CN117093979B - Method, system and medium for trusted switching of DCS controller in non-network environment - Google Patents
Method, system and medium for trusted switching of DCS controller in non-network environment Download PDFInfo
- Publication number
- CN117093979B CN117093979B CN202311353808.3A CN202311353808A CN117093979B CN 117093979 B CN117093979 B CN 117093979B CN 202311353808 A CN202311353808 A CN 202311353808A CN 117093979 B CN117093979 B CN 117093979B
- Authority
- CN
- China
- Prior art keywords
- trusted
- switching
- dcs controller
- dcs
- network environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012545 processing Methods 0.000 claims abstract description 12
- 230000006870 function Effects 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 13
- 238000003860 storage Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000012790 confirmation Methods 0.000 claims description 4
- 230000003068 static effect Effects 0.000 claims description 3
- 238000004378 air conditioning Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 description 9
- 238000010248 power generation Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000012466 permeate Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method, a system and a medium for trusted switching of a DCS controller in a non-network environment, wherein the method comprises the following steps: the identity of an operator is identified and authority control is carried out through the user identity and UKEY equipment; the operator identity is the operating authority of the trusted switching of the DCS controller obtained by the trusted system administrator passing through the identification; carrying out private protocol encryption processing on an upper computer trusted switching command of a system trusted manager and sending the DCS controller; the DCS controller analyzes the received trusted switching command to complete switching of the trusted function of the DCS controller. The method of the invention can realize the update of the software on the trusted DCS controller under the condition of not being connected to the trusted management platform through a network, thereby effectively improving the convenience of the system, providing a convenient software upgrading method, fully ensuring the safety of the system and ensuring that the trusted function can not be arbitrarily switched through tools.
Description
Technical Field
The invention belongs to the technical field of safe operation of a DCS controller, and particularly relates to a method, a system and a medium for trusted switching of the DCS controller in a non-network environment.
Background
The DCS (Distributed Control System) system is a multi-level Computer system with Communication network as a link, which is composed of a process Control level and a process monitoring level, integrates 4C technologies such as Computer, communication, display (CRT) and Control (Control), and the basic ideas of the system are decentralized Control, centralized operation, hierarchical management, flexible configuration and convenient configuration. DCS typically employs a plurality of controllers (process stations) that control a plurality of control points in a production process, each controller being connected by a network and capable of data exchange. The communication network is an important support of DCS, and each unit for performing decentralized control and each man-machine interface are integrated by a communication system, and this communication network, which is interconnected using various data communication devices in a local area, is called a Local Area Network (LAN). The local network is a local network with high communication rate, low error rate and quick response, and has the characteristics of flexible organization, easy expansion and resource sharing.
The existing thermal power control system (DCS) is not considered for safety characteristics at the beginning of design, and an industrial control system safety architecture is formed by adopting more traditional technical schemes such as firewall, intrusion detection, virus prevention, flow analysis/control, vulnerability scanning and the like, so that the 'depth' protection effect can not be achieved, the control system is very easy to be injected to attack, tamper and permeate control, and the power generation safety is seriously threatened.
The thermal power control system with the credible safety enhancement based on the credible computing technology, the operating system safety technology and the like is provided with a deep active immune credible safety protection system, but the control system generally adopts a local area network mode for the credible function management of the credible DCS controller and is uniformly managed by a management platform. The software upgrading of the trusted DCS controller needs to be completed under the state that the trusted function of the controller is in an exit protection state, so that the aim of reducing the dependence of the software upgrading of the controller on a network is achieved, and the realization of the trusted function switching (the entering into effect and the exit protection) of the trusted DCS controller in a non-network environment is an important subject.
Disclosure of Invention
The invention aims to solve the problems in the prior art and provide a method, a system and a medium for trusted switching of a DCS controller in a non-network environment, wherein an upper machine tool is connected with the trusted controller through a debugging cable, so that the trusted switching of the trusted function of the trusted DCS controller in the non-network environment is realized.
In order to achieve the above purpose, the present invention has the following technical scheme:
in a first aspect, a method for trusted switching of a DCS controller in a non-network environment is provided, including:
the identity of an operator is identified and authority control is carried out through the user identity and UKEY equipment;
the operator identity is the operating authority of the trusted switching of the DCS controller obtained by the trusted system administrator passing through the identification;
carrying out private protocol encryption processing on an upper computer trusted switching command of a system trusted manager and sending the DCS controller;
the DCS controller analyzes the received trusted switching command to complete switching of the trusted function of the DCS controller.
As a preferable scheme, the UKEY equipment connects the upper computer with the DCS controller in a non-network environment through an RS232 debugging cable.
As a preferable scheme, a trusted function switching component is arranged in the DCS controller, and the trusted function switching component calls a controller agent program through a switching interface.
As a preferable scheme, the DCS controller analyzes the received trusted switching command, and in the switching step of completing the trusted function of the DCS controller, the controller agent completes the analysis of the trusted switching command, and then invokes the switching interface to operate the trusted switching component to complete the switching of the trusted function of the DCS controller.
As a preferable scheme, the step of carrying out private protocol encryption processing on the trusted switching command of the upper computer of the system trusted manager comprises the steps that the DCS controller carries out identity confirmation on the upper computer through a CA certificate and encrypts the trusted switching command of the upper computer through an asymmetric encryption algorithm.
As a preferred solution, the DCS controller trusted functions include a start-up metric, a static metric, a dynamic metric, and a whitelist.
In a second aspect, a trusted switching system of a DCS controller in a non-network environment is provided, including:
the user identity recognition and authority control module is used for recognizing and controlling the authority of an operator through the user identity and UKEY equipment;
the trusted manager authority acquisition module is used for acquiring the trusted switching operation authority of the DCS controller for the system trusted manager passing through the identification of the operator;
the switching command encryption and transmission module is used for carrying out private protocol encryption processing on the upper computer trusted switching command of the system trusted manager and transmitting the DCS controller;
and the switching command analysis module is used for analyzing the received trusted switching command by the DCS controller and completing switching of the trusted function of the DCS controller.
In a third aspect, there is provided an electronic device comprising: a memory storing at least one instruction; and the processor executes the instructions stored in the memory to realize the trusted switching method of the DCS controller in the non-network environment.
In a fourth aspect, a computer readable storage medium is provided, where the computer readable storage medium stores a computer program, where the computer program when executed by a processor implements the method for trusted switching of DCS controllers in a non-network environment.
Compared with the prior art, the invention has at least the following beneficial effects:
the UKEY equipment is a hardware equipment of a USB interface, a singlechip or a smart card chip is arranged in the hardware equipment, a certain storage space is provided, and a private key and a digital certificate of a user can be stored. Meanwhile, in order to ensure the safety of data communication between the upper computer and the DCS controller, a private communication data structure is designed, encryption processing of a private protocol is carried out on a switching command sent by the upper computer, and after the reliable switching command is received by the DCS controller, the switching of the trusted function of the DCS controller is completed by analyzing. The method can update the software on the trusted DCS controller under the condition of not being connected to the trusted management platform through the network, thereby effectively improving the convenience of the system, providing a convenient software upgrading method and fully ensuring the safety of the system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention, and that other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a connection structure between an upper computer and a DCS controller in a non-network environment according to an embodiment of the present invention;
FIG. 2 is a flow chart of a trusted switching method of a DCS controller in a non-network environment according to an embodiment of the invention;
FIG. 3 is a flow chart of the invention for identifying an operator identity via a user identity and UKEY device;
FIG. 4 is a flowchart of a private protocol encryption process for trusted retirement commands according to an embodiment of the present invention;
FIG. 5 is a flow chart illustrating the process of resolving a trusted retirement command and completing trusted function retirement in accordance with an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, one of ordinary skill in the art may also obtain other embodiments without undue burden.
Referring to fig. 1, an embodiment of the present invention provides a method for switching on and off a trusted function of a trusted enhanced thermal power DCS controller in a non-network environment in the field of power generation control, where an upper computer of a power generation control system switches on and off the trusted function of the power generation controller with enhanced trusted capability in the non-network environment through an RS232 debug cable. The DCS controller shown in fig. 1 is internally provided with a trusted function switching component that invokes a controller agent through a switching interface. UKEY equipment is connected with the upper computer and the DCS controller in a non-network environment through an RS232 debugging cable. The UKEY device is a reliable high-speed small-sized storage device directly connected to a computer through a USB (universal serial bus interface) and having a password authentication function.
Referring to fig. 2, the method for trusted switching of DCS controllers in the non-network environment according to the embodiment of the present invention specifically includes the following steps:
s1, identifying and controlling authority of an operator through a user identity and UKEY equipment;
s2, the identity of the operator is the operation authority of the trusted switching of the DCS controller obtained by a system trusted administrator passing through the identification;
s3, carrying out private protocol encryption processing on an upper computer trusted switching command of a system trusted manager and sending the DCS controller;
s4, analyzing the received trusted switching command by the DCS controller to finish switching of the trusted function of the DCS controller.
In a possible implementation manner, when the user identity and the UKEY device are used for identifying and controlling the authority of the operator in step S1, the role identities included in the trusted enhanced thermal power control system include a system engineer, a system operator and a system trusted manager, only the trusted manager has the operation authority for the trusted switching of the controller, and the system binds the UKEY and the role identities, so that identity and authority confirmation is performed through the UKEY at first, and the operation safety is ensured. The flow of the embodiment of the invention for identifying the identity of the operator through the user identity and UKEY equipment is shown in figure 3.
Referring to fig. 4, in the embodiment of the present invention, a private protocol encryption process is performed on a drop command transmitted by an upper computer, in order to ensure data security, a CA certificate and an asymmetric encryption algorithm are used to process the transmitted command, and a controller performs identity confirmation on the upper computer through the CA certificate and performs secure transmission on the drop command through the asymmetric encryption algorithm. Specifically, the clear text of the throwing and reversing command is packaged through a private data structure, and after CA certificate authentication, RSA (asymmetric encryption algorithm) asymmetric encryption is performed to obtain the ciphertext of the throwing and reversing command.
Referring to fig. 5, in the embodiment of the present invention, after the controller agent completes the analysis of the switching command, the operation of the trusted switching component is implemented by the call of the trusted function switching interface, so as to complete the switching of the trusted function of the controller. In one possible implementation, the trusted functions include startup metrics, static metrics, dynamic metrics, whitelists, and the like.
By the method for trusted switching of the DCS controller under the non-network environment, the software on the trusted DCS controller can be updated under the condition that the DCS controller is not connected to a trusted management platform through a network, and the convenience of a system is effectively improved; meanwhile, through the double-factor authority control of the user identity and the UKEY equipment, the trusted function is prevented from being arbitrarily switched through a tool, a convenient software upgrading method is provided, and the safety of the system is fully ensured.
Another embodiment of the present invention further provides a trusted switching system of a DCS controller in a non-network environment, including:
the user identity recognition and authority control module is used for recognizing and controlling the authority of an operator through the user identity and UKEY equipment;
the trusted manager authority acquisition module is used for acquiring the trusted switching operation authority of the DCS controller for the system trusted manager passing through the identification of the operator;
the switching command encryption and transmission module is used for carrying out private protocol encryption processing on the upper computer trusted switching command of the system trusted manager and transmitting the DCS controller;
and the switching command analysis module is used for analyzing the received trusted switching command by the DCS controller and completing switching of the trusted function of the DCS controller.
Another embodiment of the present invention also proposes an electronic device, including: a memory storing at least one instruction; and the processor executes the instructions stored in the memory to realize the trusted switching method of the DCS controller in the non-network environment.
Another embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for trusted switching of the DCS controller in the non-network environment is implemented.
For example, the instructions stored in the memory may be partitioned into one or more modules/units, which are stored in a computer-readable storage medium and executed by the processor to perform a method for trusted switching of DCS controllers in a non-network environment according to an embodiment of the present invention. The one or more modules/units may be a series of computer readable instruction segments capable of performing a specified function, which describes the execution of the computer program in a server.
The electronic equipment can be a smart phone, a notebook computer, a palm computer, a cloud server and other computing equipment. The electronic device may include, but is not limited to, a processor, a memory. Those skilled in the art will appreciate that the electronic device may also include more or fewer components, or may combine certain components, or different components, e.g., the electronic device may also include input and output devices, network access devices, buses, etc.
The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific IntegratedCircuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be an internal storage unit of the server, such as a hard disk or a memory of the server. The memory may also be an external storage device of the server, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the server. Further, the memory may also include both an internal storage unit and an external storage device of the server. The memory is used to store the computer readable instructions and other programs and data required by the server. The memory may also be used to temporarily store data that has been output or is to be output.
It should be noted that, because the content of information interaction and execution process between the above module units is based on the same concept as the method embodiment, specific functions and technical effects thereof may be referred to in the method embodiment section, and details thereof are not repeated herein.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application implements all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (RAM, random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (8)
1. The method for trusted switching of the DCS controller in the non-network environment is characterized by comprising the following steps:
the identity of an operator is identified and authority control is carried out through the user identity and UKEY equipment; the UKEY equipment connects the upper computer with the DCS controller in a non-network environment through a debugging cable;
the operator identity is the operating authority of the trusted switching of the DCS controller obtained by the trusted system administrator passing through the identification;
carrying out private protocol encryption processing on an upper computer trusted switching command of a system trusted manager and sending the DCS controller;
the DCS controller analyzes the received trusted switching command to complete switching of the trusted function of the DCS controller.
2. The method for trusted switching of a DCS controller in a non-network environment according to claim 1, wherein the DCS controller is internally provided with a trusted function switching component which invokes a controller agent through a switching interface.
3. The method for reliably switching the DCS controller in the non-network environment according to claim 2, wherein the DCS controller analyzes the received reliable switching command, and in the step of switching the reliable function of the DCS controller, the controller agent completes the analysis of the reliable switching command, and then invokes the switching interface to operate the reliable function switching component to switch the reliable function of the DCS controller.
4. The method for trusted switching of DCS controllers in a non-network environment according to claim 1, wherein said step of performing a private protocol encryption process on a trusted switching command of a host computer of a trusted administrator of the system comprises the steps of the DCS controller performing identity confirmation on the host computer by means of a CA certificate and encrypting the trusted switching command of the host computer by means of an asymmetric encryption algorithm.
5. The method for trusted switching of DCS controllers in a non-network environment according to claim 1, wherein the DCS controller trusted functions include start-up metrics, static metrics, dynamic metrics and whitelists.
6. The system for trusted switching of the DCS controller in the non-network environment is characterized by comprising the following components:
the user identity recognition and authority control module is used for recognizing and controlling the authority of an operator through the user identity and UKEY equipment; the UKEY equipment connects the upper computer with the DCS controller in a non-network environment through a debugging cable;
the trusted manager authority acquisition module is used for acquiring the trusted switching operation authority of the DCS controller for the system trusted manager passing through the identification of the operator;
the switching command encryption and transmission module is used for carrying out private protocol encryption processing on the upper computer trusted switching command of the system trusted manager and transmitting the DCS controller;
and the switching command analysis module is used for analyzing the received trusted switching command by the DCS controller and completing switching of the trusted function of the DCS controller.
7. An electronic device, comprising:
a memory storing at least one instruction; a kind of electronic device with high-pressure air-conditioning system
A processor executing instructions stored in the memory to implement the DCS controller trusted switching method of any one of claims 1 to 5 in a non-network environment.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the DCS controller trusted switching method of any one of claims 1 to 5 in a non-network environment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311353808.3A CN117093979B (en) | 2023-10-19 | 2023-10-19 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311353808.3A CN117093979B (en) | 2023-10-19 | 2023-10-19 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117093979A CN117093979A (en) | 2023-11-21 |
| CN117093979B true CN117093979B (en) | 2024-01-16 |
Family
ID=88775542
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311353808.3A Active CN117093979B (en) | 2023-10-19 | 2023-10-19 | Method, system and medium for trusted switching of DCS controller in non-network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117093979B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942478A (en) * | 2013-01-22 | 2014-07-23 | 浙江安科网络技术有限公司 | Method and device for identity verification and authority management |
| CN103941652A (en) * | 2013-01-22 | 2014-07-23 | 浙江安科网络技术有限公司 | Method and device suitable for security protection and security audit of various DCS production control systems |
| AU2017100153A4 (en) * | 2017-02-09 | 2017-04-20 | Hilbers, Martijn Theodorus Bernardus MR | A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators. |
| CN209343191U (en) * | 2019-03-04 | 2019-09-03 | 大唐华银电力股份有限公司金竹山火力发电分公司 | A kind of DCS control system |
| CN112187769A (en) * | 2020-09-23 | 2021-01-05 | 中国核动力研究设计院 | Authority management system for nuclear power plant security level DCS |
| CN112217176A (en) * | 2020-09-23 | 2021-01-12 | 国网湖北省电力有限公司电力科学研究院 | Transformer substation hard pressing plate state monitoring system, method and device |
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN114625074A (en) * | 2021-11-26 | 2022-06-14 | 中国大唐集团科学技术研究院有限公司火力发电技术研究院 | Safety protection system and method for DCS (distributed control System) of thermal power generating unit |
| CN115328053A (en) * | 2022-08-23 | 2022-11-11 | 中国核动力研究设计院 | Authority implementation method based on nuclear power plant security level DCS system |
| CN115879099A (en) * | 2021-09-28 | 2023-03-31 | 国能智深控制技术有限公司 | DCS controller, operation processing method and protection subsystem |
| CN116633576A (en) * | 2023-01-10 | 2023-08-22 | 华中科技大学 | Safe and reliable NC-Link agent, control method, equipment and terminal |
| CN116880414A (en) * | 2023-08-10 | 2023-10-13 | 西安热工研究院有限公司 | DCS controller and trusted strategy and trusted state real-time synchronization method and system thereof |
-
2023
- 2023-10-19 CN CN202311353808.3A patent/CN117093979B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942478A (en) * | 2013-01-22 | 2014-07-23 | 浙江安科网络技术有限公司 | Method and device for identity verification and authority management |
| CN103941652A (en) * | 2013-01-22 | 2014-07-23 | 浙江安科网络技术有限公司 | Method and device suitable for security protection and security audit of various DCS production control systems |
| AU2017100153A4 (en) * | 2017-02-09 | 2017-04-20 | Hilbers, Martijn Theodorus Bernardus MR | A S88 compliant group controlling, self-sequencing, redundancy managing, alarm-managing, stackable and self learning control algorithm and software architecture for DCS'/PLC’s/PAC's and Smart Actuators. |
| CN209343191U (en) * | 2019-03-04 | 2019-09-03 | 大唐华银电力股份有限公司金竹山火力发电分公司 | A kind of DCS control system |
| CN112187769A (en) * | 2020-09-23 | 2021-01-05 | 中国核动力研究设计院 | Authority management system for nuclear power plant security level DCS |
| CN112217176A (en) * | 2020-09-23 | 2021-01-12 | 国网湖北省电力有限公司电力科学研究院 | Transformer substation hard pressing plate state monitoring system, method and device |
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN115879099A (en) * | 2021-09-28 | 2023-03-31 | 国能智深控制技术有限公司 | DCS controller, operation processing method and protection subsystem |
| CN114625074A (en) * | 2021-11-26 | 2022-06-14 | 中国大唐集团科学技术研究院有限公司火力发电技术研究院 | Safety protection system and method for DCS (distributed control System) of thermal power generating unit |
| CN115328053A (en) * | 2022-08-23 | 2022-11-11 | 中国核动力研究设计院 | Authority implementation method based on nuclear power plant security level DCS system |
| CN116633576A (en) * | 2023-01-10 | 2023-08-22 | 华中科技大学 | Safe and reliable NC-Link agent, control method, equipment and terminal |
| CN116880414A (en) * | 2023-08-10 | 2023-10-13 | 西安热工研究院有限公司 | DCS controller and trusted strategy and trusted state real-time synchronization method and system thereof |
Non-Patent Citations (2)
| Title |
|---|
| 王晓雄 ; .核电站辅助车间控制方式分析.科技信息.2011,(第29期),全文. * |
| 黄文君 ; 陈建树 ; 章凌 ; .DCS设备管理***的设计和实现.制造业自动化.2008,(07),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117093979A (en) | 2023-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109361508B (en) | Data transmission method, electronic device and computer readable storage medium | |
| CN102063591B (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| US20200104528A1 (en) | Data processing method, device and system | |
| CN104081407A (en) | Remote trust attestation and geo-location of servers and clients in cloud computing environments | |
| US11799630B2 (en) | Method and device for blockchain nodes | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN104951712A (en) | Data safety protection method in Xen virtualization environment | |
| CN107111511B (en) | Access control method, device and system | |
| CN108155986A (en) | A kind of key programming system and method based on credible performing environment | |
| CN111709023A (en) | Application isolation method and system based on trusted operating system | |
| CN106127059A (en) | The realization of credible password module and method of servicing on a kind of ARM platform | |
| CN117195231A (en) | Security protection method, system and medium for real-time operation system of trusted DCS controller | |
| WO2021170049A1 (en) | Method and apparatus for recording access behavior | |
| CN117093979B (en) | Method, system and medium for trusted switching of DCS controller in non-network environment | |
| WO2024109269A1 (en) | At instruction permission management method and apparatus, computer device, and storage medium | |
| CN117155685A (en) | Trusted acquisition and transmission method, system and storage medium for key data of DCS (distributed control system) | |
| CN108540301B (en) | Password initialization method for preset account and related equipment | |
| US11650558B2 (en) | Method and device for checking the integrity of modules of a wind turbine | |
| CN115600215A (en) | System startup method, system information processing method, device, equipment and medium thereof | |
| CN114598724A (en) | Safety protection method, device, equipment and storage medium for power internet of things | |
| CN113886857A (en) | RISC-V software and hardware safety system applied to block chain network | |
| CN113536285A (en) | Special password encryption method and device for terminal equipment | |
| CN111209544A (en) | Web application security protection method and device, electronic equipment and storage medium | |
| CN107547473A (en) | A kind of Security Vulnerabilities Scanner System | |
| CN110289954B (en) | Key processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |