CN116418578A - Integrated equipment identity access platform based on national network chain and national network cloud - Google Patents
Integrated equipment identity access platform based on national network chain and national network cloud Download PDFInfo
- Publication number
- CN116418578A CN116418578A CN202310364839.2A CN202310364839A CN116418578A CN 116418578 A CN116418578 A CN 116418578A CN 202310364839 A CN202310364839 A CN 202310364839A CN 116418578 A CN116418578 A CN 116418578A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- unit
- terminal equipment
- national network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 claims abstract description 22
- 238000012795 verification Methods 0.000 claims abstract description 12
- 238000002955 isolation Methods 0.000 claims description 16
- 238000012544 monitoring process Methods 0.000 claims description 16
- 230000001815 facial effect Effects 0.000 claims description 9
- 238000007726 management method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 5
- 230000010354 integration Effects 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Alarm Systems (AREA)
Abstract
The invention discloses an identity access platform based on a national network chain and a national network cloud integrated device, and particularly relates to the technical field of identity access, comprising an information acquisition module, wherein the information acquisition module is used for acquiring personnel information working in a power grid system; the input end of the information storage module is connected with the output end of the information acquisition module, the information storage module is used for storing the information acquired by the information acquisition module. According to the invention, the external terminal equipment is identified through the terminal equipment IP address identification unit, the IP address information of the identified terminal equipment is compared with the IP address information stored in the information acquisition module by the IP address comparison unit, the access range of the equipment is limited by the access authority limiting unit, and the security of the terminal equipment is determined by transmitting the verification code by the authorization authentication unit, so that the security of a power grid system is ensured, and only the safe terminal equipment can be accessed into a national network chain and a national network cloud.
Description
Technical Field
The invention relates to the technical field of identity access, in particular to an identity access platform based on a national network chain and a national network cloud integrated device.
Background
In recent years, the energy internet construction of the national power grid company with high integration development of energy sources, information streams and service streams is comprehensively upgraded, a blockchain public service platform with strong public service capability, namely a national network chain, is created, and is directly used for the energy internet construction, so that the internal quality improvement and the efficiency increase are realized, the external integration development is realized, and the blockchain station called as a trust machine stands under the high light of the era. "blockchain" is a new software technology that enables value transfer. Nowadays, more and more industries of finance, internet management, government work, medical treatment, copyright management, internet of things, energy, and the like start using blockchains. It integrates the computer technologies of distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, etc. The method is characterized in that the method comprises a decentralizing database, namely a series of data blocks associated with a cryptography method, wherein each data block comprises information of a batch of network transactions and is used for verifying the validity of the information. The internet is like an information highway, while the blockchain makes the information society safer and more efficient.
In addition, the national network cloud released by the national power grid comprises an enterprise management cloud, a public service cloud and a production control cloud (hereinafter referred to as three clouds), and is composed of an integrated national network cloud platform (hereinafter referred to as a cloud platform) and various service applications supported by the integrated national network cloud platform. The enterprise management cloud is used for covering the resources and services of the management area and supporting enterprise management, analysis decision-making and comprehensive management business; the public service cloud is a resource and service covering an external network area and supports services such as electric power marketing, customer service, electronic commerce and the like; the production control cloud is a resource and service covering a production large area, and supports, regulates and controls operation and management business. The cloud platform on which the three clouds depend consists of cloud infrastructure, cloud platform components, cloud service centers and cloud security suites, can realize the integrated management of IT resources such as facilities, data, services, applications and the like, further improves the service level such as information storage, transmission, integration, sharing and the like, forcefully promotes business integration, shortens the online period of the applications, responds to business changes rapidly, obviously improves user experience, and enhances the operation reliability of the system.
The safety of the national power grid relates to daily life of residents, enterprises, units and the like of each power consumption, the work efficiency of the power grid industry is greatly improved along with popularization of national network chains and national network clouds, but illegal persons threaten the safety of a power grid system through channels of the network at present when the network technology is continuously developed, and when an external computer needs to be accessed into the power grid system due to business, if the external computer is not identified, potential safety hazards are caused, the safety of the power grid system is threatened, and moreover, as the illegal persons invade the power grid system remotely, the geographical position of an invader is difficult to discover in the first time when the invasion danger exists in the power grid.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides an identity access platform based on a national network chain and a national network cloud integrated device, which is characterized in that a terminal device IP address identification unit is used for identifying external terminal devices used by login personnel, an IP address comparison unit is used for comparing the IP address information of the identified terminal devices with the IP address information stored in an information acquisition module, an access authority limiting unit is used for limiting the access range of the devices, an authorization authentication unit is used for sending verification codes to determine the safety of the terminal devices, so that the safety of a power grid system is ensured, and only safe terminal devices can be accessed into the national network chain and the national network cloud, thereby solving the problems in the background art.
In order to achieve the above purpose, the present invention provides the following technical solutions: based on integrative equipment identity access platform of national network chain and national network cloud, include:
the information acquisition module is used for acquiring personnel information working in the power grid system;
the input end of the information storage module is connected with the output end of the information acquisition module, and the information storage module is used for storing the information acquired by the information acquisition module;
the login authentication module is connected with the connecting end of the information storage module, provides a login inlet of the power grid system and performs security comparison on terminal equipment used by first-level login personnel of the login personnel identity information;
the terminal equipment identification module is used for identifying the IP address of the terminal equipment used by the login personnel;
the VPN access module is used for accessing the terminal equipment used by the login personnel passing through the identification into a national network chain and a national network cloud;
the isolation observation module is used for verifying the safety of external terminal equipment;
the input end of the positioning monitoring module is connected with the output end of the isolation observation module, and the positioning monitoring module is used for positioning external terminal equipment, monitoring the operation authority of a login user of the equipment and disconnecting the access terminal.
In a preferred embodiment, the information acquisition module comprises an identity information acquisition unit, a biological identification information input unit and an authorization equipment information input unit, wherein the identity information acquisition unit is used for acquiring second-generation identity card information of power grid staff, power grid work position information and a used mobile phone number;
the biological identification information input unit is used for acquiring facial information and voiceprint information of power grid staff;
the authorization equipment information input unit is used for acquiring IP address information of terminal equipment used by power grid staff during on duty.
In a preferred embodiment, the identity information acquisition unit acquires the identity information of the power grid staff by adopting a second-generation identity card identifier, and the identity information acquisition unit acquires the position information of the power grid staff and the used mobile phone number in the form of a network questionnaire;
the biological identification information input unit collects facial information of the power grid workers through the camera and collects voiceprint information of the power grid workers through the sound collector.
In a preferred embodiment, the information storage module backs up the employee information collected by the identity information collection unit, the biometric information entry unit, and the authorization device information entry unit in the form of cloud storage.
In a preferred embodiment, the login authentication module comprises a user account input unit and a user information comparison unit, wherein the user account input unit is used for a power grid employee to input a login account and a password to login a national network chain and a national network cloud to provide a login inlet;
the user information comparison unit is used for searching whether the account exists in the information storage module and outputting a comparison result.
In a preferred embodiment, the login account is an identification card number of the power grid employee, and the password is set for the power grid employee.
In a preferred embodiment, the terminal device identification module includes a terminal device IP address identification unit and an IP address comparison unit, where the terminal device IP address identification unit is configured to obtain an IP address of a terminal device used by a login account;
the IP address comparison unit is used for comparing the IP address identified by the terminal equipment IP address identification unit with the IP address stored in the information storage module and outputting a comparison result.
In a preferred embodiment, the isolation observation module includes an access right limiting unit and an authorization authentication unit, where the access right limiting unit is used to set the access right of the terminal device with inconsistent comparison results output by the IP address comparison unit;
the authorization authentication unit is used for issuing a verification code to the mobile phone number bound by the login account to verify the security of the terminal equipment with inconsistent comparison results output by the IP address comparison unit.
The invention has the technical effects and advantages that:
1. the information acquisition module is used for acquiring personnel information working in the power grid system, including identity card information, mobile phone number, job position information, face information, voiceprint information and IP address of terminal equipment used in job time of job staff, and the information is backed up in the information storage module, so that when the personnel log in, the information is used for verifying and comparing the logged-in personnel, and the user entering the national network chain and the national network cloud is ensured to be the job staff of the power grid, so that the safety of the external personnel threatening the power grid system is prevented;
2. identifying external terminal equipment used by login personnel through a terminal equipment IP address identification unit, comparing the IP address information of the identified terminal equipment with the IP address information stored in an information acquisition module by utilizing an IP address comparison unit, limiting the access range of the equipment by utilizing an access right limiting unit when the comparison is inconsistent so as to ensure the safety of a power grid system, transmitting a verification code by utilizing an authorization authentication unit to determine the safety of the terminal equipment, and accessing the terminal equipment into a national network chain and a national network cloud through a VPN access module after the safety is confirmed;
3. the operation of the external access equipment is monitored in real time by utilizing the positioning monitoring module, and the geographic position of the equipment can be determined by utilizing the authorization terminal positioning unit at the first time when the external access equipment is accessed to the power grid system, so that the geographic position of an illegal molecule which invades the power grid system can be conveniently and timely found, the illegal molecule is helpful to capture the illegal molecule, and the access of the equipment is timely disconnected by utilizing the authorization terminal monitoring unit when the behavior that the user of the equipment has override authority is found, so that the safety of the power grid system can be favorably maintained.
Drawings
FIG. 1 is a schematic block diagram of the present invention;
FIG. 2 is a schematic diagram of an information acquisition module according to the present invention;
FIG. 3 is a schematic diagram of a login authentication module according to the present invention;
FIG. 4 is a schematic diagram of a terminal device identification module according to the present invention;
FIG. 5 is a schematic diagram of an isolated viewing module according to the present invention;
FIG. 6 is a schematic diagram of a positioning monitor module according to the present invention.
The reference numerals are: 1. an information acquisition module; 101. an identity information acquisition unit; 102. a biometric information input unit; 103. an authorization device information input unit;
2. an information storage module;
3. logging in an authentication module; 301. a user account input unit; 302. a user information comparison unit;
4. a terminal equipment identification module; 401. a terminal equipment IP address identification unit; 402. an IP address comparison unit;
5. a VPN access module;
6. isolating the observation module; 601. an access right limiting unit; 602. an authorization authentication unit;
7. a positioning monitoring module; 701. an authorized terminal positioning unit; 702. an authorized terminal monitoring unit.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1 and 2 of the specification, the invention provides an integrated equipment identity access platform based on a national network chain and a national network cloud, comprising: the information acquisition module 1 is used for acquiring personnel information working in a power grid system;
the information acquisition module 1 comprises an identity information acquisition unit 101, a biological identification information input unit 102 and an authorization equipment information input unit 103, wherein the identity information acquisition unit 101 is used for acquiring second-generation identity card information of power grid staff, power grid work position information and a used mobile phone number; the biological identification information input unit 102 is used for collecting facial information and voiceprint information of power grid staff; the identity information acquisition unit 101 acquires the identity information of the power grid staff by adopting a second-generation identity card identifier, and the identity information acquisition unit 101 acquires the position information of the power grid staff and the used mobile phone number in a form of a network questionnaire; the biological identification information input unit 102 collects facial information of the power grid workers through a camera and collects voiceprint information of the power grid workers through a sound collector; the authorized equipment information input unit 103 is used for collecting the IP address information of the terminal equipment used by the power grid staff during on-duty.
The system further comprises an information storage module 2 shown in fig. 1, wherein the input end of the information storage module 2 is connected with the output end of the information acquisition module 1, and the information storage module 2 is used for storing information acquired by the information acquisition module 1; the information storage module 2 backs up employee information collected by the identity information acquisition unit 101, the biometric information input unit 102 and the authorization equipment information input unit 103 in a cloud storage mode;
the system also comprises a login authentication module 3 as shown in fig. 1 and 3, wherein the connecting end of the login authentication module 3 is connected with the connecting end of the information storage module 2, and the login authentication module 3 provides a login inlet of a power grid system and performs security comparison on terminal equipment used by first-level login personnel of login personnel identity information; the login authentication module 3 comprises a user account input unit 301 and a user information comparison unit 302, wherein the user account input unit 301 is used for a power grid worker to input a login account and a password to login a national network chain and a national network cloud to provide a login inlet, the login account is an identity card number of the power grid worker, and the password is set by the power grid worker; the user information comparing unit 302 is configured to search whether the account exists in the information storage module 2 and output a comparison result.
The terminal equipment identification module 4 is shown in fig. 1 and 4, the input end of the terminal equipment identification module 4 is connected with the output end of the login authentication module 3 and the output end of the information storage module 2, and the terminal equipment identification module 4 is used for identifying the IP address of the terminal equipment used by login personnel; the terminal equipment identification module 4 comprises a terminal equipment IP address identification unit 401 and an IP address comparison unit 402, wherein the terminal equipment IP address identification unit 401 is used for acquiring the IP address of the terminal equipment used by the login account; the IP address comparing unit 402 is configured to compare the IP address identified by the terminal device IP address identifying unit 401 with the IP address stored in the information storage module 2, and output a comparison result.
The system further comprises a VPN access module 5 shown in fig. 1, wherein the input end of the VPN access module 5 is connected with the output end of the terminal equipment identification module 4, and the VPN access module 5 is used for accessing the terminal equipment used by the identified login personnel into a national network chain and a national network cloud;
the system further comprises an isolation observation module 6 as shown in fig. 1 and 5, wherein the output end of the isolation observation module 6 is connected with the output end of the input phrase terminal equipment identification module 4, the output end of the isolation observation module 6 is connected with the input end of the VPN access module 5, the isolation observation module 6 is used for verifying the security of external terminal equipment, the isolation observation module 6 comprises an access right limiting unit 601 and an authorization authentication unit 602, and the access right limiting unit 601 is used for setting the access right of the terminal equipment with inconsistent comparison results output by the IP address comparison unit 402; the authorization authentication unit 602 is configured to issue a verification code to a mobile phone number bound to the login account to verify security of the terminal device with inconsistent comparison result output by the IP address comparison unit 402.
Also included is a location monitoring module 7 as shown in fig. 6, the input of the location monitoring module 7 being connected to the output of the isolation observation module 6, the location monitoring module 7 being configured to locate a foreign terminal device, monitor the operating rights of a logged-in user of the device, and enable disconnection of the access terminal.
The process of entering the grid system by the incumbent staff of the grid system is as follows:
step one, a user account number input unit 301 in a login authentication module 3 inputs a login account number and a password of the user, then a user information comparison unit 302 checks whether information about the account is stored in an information storage module 2 according to the input login account number and password, if information about the account exists in an information acquisition module 1, the login person can be determined to be an incumbent employee of a power grid system, if information about the login account number does not exist, the login person is not an incumbent employee of the power grid system, that is, if a potential safety hazard exists in the login behavior of the login person, the login person is refused to access a national network chain and a national network cloud, meanwhile, facial information of the login person can be acquired through a camera of the terminal device and compared with information stored in the information acquisition module 1 to determine the identity of the login person, and if the facial information of the login person is not in alignment with the facial information stored in the information acquisition module 1, the login person is refused to access the national network chain and the national network cloud;
secondly, after the login account passes authentication, the terminal equipment identification module 4 recognizes the record of the terminal equipment used by the login account, the IP address of the terminal equipment is obtained through the terminal equipment IP address identification unit 401, then the obtained IP address is compared with a plurality of IP addresses stored in the information acquisition module 1 through the IP address comparison unit 402, and if consistent IP address information exists, the fact that the terminal equipment used by the login account is office equipment provided by a power grid system is safe is indicated; then the safe equipment can be accessed into the national network chain and the national network cloud or obtain related resource information through the VPN access module 5;
step three, if the comparison shows that the same IP account number does not exist, the terminal equipment is not office equipment provided by the power grid system, the terminal equipment is judged to be external equipment, and safety hidden danger exists, the terminal equipment needs to be subjected to safety verification through the isolation observation module 6, and before the safety verification, the access right limiting unit 601 firstly sets access right for the terminal equipment so as to prevent the equipment from entering the power grid system to damage the power grid system, so that the safety of the power grid system can be improved;
then, the authorization authentication unit 602 issues a verification code to the mobile phone number bound by the login account, after receiving the verification code, the login personnel can accurately write the verification code on the webpage interface, so as to indicate the security of the terminal equipment, and then the terminal equipment can be accessed into the national network chain and the national network cloud through the VPN access module 5; the VPN access module 5 can start the positioning monitoring module 7 when the external terminal equipment is accessed into the national network chain and the national network cloud, the geographic position of the terminal equipment is marked by the authorized terminal positioning unit 701 in the positioning monitoring module 7, the operation of a login user is monitored by the authorized terminal monitoring unit 702, once the user is found to make a behavior exceeding the authority, the access of the terminal equipment is automatically disconnected, and an alarm is given out to a power grid system, so that the method can help to catch illegal molecules which damage the power grid in time;
otherwise, if the terminal equipment which cannot accurately fill the verification code has potential safety hazard, the terminal equipment is refused to be accessed into the national network chain and the national network cloud so as to ensure the safety of the power grid system.
Finally: the foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (8)
1. Based on integrative equipment identity access platform of national network chain and national network cloud, its characterized in that: comprising the following steps:
the information acquisition module (1), the said information acquisition module (1) is used for gathering the personnel information working in the electric wire netting system;
the information acquisition device comprises an information storage module (2), wherein the input end of the information storage module (2) is connected with the output end of the information acquisition module (1), and the information storage module (2) is used for storing information acquired by the information acquisition module (1);
the login authentication module (3), the connecting end of the login authentication module (3) is connected with the connecting end of the information storage module (2), and the login authentication module (3) provides a login inlet of the power grid system and performs security comparison on terminal equipment used by first-level login personnel of the login personnel identity information;
the terminal equipment identification module (4), the input end of the terminal equipment identification module (4) is connected with the output end of the login authentication module (3) and the output end of the information storage module (2), and the terminal equipment identification module (4) is used for identifying the IP address of the terminal equipment used by login personnel;
the VPN access module (5), the input end of the VPN access module (5) is connected with the output end of the terminal equipment identification module (4), and the VPN access module (5) is used for accessing the terminal equipment used by the identified login personnel into a national network chain and a national network cloud;
the isolation observation module (6), the output end of the input phrase terminal equipment identification module (4) of the isolation observation module (6) is connected, the output end of the isolation observation module (6) is connected with the input end of the VPN access module (5), and the isolation observation module (6) is used for verifying the security of external terminal equipment;
and the positioning monitoring module (7) is used for positioning the position of the external terminal equipment, monitoring the operation authority of the login user of the equipment and disconnecting the access terminal, and the input end of the positioning monitoring module (7) is connected with the output end of the isolation observation module (6).
2. The national network chain and cloud integrated equipment identity access platform based on claim 1, wherein: the information acquisition module (1) comprises an identity information acquisition unit (101), a biological identification information input unit (102) and an authorization equipment information input unit (103), wherein the identity information acquisition unit (101) is used for acquiring second-generation identity card information of power grid staff, power grid work position information and a used mobile phone number;
the biological identification information input unit (102) is used for acquiring facial information and voiceprint information of power grid staff;
the authorization equipment information input unit (103) is used for collecting IP address information of terminal equipment used by power grid staff on duty.
3. The national network chain and cloud integrated equipment identity access platform based on claim 2, wherein: the identity information acquisition unit (101) acquires the identity information of the power grid workers by adopting a second-generation identity card identifier, and the identity information acquisition unit (101) acquires the position information of the power grid workers and the used mobile phone number in the form of a network questionnaire;
the biological identification information input unit (102) collects facial information of the power grid workers through a camera and collects voiceprint information of the power grid workers through a sound collector.
4. The national network chain and cloud integrated equipment identity access platform based on claim 2, wherein: the information storage module (2) backs up employee information collected by the identity information acquisition unit (101), the biological identification information input unit (102) and the authorization equipment information input unit (103) in a cloud storage mode.
5. The national network chain and cloud integrated equipment identity access platform based on claim 1, wherein: the login authentication module (3) comprises a user account input unit (301) and a user information comparison unit (302), wherein the user account input unit (301) is used for providing a login inlet when a power grid employee inputs a login account and a password to login a national network chain and a national network cloud;
the user information comparison unit (302) is used for searching whether the account exists in the information storage module (2) and outputting a comparison result.
6. The national network chain and cloud integrated equipment identity access platform based on claim 5, wherein: the login account is an identification card number of a power grid employee, and the password is set for the power grid employee.
7. The national network chain and cloud integrated equipment identity access platform based on claim 1, wherein: the terminal equipment identification module (4) comprises a terminal equipment IP address identification unit (401) and an IP address comparison unit (402), wherein the terminal equipment IP address identification unit (401) is used for acquiring the IP address of the terminal equipment used by the login account;
the IP address comparing unit (402) is configured to compare the IP address identified by the terminal device IP address identifying unit (401) with the IP address stored in the information storage module (2), and output a comparison result.
8. The national network chain and cloud integrated equipment identity access platform based on claim 7, wherein: the isolation observation module (6) comprises an access right limiting unit (601) and an authorization authentication unit (602), wherein the access right limiting unit (601) is used for setting the access right of the terminal equipment with inconsistent comparison results output by the IP address comparison unit (402);
the authorization authentication unit (602) is used for issuing a verification code to the mobile phone number bound by the login account to verify the security of the terminal equipment with inconsistent comparison results output by the IP address comparison unit (402).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310364839.2A CN116418578A (en) | 2023-04-07 | 2023-04-07 | Integrated equipment identity access platform based on national network chain and national network cloud |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310364839.2A CN116418578A (en) | 2023-04-07 | 2023-04-07 | Integrated equipment identity access platform based on national network chain and national network cloud |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116418578A true CN116418578A (en) | 2023-07-11 |
Family
ID=87057625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310364839.2A Pending CN116418578A (en) | 2023-04-07 | 2023-04-07 | Integrated equipment identity access platform based on national network chain and national network cloud |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116418578A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116597845A (en) * | 2023-07-14 | 2023-08-15 | 深圳奥联信息安全技术有限公司 | Random voiceprint verification system and method |
-
2023
- 2023-04-07 CN CN202310364839.2A patent/CN116418578A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116597845A (en) * | 2023-07-14 | 2023-08-15 | 深圳奥联信息安全技术有限公司 | Random voiceprint verification system and method |
| CN116597845B (en) * | 2023-07-14 | 2023-10-10 | 深圳奥联信息安全技术有限公司 | Random voiceprint verification system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112398860A (en) | Safety control method and device | |
| CN112418717A (en) | Engineering field personnel behavior early warning method and system based on artificial intelligence | |
| CN116418578A (en) | Integrated equipment identity access platform based on national network chain and national network cloud | |
| CN106101054A (en) | The single-point logging method of a kind of multisystem and centralized management system | |
| CN105491102A (en) | Intelligent monitoring system based on cloud computing technology and device thereof | |
| CN113572757B (en) | Server access risk monitoring method and device | |
| CN112511484B (en) | U shield safety control management system | |
| CN111581417A (en) | Identity recognition method, terminal, system and storage medium for power distribution room constructors | |
| CN112734248A (en) | Real estate intelligent management system | |
| CN110825776B (en) | Air quality detection report processing method and device, computing equipment and storage medium | |
| CN115982681A (en) | Computer network identity verification system | |
| CN112448960B (en) | Internal network computer network management and control system using face recognition technology | |
| CN113254769A (en) | Information technology consultation service system based on Internet | |
| CN106033509A (en) | A machine room tour inspection method and system | |
| CN115600189A (en) | Commercial password application security evaluation system | |
| CN111770100B (en) | Method and system for verifying safe access of external equipment to Internet of things terminal | |
| CN104183046A (en) | RFID based universal unlocking system and method applied to transformer substation five-prevention lockout | |
| CN217643389U (en) | Portable operation and maintenance gateway capable of being monitored and operation and maintenance monitoring system | |
| CN108200380A (en) | Intelligent monitor system and equipment based on technology of Internet of things | |
| CN108985026A (en) | Face identification system and method | |
| CN117037349B (en) | Face recognition technology and data interaction service management and control method and system | |
| CN114511427A (en) | Safety education supervision method, device and system for project site | |
| CN214278938U (en) | Transformer substation safety protection equipment and system | |
| CN116938528A (en) | Operation terminal identity authentication operation service identification safety system | |
| CN113379383A (en) | Information input system and method based on foreign management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |