steps:
and S102, determining protection open authority of the industrial user according to the user identity information, and acquiring a plurality of open website information according to the protection open authority.
In the embodiment of the invention, the protection opening authority of the industrial user set in the industrial firewall is determined according to the user identity information of the industrial user, the website types allowed to be opened for the industrial user are determined by analyzing the protection opening authority, the opening type information is generated, and then a plurality of websites allowed to be accessed by the industrial user are determined according to the opening type information, so that a plurality of pieces of opening website information are obtained.
Specifically, fig. 3 shows a flowchart of analysis of protection open permission in the method provided by the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the determining a protection open authority of an industrial user according to the user identity information, and acquiring information of a plurality of open websites according to the protection open authority specifically includes the following steps:
and S1021, determining the protection open authority of the industrial user according to the user identity information.
Step S1022, the protection opening authority is analyzed, and opening category information is generated.
Step S1023, a plurality of pieces of open site information are acquired according to the open category information.
Further, the method for adjusting the industrial intelligent terminal display further comprises the following steps:
and S103, integrating the use requirement information and the plurality of pieces of open website information to perform requirement analysis, and judging whether the protection open permission meets the use requirement of the industrial user.
In the embodiment of the invention, the use requirement information is analyzed to determine the website type of the industrial user with the access requirement, the requirement type information is generated, a plurality of websites which can be accessed in the computer are matched according to the requirement type information, a plurality of websites corresponding to the access requirement of the industrial user are determined, a plurality of required website information is generated, then the plurality of open website information and the plurality of required website information are comprehensively analyzed, the conformity degree of the plurality of websites corresponding to the plurality of open website information and the plurality of websites corresponding to the plurality of required website information is judged, a difference analysis result is generated, and then whether the corresponding protection open permission meets the use requirement of the industrial user or not is judged according to the difference analysis result.
Specifically, fig. 4 shows a flowchart of permission requirement analysis and judgment in the method provided by the embodiment of the present invention.
In an embodiment of the present invention, the integrating the usage requirement information and the multiple pieces of open website information to perform requirement analysis and determining whether the protection open permission meets the usage requirement of the industrial user specifically includes:
and step S1031, analyzing the use requirement information and generating requirement type information.
And S1032, matching a plurality of pieces of required website information according to the required category information.
And step S1033, performing demand difference analysis according to the plurality of pieces of open website information and the plurality of pieces of demand website information, and generating a difference analysis result.
And S1034, judging whether the corresponding protection open authority meets the use requirement of the industrial user or not according to the difference analysis result.
Further, the method for adjusting the industrial intelligent terminal display further comprises the following steps:
and step S104, if the use requirements of the industrial users are met, screening the information of the plurality of open websites according to the use requirement information, and marking the plurality of required websites for guidance display.
In the embodiment of the invention, under the condition of meeting the use requirements of industrial users, a requirement screening signal is generated, a plurality of required websites meeting the user requirements are screened from a plurality of websites corresponding to a plurality of open website information according to the use requirement information, the requirement use sequence of the required websites is analyzed according to the use requirement information, the required websites are arranged according to the use sequence determined by analysis, a requirement use interface is generated and displayed, and therefore the industrial users can conveniently and quickly access the required websites through the requirement use interface.
Specifically, fig. 5 shows a flowchart of the display of the mark of the demanded website in the method according to the embodiment of the present invention.
In a preferred embodiment of the present invention, if the usage requirement of the industrial user is met, the step of screening the information of the plurality of open websites and marking the plurality of required websites for guidance and display according to the information of the usage requirement specifically includes the following steps:
and step S1041, if the use requirements of the industrial users are met, generating a requirement screening signal.
Step S1042, according to the demand screening signal, screening and marking a plurality of demand websites according to the use demand information.
And step S1043, analyzing and determining the use sequence of the plurality of demand websites according to the use demand information.
And S1044, arranging the plurality of demand websites according to the use sequence, and generating and displaying a demand use interface.
Further, the method for adjusting the industrial intelligent terminal display further comprises the following steps:
and step S105, if the use requirements of the industrial users are not met, the upper-level authority application is carried out, and the related use processing is carried out according to the authority application result.
In the embodiment of the invention, under the condition that the use requirement of an industrial user is not met, an authority application interface is generated, if the industrial user wants to apply the authority, a corresponding application position is clicked on the authority application interface, at the moment, a corresponding upper-level authority application is generated according to a difference analysis result, the upper-level authority application is sent to a computer of a previous-level manager, the authority application result sent by the computer of the previous-level manager in a feedback mode is received, when the authority application result is the permission application, the authority is temporarily opened, and at the moment, the industrial user can access other websites corresponding to the temporarily opened authority; and when the permission application result is application refusal, refusing the requirement operation, wherein the industrial user can not complete the corresponding requirement.
Specifically, fig. 6 shows a flowchart of upper-level permission application processing in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the performing a superior authority application if the usage requirement of the industrial user is not satisfied, and performing the related usage processing according to the authority application result specifically includes the following steps:
and step S1051, if the use requirement of the industrial user is not met, generating an authority application interface.
And step S1052, receiving application selection of the industrial user on the authority application interface.
And S1053, according to the difference analysis result, performing superior authority application and receiving an authority application result.
And step S1054, performing temporary permission opening or demand refusing operation according to the permission application result.
Further, fig. 7 shows an application architecture diagram of a firewall according to an embodiment of the present invention.
In another preferred embodiment, the present invention provides an industrial firewall, comprising:
the verification and identification unit 101 is configured to receive the usage requirement information of the industrial user, perform identity verification and identification on the industrial user, and obtain user identity information of the industrial user after the verification is passed.
In the embodiment of the invention, a computer limited by an industrial firewall part is arranged in a corresponding department of an enterprise, a verification identification unit 101 generates and displays a requirement receiving interface when an industrial user starts the computer for use, the industrial user can input own requirements on the requirement receiving interface, and shoot the industrial user in the input process of the requirement of the industrial user to obtain the facial shooting data of the industrial user so as to obtain the use requirement information of the industrial user, the identification is carried out on the facial shooting data of the industrial user, and the user identity information of the industrial user is obtained by matching from a database after the identification passes.
Specifically, fig. 8 shows a block diagram of the structure of the authentication and identification unit 101 in the firewall according to the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the verification and identification unit 101 specifically includes:
and the interface shooting module 1011 is used for displaying a required receiving interface and carrying out face shooting to obtain face shooting data in the use process of the industrial user.
A requirement obtaining module 1012, configured to obtain, in the requirement receiving interface, the usage requirement information of the industrial user.
And the identity authentication module 1013 is configured to authenticate the industrial user according to the face shooting data.
And the identity pairing module 1014 is used for acquiring the user identity information of the industrial user in a pairing manner according to the face shooting data after the identity authentication is passed.
Further, the industrial firewall further comprises:
and the permission analysis unit 102 is configured to determine a protection open permission of the industrial user according to the user identity information, and acquire information of a plurality of open websites according to the protection open permission.
In the embodiment of the present invention, the permission analysis unit 102 determines the protection opening permission of the industrial user set in the industrial firewall according to the user identity information of the industrial user, determines the types of websites permitted to be opened for the industrial user by analyzing the protection opening permission, generates opening category information, and further determines a plurality of websites permitted to be accessed by the industrial user according to the opening category information, thereby obtaining a plurality of pieces of opening website information.
Specifically, fig. 9 shows a block diagram of a structure of the permission analysis unit 102 in the firewall according to the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the authority analysis unit 102 specifically includes:
and an authority determining module 1021, configured to determine a protection open authority of the industrial user according to the user identity information.
The permission analysis module 1022 is configured to analyze the protection opening permission to generate opening category information.
The permission processing module 1023 is configured to obtain information of a plurality of open websites according to the open category information.
Further, the industrial firewall further comprises:
and the requirement analysis unit 103 is configured to perform requirement analysis by integrating the use requirement information and the plurality of pieces of open website information, and determine whether the protection open permission meets the use requirement of the industrial user.
In the embodiment of the present invention, the requirement analysis unit 103 analyzes the usage requirement information, determines a website category of the industrial user having an access requirement, generates requirement category information, matches a plurality of websites accessible in the computer according to the requirement category information, determines a plurality of websites corresponding to the access requirement of the industrial user, generates a plurality of required website information, further performs comprehensive analysis on the plurality of open website information and the plurality of required website information, determines a degree of conformity between the plurality of websites corresponding to the plurality of open website information and the plurality of websites corresponding to the plurality of required website information, generates a difference analysis result, and further determines whether the corresponding protection open right satisfies the usage requirement of the industrial user according to the difference analysis result.
Specifically, fig. 10 shows a block diagram of a structure of the requirement analysis unit 103 in the firewall according to the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the requirement analysis unit 103 specifically includes:
and a requirement analysis module 1031, configured to analyze the usage requirement information and generate requirement category information.
And a website matching module 1032 configured to match the multiple pieces of required website information according to the required category information.
A difference analysis module 1033, configured to perform a difference analysis on the demand according to the multiple pieces of open website information and the multiple pieces of demand website information, and generate a difference analysis result.
A satisfaction judging module 1034 for judging whether the corresponding protection open authority meets the use requirement of the industrial user according to the difference analysis result.
Further, the industrial firewall further comprises:
and the website display unit 104 is configured to, when the use requirements of the industrial users are met, screen the information of the plurality of open websites according to the use requirement information, and mark a plurality of required websites for guidance display.
In the embodiment of the present invention, under the condition that the use requirements of the industrial user are met, the website display unit 104 generates a requirement screening signal, and then screens a plurality of requirement websites meeting the user requirements from a plurality of websites corresponding to the plurality of open website information according to the use requirement information, and analyzes the requirement use sequence of the plurality of requirement websites according to the use requirement information, and then arranges the plurality of requirement websites according to the use sequence determined by the analysis to generate a requirement use interface, and displays the requirement use interface, so that the industrial user can conveniently and quickly access the plurality of requirement websites through the requirement use interface.
And the authority processing unit 105 is used for carrying out upper authority application when the use requirements of the industrial users are not met, and carrying out related use processing according to the authority application result.
In the embodiment of the present invention, under the condition that the use requirements of the industrial user are not satisfied, the permission processing unit 105 generates a permission application interface, if the industrial user wants to perform permission application, a corresponding application position is clicked on the permission application interface, at this time, a corresponding upper permission application is generated according to a difference analysis result, the upper permission application is sent to the computer of the upper manager, and the permission application result sent by the computer of the upper manager is received, when the permission application result is an application agreement, the permission is temporarily opened, and at this time, the industrial user can access other websites corresponding to the temporarily opened permission; and when the permission application result is application refusal, refusing the requirement operation, wherein the industrial user can not complete the corresponding requirement.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Claims (10)

1. The industrial firewall protection method is characterized by comprising the following steps:
receiving the use requirement information of the industrial user, performing identity verification and identification on the industrial user, and acquiring the user identity information of the industrial user after the verification is passed;
according to the user identity information, determining protection open authority of the industrial user, and acquiring a plurality of pieces of open website information according to the protection open authority;
integrating the use requirement information and the plurality of open website information to perform requirement analysis, and judging whether the protection open permission meets the use requirement of an industrial user;
if the use requirements of industrial users are met, screening the information of the plurality of open websites according to the use requirement information, and marking a plurality of required websites for guidance display;
specifically, under the condition that the use requirements of industrial users are met, a requirement screening signal is generated, a plurality of requirement websites meeting the user requirements are screened from a plurality of websites corresponding to a plurality of open website information according to the use requirement information, the requirement use sequence of the plurality of requirement websites is analyzed according to the use requirement information, the plurality of requirement websites are arranged according to the use sequence determined by analysis, a requirement use interface is generated, and the requirement use interface is displayed;
and if the use requirements of the industrial users are not met, performing upper-level authority application, and performing related use processing according to the authority application result.
2. The industrial firewall protection method according to claim 1, wherein the receiving of the usage requirement information of the industrial user, the authentication and identification of the industrial user, and the obtaining of the user identity information of the industrial user after the authentication specifically comprises the following steps:
in the use process of an industrial user, displaying a demand receiving interface, and carrying out face shooting to obtain face shooting data;
acquiring the use requirement information of an industrial user on the requirement receiving interface;
according to the face shooting data, carrying out identity verification on the industrial user;
and after the identity authentication is passed, matching according to the face shooting data to obtain the user identity information of the industrial user.
3. The industrial firewall protection method according to claim 1, wherein the determining a protection opening right of an industrial user according to the user identity information, and acquiring information of a plurality of open websites according to the protection opening right specifically comprises the following steps:
determining protection open authority of the industrial user according to the user identity information;
analyzing the protection opening authority to generate opening category information;
and acquiring a plurality of pieces of open website information according to the open type information.
4. The industrial firewall protection method according to claim 1, wherein the integrating the usage requirement information and the plurality of open website information to perform requirement analysis and determining whether the protection open permission meets the usage requirement of the industrial user specifically comprises the following steps:
analyzing the use requirement information to generate requirement category information;
matching a plurality of pieces of required website information according to the required category information;
performing demand difference analysis according to the plurality of open website information and the plurality of demand website information to generate a difference analysis result;
and judging whether the corresponding protection open authority meets the use requirement of the industrial user or not according to the difference analysis result.
5. The industrial firewall protection method according to claim 1, wherein if the usage requirement of an industrial user is satisfied, the step of screening the information of the plurality of open websites and marking the plurality of required websites for guidance display according to the information of the usage requirement specifically comprises the steps of:
if the use requirements of the industrial users are met, generating a requirement screening signal;
screening and marking a plurality of demand websites according to the demand screening signals and the use demand information;
analyzing and determining the use sequence of the plurality of required websites according to the use requirement information;
and arranging a plurality of the demand websites according to the using sequence, and generating and displaying a demand using interface.
6. The industrial firewall protection method according to claim 4, wherein if the usage requirement of the industrial user is not satisfied, the upper-level permission application is performed, and the performing of the related usage processing according to the permission application result specifically includes the following steps:
if the use requirements of the industrial users are not met, generating an authority application interface;
receiving application selection of an industrial user on the permission application interface;
according to the difference analysis result, performing upper-level authority application and receiving an authority application result;
and performing temporary permission opening or demand refusing operation according to the permission application result.
7. An industrial firewall, comprising an authentication identification unit, a permission analysis unit, a demand analysis unit, a website display unit, and a permission processing unit, wherein:
the verification and identification unit is used for receiving the use requirement information of the industrial user, verifying and identifying the identity of the industrial user, and acquiring the user identity information of the industrial user after the verification is passed;
the authority analysis unit is used for determining the protection open authority of the industrial user according to the user identity information and acquiring a plurality of pieces of open website information according to the protection open authority;
the demand analysis unit is used for integrating the use demand information and the plurality of pieces of open website information to perform demand analysis and judging whether the protection open permission meets the use demand of the industrial user;
the website display unit is used for screening the information of the plurality of open websites according to the use requirement information and marking a plurality of required websites for guidance display when the use requirement of an industrial user is met;
specifically, under the condition that the use requirements of industrial users are met, a website display unit generates a requirement screening signal, then screens a plurality of required websites meeting the user requirements from a plurality of websites corresponding to a plurality of open website information according to the use requirement information, analyzes the requirement use sequence of the plurality of required websites according to the use requirement information, then arranges the plurality of required websites according to the use sequence determined by analysis, generates a requirement use interface, and displays the requirement use interface;
and the authority processing unit is used for carrying out superior authority application when the use requirements of the industrial users are not met, and carrying out related use processing according to the authority application result.
8. The industrial firewall according to claim 7, wherein the authentication and identification unit specifically comprises:
the interface shooting module is used for displaying a demand receiving interface and carrying out face shooting to obtain face shooting data in the use process of an industrial user;
the demand receiving module is used for receiving the demand information of the industrial user;
the identity authentication module is used for authenticating the identity of the industrial user according to the face shooting data;
and the identity matching module is used for matching and acquiring the user identity information of the industrial user according to the face shooting data after the identity verification is passed.
9. The industrial firewall according to claim 7, wherein the permission analysis unit specifically comprises:
the authority determining module is used for determining the protection open authority of the industrial user according to the user identity information;
the permission analysis module is used for analyzing the protection open permission to generate open type information;
and the permission processing module is used for acquiring a plurality of pieces of open website information according to the open type information.
10. The industrial firewall according to claim 7, wherein the demand analysis unit specifically comprises:
the demand analysis module is used for analyzing the use demand information to generate demand type information;
the website matching module is used for matching a plurality of pieces of required website information according to the required category information;
the difference analysis module is used for carrying out requirement difference analysis according to the plurality of pieces of open website information and the plurality of pieces of requirement website information to generate a difference analysis result;
and the satisfaction judging module is used for judging whether the corresponding protection open permission meets the use requirement of the industrial user or not according to the difference analysis result.
CN202211372938.7A 2022-11-04 2022-11-04 Industrial firewall and protection method thereof Active CN115426203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211372938.7A CN115426203B (en) 2022-11-04 2022-11-04 Industrial firewall and protection method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211372938.7A CN115426203B (en) 2022-11-04 2022-11-04 Industrial firewall and protection method thereof

Publications (2)

Publication Number Publication Date
CN115426203A CN115426203A (en) 2022-12-02
CN115426203B true CN115426203B (en) 2023-03-24

Family

ID=84207599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211372938.7A Active CN115426203B (en) 2022-11-04 2022-11-04 Industrial firewall and protection method thereof

Country Status (1)

Country Link
CN (1) CN115426203B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115842687A (en) * 2023-02-28 2023-03-24 中国人民解放军军事科学院战争研究院 Data transmission method and system based on cloud transmission platform

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002298009A (en) * 2001-03-30 2002-10-11 Japan Research Institute Ltd Site integration system and site access method
CN1822005A (en) * 2006-04-07 2006-08-23 张天山 Information pushing system and method based on web sit automatic forming and search engine
CN101183968A (en) * 2006-11-14 2008-05-21 中兴通讯股份有限公司 Gateway equipment login and automatic configuration method
CN102957698A (en) * 2012-10-26 2013-03-06 北京奇虎科技有限公司 Method and system for accessing and managing enterprise intranet
CN105024982A (en) * 2014-04-29 2015-11-04 ***通信集团设计院有限公司 Method and device for network access and server
CN105046125A (en) * 2015-08-18 2015-11-11 浙江中烟工业有限责任公司 OA system application access method based on leveling system
CN107959585A (en) * 2017-11-08 2018-04-24 新华三信息安全技术有限公司 A kind of firewall configuration method, apparatus and electronic equipment
CN113987395A (en) * 2021-10-18 2022-01-28 北京天融信网络安全技术有限公司 Test website building method and system based on cloud service WEB monitoring

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150254248A1 (en) * 2014-03-07 2015-09-10 Printeron Inc. System for suggesting network resource for use by a network terminal based on network resource ranking

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002298009A (en) * 2001-03-30 2002-10-11 Japan Research Institute Ltd Site integration system and site access method
CN1822005A (en) * 2006-04-07 2006-08-23 张天山 Information pushing system and method based on web sit automatic forming and search engine
CN101183968A (en) * 2006-11-14 2008-05-21 中兴通讯股份有限公司 Gateway equipment login and automatic configuration method
CN102957698A (en) * 2012-10-26 2013-03-06 北京奇虎科技有限公司 Method and system for accessing and managing enterprise intranet
CN105024982A (en) * 2014-04-29 2015-11-04 ***通信集团设计院有限公司 Method and device for network access and server
CN105046125A (en) * 2015-08-18 2015-11-11 浙江中烟工业有限责任公司 OA system application access method based on leveling system
CN107959585A (en) * 2017-11-08 2018-04-24 新华三信息安全技术有限公司 A kind of firewall configuration method, apparatus and electronic equipment
CN113987395A (en) * 2021-10-18 2022-01-28 北京天融信网络安全技术有限公司 Test website building method and system based on cloud service WEB monitoring

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
企业网络行为管理与控制技术研究;张洪美;《信息技术与信息化》;20130215(第01期);全文 *

Also Published As

Publication number Publication date
CN115426203A (en) 2022-12-02

Similar Documents

Publication Publication Date Title
EP2605567B1 (en) Methods and systems for increasing the security of network-based transactions
CN109951436B (en) Trusted terminal verification method and device
CN110620782A (en) Account authentication method and device, computer equipment and storage medium
CN107395359B (en) Electronic data evidence fixing method, terminal and system
EP2657880A1 (en) Systems and methods for combined physical and cyber data security
CN107566350B (en) Security configuration vulnerability monitoring method and device and computer readable storage medium
CN115426203B (en) Industrial firewall and protection method thereof
CN110990883A (en) Data access method, data access device, computer-readable storage medium and computer equipment
CN112632581A (en) User data processing method and device, computer equipment and storage medium
CN115442143B (en) Electronic signature method, device, equipment and readable medium
CN115292294A (en) Database security management method and system
CN105447357A (en) Application processing method and terminal
CN116503183B (en) Safety data security encryption method and system
CN105678193A (en) Tamper-proof processing method and device
CN110647641A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN114925141B (en) Cloud primary automation deployment management system and method based on block chain
CN108834147A (en) Examine WiFi cipher safety method, apparatus, computer equipment and storage medium
WO2016112712A1 (en) Secure access method, apparatus, and terminal, storage medium
CN112422527A (en) Safety protection system, method and device of transformer substation electric power monitoring system
CN111652720A (en) Cloud evidence obtaining method and device, computer equipment and storage medium
US20210067739A1 (en) Systems and methods of using a blockchain to secure a building management system
CN111797005A (en) Gateway interface analysis method and device, computer equipment and storage medium
CN110958236A (en) Dynamic authorization method of operation and maintenance auditing system based on risk factor insight
CN111862428B (en) Access control method and device
CN112383536B (en) Firewall verification method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant