[go: up one dir, main page]

CN112351005B - Internet of things communication method, device, readable storage medium and computer equipment - Google Patents

Internet of things communication method, device, readable storage medium and computer equipment Download PDF

Info

Publication number
CN112351005B
CN112351005B CN202011148973.1A CN202011148973A CN112351005B CN 112351005 B CN112351005 B CN 112351005B CN 202011148973 A CN202011148973 A CN 202011148973A CN 112351005 B CN112351005 B CN 112351005B
Authority
CN
China
Prior art keywords
security
information
iot device
score
internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011148973.1A
Other languages
Chinese (zh)
Other versions
CN112351005A (en
Inventor
张圆
范渊
刘博�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202011148973.1A priority Critical patent/CN112351005B/en
Publication of CN112351005A publication Critical patent/CN112351005A/en
Application granted granted Critical
Publication of CN112351005B publication Critical patent/CN112351005B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

An Internet of things communication method, an Internet of things communication device, a readable storage medium and computer equipment are provided, and the method comprises the following steps: acquiring risk perception data of the Internet of things equipment, and respectively calculating the grading values of an attack factor index and a threat factor index according to the risk perception data; determining the trust level of the Internet of things equipment according to the score value of the attack factor index and the score value of the threat factor index; and when the trust level is higher than the level threshold, sending connection establishment information to a service system so that the service system establishes connection with the Internet of things equipment. The invention ensures the safety of the data of the service system by detecting the trust of the equipment, thereby preventing malicious equipment from entering the service system and preventing data leakage.

Description

物联网通信方法、装置、可读存储介质及计算机设备Internet of things communication method, device, readable storage medium and computer equipment

技术领域technical field

本发明涉及通信技术领域,特别是涉及一种物联网通信方法、装置、可读存储介质及计算机设备。The present invention relates to the field of communication technology, in particular to an Internet of Things communication method, device, readable storage medium and computer equipment.

背景技术Background technique

2020年,人们在线化生活的步伐逐渐加快,远程协同办公形式逐渐兴起。远程办公的实行在一定程度上对企业的复工以及经济的复兴起到了积极作用,但与此同时企业内网也正面临着新的安全威胁,由传统的VPN(Virtual Private Network,虚拟专用网络)和防火墙构成的网络安全架构已难以满足大量用户的外网接入需求。In 2020, the pace of people's online life will gradually accelerate, and the form of remote collaborative office will gradually rise. The implementation of remote office has played a positive role in the resumption of work and economic revival of enterprises to a certain extent, but at the same time, the intranet of enterprises is also facing new security threats. The network security architecture composed of firewalls and firewalls has been difficult to meet the external network access needs of a large number of users.

传统的网络安全架构中用户端设备通过简单的身份认证后建立连接与企业网络之间的连接,用户端设备一旦接入企业网络便都可自由地访问或泄露其权限之外的数据,这会造成重大的安全隐患。此外,企业的物联网安全边界也在不断模糊,且企业逐渐增加大数据和云计算等方面的业务也在一定程度上增加了可攻击面,以传统安全架构已难以抵挡。In the traditional network security architecture, the client device establishes a connection with the enterprise network after simple identity authentication. Once the client device is connected to the enterprise network, it can freely access or leak data beyond its authority. cause serious safety hazards. In addition, the security boundaries of the Internet of Things of enterprises are also blurring, and enterprises gradually increase their business in big data and cloud computing, which also increases the attack surface to a certain extent, which is difficult to resist with traditional security architecture.

发明内容Contents of the invention

鉴于上述状况,有必要针对现有技术中网络安全性差的问题,提供一种物联网通信方法、装置、可读存储介质及计算机设备。In view of the above situation, it is necessary to provide an Internet of Things communication method, device, readable storage medium and computer equipment for the problem of poor network security in the prior art.

一种物联网通信方法,包括:A communication method for the Internet of Things, comprising:

获取物联网设备的风险感知数据,并根据所述风险感知数据分别计算攻击因素指标和威胁因素指标的评分值;Obtaining risk perception data of IoT devices, and calculating scoring values of attack factor indicators and threat factor indicators respectively according to the risk perception data;

根据所述攻击因素指标的评分值和所述威胁因素指标的评分值确定所述物联网设备的信任度等级;determining the trust level of the IoT device according to the score value of the attack factor indicator and the score value of the threat factor indicator;

当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。When the trust level is higher than the level threshold, send connection establishment information to the business system, so that the business system can establish a connection with the IoT device.

进一步的,上述物联网通信方法,其中,所述风险感知数据包括安全告警和漏洞,所述根据所述风险感知数据分别计算攻击因素指标和威胁因素指标的评分值步骤包括:Further, the above-mentioned communication method for the Internet of Things, wherein the risk perception data includes security warnings and vulnerabilities, and the step of calculating the scoring values of the attack factor indicators and the threat factor indicators respectively according to the risk perception data includes:

获取每个安全告警中的当前告警等级,攻击次数和攻击间隔时间;Obtain the current alert level, attack times and attack interval time in each security alert;

根据所述当前告警等级确定对应的第一基数、根据所述攻击次数确定对应的第一系数,以及根据所述攻击间隔时间确定第二系数;determining a corresponding first base number according to the current warning level, determining a corresponding first coefficient according to the number of attacks, and determining a second coefficient according to the attack interval time;

根据所述第一基数、所述第一系数和所述第二系数计算每个安全告警的评分,并根据各个安全告警的评分计算所述物联网设备的攻击因素指标的评分值;calculating the score of each security warning according to the first base, the first coefficient and the second coefficient, and calculating the score value of the attack factor index of the IoT device according to the scoring of each security warning;

获取每个漏洞的等级,并根据所述漏洞的等级确定对应的第二基数;Obtain the level of each vulnerability, and determine the corresponding second base number according to the level of the vulnerability;

根据各个所述漏洞的等级对应的第二基数计算威胁因素指标的评分值。The score value of the threat factor indicator is calculated according to the second base number corresponding to each vulnerability level.

进一步的,上述物联网通信方法,其中,所述攻击因素指标的评分值的计算公式为:Further, the above-mentioned communication method for the Internet of Things, wherein, the calculation formula of the score value of the attack factor index is:

Figure 8510DEST_PATH_IMAGE001
Figure 8510DEST_PATH_IMAGE001
;

其中,

Figure 853494DEST_PATH_IMAGE002
,mi为第一基数,k1和k2分别为第一系数和第二系 数,a为攻击因素指标的评分值的上限值。 in,
Figure 853494DEST_PATH_IMAGE002
, m i is the first base number, k 1 and k 2 are the first coefficient and the second coefficient respectively, and a is the upper limit value of the scoring value of the attack factor index.

进一步的,上述物联网通信方法,其中,所述威胁因素指标的评分值的计算公式为:Further, the above-mentioned communication method for the Internet of Things, wherein, the calculation formula of the scoring value of the threat factor indicator is:

Figure 779862DEST_PATH_IMAGE003
Figure 779862DEST_PATH_IMAGE003
;

其中,

Figure 594234DEST_PATH_IMAGE004
为第二基数,b为威胁因素指标的评分值的上限值。 in,
Figure 594234DEST_PATH_IMAGE004
is the second base, and b is the upper limit of the score value of the threat factor indicator.

进一步的,上述物联网通信方法,其中,所述发送连接建立信息至业务系统的步骤之后还包括:Further, the above-mentioned Internet of Things communication method, wherein, after the step of sending the connection establishment information to the business system, it further includes:

当所述信任度等级为低信任等级时,发送第一信息至所述业务系统,以使所述业务系统拒绝所述物联网设备访问任何数据;When the trust level is a low trust level, sending first information to the service system, so that the service system refuses the Internet of Things device to access any data;

当所述信任度等级为中信任等级时,发送第二信息至所述业务系统,以使业务系统授权所述物联网设备访问公开数据;When the trust level is a medium trust level, sending second information to the business system, so that the business system authorizes the Internet of Things device to access public data;

当所述信任度等级为高信任等级时,发送第三信息至所述业务系统,以使所述业务系统授权所述物联网设备访问所述业务系统的全部数据。When the trust level is a high trust level, sending third information to the business system, so that the business system authorizes the IoT device to access all data of the business system.

进一步的,上述物联网通信方法,其中,所述发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接的步骤之后,所述物联网通信方法还包括:Further, the above-mentioned Internet of Things communication method, wherein, after the step of sending the connection establishment information to the service system so that the service system establishes a connection with the Internet of Things device, the Internet of Things communication method further includes :

以预设的时间间隔获取所述物联网设备的风险感知数据;Obtaining the risk perception data of the IoT device at a preset time interval;

根据当前获取的所述风险感知数据计算所述物联网设备的当前信任度等级;calculating the current trust level of the IoT device according to the currently acquired risk perception data;

当所述当前信任度等级高于或低于上一次计算的信任度等级时,发送所述当前信任度等级对应的信息至所述访问网关。When the current trust level is higher or lower than the trust level calculated last time, sending information corresponding to the current trust level to the access gateway.

进一步的,上述物联网通信方法,其中,所述获取物联网设备的风险感知数据的步骤之前还包括:Further, the above-mentioned Internet of Things communication method, wherein, before the step of obtaining the risk perception data of the Internet of Things device, it also includes:

获取所述物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息;Obtaining the security factor information of the IoT device, the security factor information including the IP address, MAC address, operating system version and patch information of the IoT device;

根据所述安全因子信息计算所述物联网设备的安全评分;calculating the security score of the IoT device according to the security factor information;

当所述安全评分高于阈值评分时,发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接。When the security score is higher than the threshold score, sending connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device.

进一步的,上述物联网通信方法,其中,所述发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接的步骤之前还包括:Further, the above-mentioned Internet of Things communication method, wherein before the step of sending the connection establishment information to the access gateway, so that the access gateway establishes a connection with the Internet of Things device, further includes:

获取所述物联网设备发送的用户的身份信息;Obtain the identity information of the user sent by the IoT device;

对所述身份信息进行验证,并确定所述用户的业务权限信息;Verify the identity information, and determine the user's business authority information;

所述发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接的步骤包括:The step of sending the connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device includes:

发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接。Sending connection establishment information to the access gateway, so that the access gateway establishes a connection between the Internet of Things device and the network area corresponding to the service authority information.

本发明实施例还提供了一种物联网通信装置,包括:The embodiment of the present invention also provides an Internet of Things communication device, including:

第一计算模块,用于获取物联网设备的风险感知数据,并根据所述风险感知数据计算攻击因素指标和威胁因素指标的评分值;The first calculation module is used to obtain risk perception data of the Internet of Things device, and calculate the score value of the attack factor index and the threat factor index according to the risk perception data;

确定模块,用于根据所述攻击因素指标和所述威胁因素指标的评分值确定所述物联网设备的信任度等级;A determining module, configured to determine the trust level of the IoT device according to the scoring values of the attack factor indicators and the threat factor indicators;

第一发送模块,用于当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。A first sending module, configured to send connection establishment information to a business system when the trust level is higher than a level threshold, so that the business system can establish a connection with the IoT device.

进一步的,上述联网通信装置,其中,所述风险感知数据包括安全告警和漏洞,所述第一计算模块包括,Further, in the aforementioned networked communication device, wherein the risk perception data includes security warnings and vulnerabilities, and the first computing module includes:

第一计算子模块,用于:The first calculation submodule is used for:

获取每个安全告警中的当前告警等级,攻击次数和攻击间隔时间;Obtain the current alert level, attack times and attack interval time in each security alert;

根据所述当前告警等级确定对应的第一基数、根据所述攻击次数确定对应的第一系数,以及根据所述攻击间隔时间确定第二系数;determining a corresponding first base number according to the current warning level, determining a corresponding first coefficient according to the number of attacks, and determining a second coefficient according to the attack interval time;

根据所述第一基数、所述第一系数和所述第二系数计算每个安全告警的评分,并根据各个安全告警的评分计算所述物联网设备的攻击因素指标的评分值;calculating the score of each security warning according to the first base, the first coefficient and the second coefficient, and calculating the score value of the attack factor index of the IoT device according to the scoring of each security warning;

第二计算子模块,用于:The second calculation submodule is used for:

获取每个漏洞的等级,并根据所述漏洞的等级确定对应的第二基数;Obtain the level of each vulnerability, and determine the corresponding second base number according to the level of the vulnerability;

根据各个所述漏洞的等级对应的第二基数计算威胁因素指标的评分值。The score value of the threat factor indicator is calculated according to the second base number corresponding to each vulnerability level.

进一步的,上述联网通信装置,其中,所述发送连接建立信息至业务系统的步骤之后,所述第一发送模块还用于:Further, the above-mentioned networked communication device, wherein, after the step of sending the connection establishment information to the service system, the first sending module is further used for:

当所述信任度等级为低信任等级时,发送第一信息至所述业务系统,以使所述业务系统拒绝所述物联网设备访问任何数据;When the trust level is a low trust level, sending first information to the service system, so that the service system refuses the Internet of Things device to access any data;

当所述信任度等级为中信任等级时,发送第二信息至所述业务系统,以使业务系统授权所述物联网设备访问公开数据;When the trust level is a medium trust level, sending second information to the business system, so that the business system authorizes the Internet of Things device to access public data;

当所述信任度等级为高信任等级时,发送第三信息至所述业务系统,以使所述业务系统授权所述物联网设备访问所述业务系统的全部数据。When the trust level is a high trust level, sending third information to the business system, so that the business system authorizes the IoT device to access all data of the business system.

进一步的,上述联网通信装置,还包括:Further, the above-mentioned networking communication device also includes:

第二获取模块,用于以预设的时间间隔获取所述物联网设备的风险感知数据;The second obtaining module is used to obtain the risk perception data of the IoT device at a preset time interval;

第二计算模块,用于根据当前获取的所述风险感知数据计算所述物联网设备的当前信任度等级;A second calculation module, configured to calculate the current trust level of the IoT device according to the currently acquired risk perception data;

第二发送模块,用于当所述当前信任度等级高于或低于上一次计算的信任度等级时,发送所述当前信任度等级对应的信息至所述访问网关。The second sending module is configured to send information corresponding to the current trust level to the access gateway when the current trust level is higher or lower than the trust level calculated last time.

进一步的,上述联网通信装置,还包括:Further, the above-mentioned networking communication device also includes:

第三获取模块,用于获取所述物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息;A third acquisition module, configured to acquire security factor information of the IoT device, the security factor information including the IP address, MAC address, operating system version and patch information of the IoT device;

第三计算模块,用于根据所述安全因子信息计算所述物联网设备的安全评分;A third calculation module, configured to calculate the security score of the IoT device according to the security factor information;

第三发送模块,用于当所述安全评分高于阈值评分时,发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接。A third sending module, configured to send connection establishment information to an access gateway when the security score is higher than a threshold score, so that the access gateway establishes a connection with the IoT device.

进一步的,上述联网通信装置,其中,所述第三获取模块还用于获取所述物联网设备发送的用户的身份信息、对所述身份信息进行验证,并确定所述用户的业务权限信息;Further, the above networked communication device, wherein the third obtaining module is further configured to obtain the identity information of the user sent by the IoT device, verify the identity information, and determine the service authority information of the user;

第三发送模块用于:The third sending module is used for:

发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接。Sending connection establishment information to the access gateway, so that the access gateway establishes a connection between the Internet of Things device and the network area corresponding to the service authority information.

本发明实施例还提供了一种可读存储介质,其上存储有程序,所述程序被处理器执行时实现上述任一所述的方法。An embodiment of the present invention also provides a readable storage medium, on which a program is stored, and when the program is executed by a processor, any one of the above-mentioned methods is implemented.

本发明实施例还提供了一种计算机设备,包括存储器、处理器以及存储在存储器上并可在处理器上运行的程序,所述处理器执行所述程序时实现上述任意一项所述的方法。An embodiment of the present invention also provides a computer device, including a memory, a processor, and a program stored in the memory and operable on the processor. When the processor executes the program, the method described in any one of the above is implemented. .

本发明中通过信任代理构建业务系统与物联网设备之间的连接,并通过获取物联网设备的风险感知数据确定设备的信任度等级,当该信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使业务系统建立与设备之间的连接。通过对设备的信任度检测,确保业务系统数据的安全性,从而防止恶意设备进入业务系统,防止数据泄露。In the present invention, the connection between the business system and the Internet of Things device is constructed through a trust agent, and the trust degree level of the device is determined by obtaining the risk perception data of the Internet of Things device. When the trust degree level is higher than the level threshold, the connection establishment information is sent to the business system, so that the business system can establish a connection with the device. Through the trust detection of equipment, the security of business system data is ensured, thereby preventing malicious equipment from entering the business system and preventing data leakage.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The schematic embodiments and descriptions of the application are used to explain the application and do not constitute an improper limitation to the application. In the attached picture:

图1为本发明第一实施例中的物联网通信方法的流程图;FIG. 1 is a flowchart of a communication method for the Internet of Things in a first embodiment of the present invention;

图2为本发明第二实施例中的物联网通信方法的流程图;FIG. 2 is a flowchart of a communication method for the Internet of Things in a second embodiment of the present invention;

图3为本发明第三实施例中的物联网通信方法的流程图;FIG. 3 is a flowchart of a communication method for the Internet of Things in a third embodiment of the present invention;

图4为本发明第四实施例中的物联网通信装置的结构框图。Fig. 4 is a structural block diagram of an IoT communication device in a fourth embodiment of the present invention.

具体实施方式Detailed ways

下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能理解为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.

参照下面的描述和附图,将清楚本发明的实施例的这些和其他方面。在这些描述和附图中,具体公开了本发明的实施例中的一些特定实施方式,来表示实施本发明的实施例的原理的一些方式,但是应当理解,本发明的实施例的范围不受此限制。相反,本发明的实施例包括落入所附加权利要求书的精神和内涵范围内的所有变化、修改和等同物。These and other aspects of embodiments of the invention will become apparent with reference to the following description and drawings. In these descriptions and drawings, some specific implementations of the embodiments of the present invention are specifically disclosed to represent some ways of implementing the principles of the embodiments of the present invention, but it should be understood that the scope of the embodiments of the present invention is not limited by this limit. On the contrary, the embodiments of the present invention include all changes, modifications and equivalents coming within the spirit and scope of the appended claims.

请参阅图1,为本发明第一实施例中的物联网通信方法,包括步骤S11~S13。Please refer to FIG. 1 , which is a communication method for the Internet of Things in the first embodiment of the present invention, including steps S11-S13.

步骤S11,获取物联网设备的风险感知数据,并根据所述风险感知数据分别计算攻击因素指标和威胁因素指标的评分值。Step S11 , acquiring risk perception data of IoT devices, and calculating score values of attack factor indicators and threat factor indicators respectively according to the risk perception data.

本实施例中的物联网通信的架构区别与传统的架构,本实施例中需通过信任代理构建网络与物联网设备之间的连接。该网络为企业网络,或者为用户想要远程接入的其他网络。该信任代理例如为服务器,本实施例中服务器通过态势感知系统来实时监测整个网络架构存在的隐患,对物联网设备的行为风险、环境风险、网络风险进行监测。The architecture of the Internet of Things communication in this embodiment is different from the traditional architecture. In this embodiment, the connection between the network and the Internet of Things devices needs to be established through a trusted proxy. The network is an enterprise network, or another network that the user wants to access remotely. The trust agent is, for example, a server. In this embodiment, the server monitors hidden dangers in the entire network architecture in real time through a situation awareness system, and monitors behavioral risks, environmental risks, and network risks of IoT devices.

物联网设备请求访问一网络架构中的业务系时,服务器获取物联网设备的风险感知数据。具体的,该风险感知数据包括物联网设备的风险详情、行为画像和脆弱性,该风险详情包括攻击源,安全告警等,该行为画像包括访问来源,访问流量等,该脆弱性包括漏洞名称,威胁等级等。通过监测该风险感知数据可以对该物联网设备与业务系统的连接时的风险评估。When an IoT device requests to access a business system in a network architecture, the server obtains risk perception data of the IoT device. Specifically, the risk perception data includes risk details, behavior portraits, and vulnerabilities of IoT devices. The risk details include attack sources, security alerts, etc., the behavior portraits include access sources, access traffic, etc., and the vulnerabilities include vulnerability names. threat level etc. By monitoring the risk perception data, the risk assessment of the connection between the IoT device and the business system can be performed.

物联网设备的信任度等级计算主要包括攻击因素指标和威胁因素指标两方面。攻击因素为态势感知系统监测到的攻击者或受害者为设备IP地址或MAC地址的安全告警,威胁因素取态势感知系统监测的漏洞信息。The trust level calculation of IoT devices mainly includes two aspects: attack factor indicators and threat factor indicators. The attack factor is the attacker or the victim detected by the situational awareness system is the security alarm of the device IP address or MAC address, and the threat factor is the vulnerability information monitored by the situational awareness system.

优选的,该攻击因素指标的评分值计算步骤如下:Preferably, the scoring value calculation steps of the attack factor index are as follows:

获取每个安全告警中的当前告警等级,攻击次数和攻击间隔时间;Obtain the current alert level, attack times and attack interval time in each security alert;

根据所述当前告警等级确定对应的第一基数、根据所述攻击次数确定对应的第一系数,以及根据所述攻击间隔时间确定第二系数;determining a corresponding first base number according to the current warning level, determining a corresponding first coefficient according to the number of attacks, and determining a second coefficient according to the attack interval time;

根据所述第一基数、所述第一系数和所述第二系数计算每个安全告警的评分,并进行求和计算得到所述物联网设备的攻击因素指标的评分值。Calculate the score of each security alarm according to the first base number, the first coefficient and the second coefficient, and perform a summation calculation to obtain the score value of the attack factor indicator of the Internet of Things device.

具体的,该告警等级可分为三个等级,即高等级、中等级和低等级。将告警等级作为第一基数,如,高等级的第一基数为10,中等级对应的第一基数为7,低等级对应的第一基数为4。该攻击次数为第一系数,例如攻击次数为1次对应的系数为1,2-5次对应的系数为1.5,6次及以上对应的系数为2。该攻击间隔作为第二系数,例如1周内对应的系数为1,一个月内对应的系数为0.5,一个月以上对应的系数为0.1。Specifically, the alarm level can be divided into three levels, namely high level, middle level and low level. The alarm level is used as the first base number, for example, the first base number corresponding to the high level is 10, the first base number corresponding to the middle level is 7, and the first base number corresponding to the low level is 4. The number of attacks is the first coefficient, for example, if the number of attacks is 1, the corresponding coefficient is 1, if the number of attacks is 2-5, the coefficient is 1.5, and if the number of attacks is 6 or more, the coefficient is 2. The attack interval is used as the second coefficient, for example, the coefficient corresponding to within one week is 1, the coefficient corresponding to one month is 0.5, and the coefficient corresponding to more than one month is 0.1.

进一步的,该攻击因素指标的评分值设置有第一上限值,该第一上限值例如为10,该攻击因素指标的评分值的计算公式为:Further, the score value of the attack factor indicator is set with a first upper limit value, the first upper limit value is, for example, 10, and the calculation formula of the score value of the attack factor indicator is:

Figure 213434DEST_PATH_IMAGE005
Figure 213434DEST_PATH_IMAGE005
;

其中,

Figure 11626DEST_PATH_IMAGE006
,mi为第一基数,k1和k2分别为第一系数和第二系数,
Figure 476105DEST_PATH_IMAGE007
为攻击因素指标的评分值的上限值。 in,
Figure 11626DEST_PATH_IMAGE006
, m i is the first base, k 1 and k 2 are the first coefficient and the second coefficient respectively,
Figure 476105DEST_PATH_IMAGE007
It is the upper limit value of the scoring value of the attack factor index.

该威胁因素指标的评分值计算步骤如下:The calculation steps of the score value of the threat factor indicator are as follows:

获取每个漏洞的等级,并根据所述漏洞的等级确定对应的第二基数;Obtain the level of each vulnerability, and determine the corresponding second base number according to the level of the vulnerability;

对所有的所述漏洞的等级对应的第二基数进行求和计算,得到威胁因素指标的评分值。The second base numbers corresponding to all the vulnerability levels are summed to obtain the score value of the threat factor index.

该漏洞等级例如可设置为三个等级,每个等级对应一个第二基数,例如高等级对应的第二基数为5,中等级对应的第二基数为3,低等级对应的基数为1。The vulnerability level can be set to three levels, for example, each level corresponds to a second base number, for example, the second base number corresponding to the high level is 5, the second base number corresponding to the middle level is 3, and the base number corresponding to the low level is 1.

进一步的,该威胁因素指标的评分值设置有第二上限值,该第二上限值例如为50,该威胁因素指标的评分值计算公式为:Further, the scoring value of the threat factor indicator is set with a second upper limit, the second upper limit is, for example, 50, and the calculation formula of the scoring value of the threat factor indicator is:

Figure 144984DEST_PATH_IMAGE008
Figure 144984DEST_PATH_IMAGE008
;

其中,

Figure 935085DEST_PATH_IMAGE009
为第二基数,b为威胁因素指标的评分值的上限值。 in,
Figure 935085DEST_PATH_IMAGE009
is the second base, and b is the upper limit of the score value of the threat factor indicator.

该物联网设备的当前信任评分值得基础值为100,根据攻击因素得分和威胁因素得分计算最终结果:The basic value of the current trust score of the IoT device is 100, and the final result is calculated according to the attack factor score and the threat factor score:

Figure 954994DEST_PATH_IMAGE010
Figure 954994DEST_PATH_IMAGE010
.

步骤S12,根据所述攻击因素指标的评分值和所述威胁因素指标的评分值确定所述物联网设备的信任度等级。Step S12, determining the trust level of the IoT device according to the score value of the attack factor indicator and the score value of the threat factor indicator.

步骤S13,当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。Step S13, when the trust level is higher than the level threshold, send connection establishment information to the business system, so that the business system can establish a connection with the IoT device.

具体实施时,物联网设备的信任度等级可设置为3个等级,例如表1所示,每个信任度等级对应一评分范围,根据物联网设备的信任度评分可确定对应的信任度等级。During specific implementation, the trust level of the IoT device can be set to three levels, as shown in Table 1, for example, each trust level corresponds to a scoring range, and the corresponding trust level can be determined according to the trust score of the IoT device.

表1Table 1

Figure 957585DEST_PATH_IMAGE011
Figure 957585DEST_PATH_IMAGE011

可以理解的,该等级阈值可以设置为低信任等级。当该物联网设备的信任度等级高于低信任等级时,发送连接建立信息至业务系统,以使所述业务系统建立与物联网设备之间的加密连接。Understandably, the level threshold may be set to a low trust level. When the trust level of the IoT device is higher than the low trust level, the connection establishment information is sent to the business system, so that the business system can establish an encrypted connection with the IoT device.

本实施例中通过信任代理构建业务系统与物联网设备之间的连接,并通过获取物联网设备的风险感知数据确定设备的信任度等级,当该信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使业务系统建立与设备之间的连接。通过对设备的信任度检测,确保业务系统数据的安全性,从而防止恶意设备进入业务系统,防止数据泄露。In this embodiment, the connection between the business system and the IoT device is established through a trust agent, and the trust level of the device is determined by obtaining the risk perception data of the IoT device. When the trust level is higher than the level threshold, the connection establishment is sent. Send information to the business system, so that the business system can establish a connection with the device. Through the trust detection of equipment, the security of business system data is ensured, thereby preventing malicious equipment from entering the business system and preventing data leakage.

进一步的,在本发明的另一实施例中,服务器还可根据物联网设备的信任度等级确定该物联网设备对系统的数据访问权限,并发送对应的信息至访问网关。该数据访问权限包括:Further, in another embodiment of the present invention, the server can also determine the data access authority of the IoT device to the system according to the trust level of the IoT device, and send corresponding information to the access gateway. This data access right includes:

不予访问;no access;

仅可访问系统内的公开数据;access only publicly available data within the system;

可访问系统内的全部数据。All data in the system can be accessed.

具体的,当物联网设备的信任度等级为低信任等级时,发送第一信息至所述业务系统,以使该业务系统拒绝该物联网设备访问任何数据;当物联网设备的信任度等级为中信任等级时,发送第二信息至该业务系统,以使该业务系统授权物联网设备仅可访问公开数据;当物联网设备的信任度等级为高信任等级时,发送第三信息至业务系统,以使该业务系统授权该物联网设备访问业务系统的全部数据。Specifically, when the trust level of the IoT device is a low trust level, send the first information to the business system, so that the business system refuses the IoT device to access any data; when the trust level of the IoT device is When the trust level is medium, send the second message to the business system so that the business system authorizes the IoT device to only access public data; when the trust level of the IoT device is a high trust level, send the third message to the business system , so that the business system authorizes the IoT device to access all data of the business system.

进一步的,为了维护网络架构的安全性,物联网设备与业务系统建立连接后,服务器可以周期性的对物联网设备进行信任评估,并根据评估结果进行态调整,保障系统安全。请参阅图2,为本发明第二实施例中的物联网通信方法,包括步骤S21~S23。Furthermore, in order to maintain the security of the network architecture, after the IoT device is connected to the business system, the server can periodically evaluate the trust of the IoT device, and make state adjustments based on the evaluation results to ensure system security. Please refer to FIG. 2 , which is a communication method for the Internet of Things in the second embodiment of the present invention, including steps S21-S23.

步骤S21,以预设的时间间隔获取所述物联网设备的风险感知数据。Step S21, acquiring the risk perception data of the IoT device at a preset time interval.

步骤S22,根据当前获取的所述风险感知数据,计算所述物联网设备的当前信任度等级。Step S22, calculating the current trust level of the IoT device according to the currently acquired risk perception data.

步骤S23,当所述当前信任度等级高于或低于上一次计算的信任度等级时,发送所述当前信任度等级对应的信息至所述访问网关。Step S23, when the current trust level is higher or lower than the trust level calculated last time, sending information corresponding to the current trust level to the access gateway.

本实施例中,根据信任评估结果及物联网设备发起的业务请求进行动态访问控制。当物联网设备连接企业的业务系统后,按照一定的周期性,对物联网设备的信任度进行信任评分计算,并根据信任评分给出相应的信任度等级。并根据信任评估结果进行动态调整,当当前信任度等级高于或低于上一次计算的信任度等级时,发送当前信任度等级对应的信息至访问网关,以调整该物联网设备的业务系统数据访问权限。若信任等级过低则不进行数据传输或断开连接,保障系统安全。In this embodiment, dynamic access control is performed according to the trust evaluation result and the service request initiated by the IoT device. When the IoT device is connected to the business system of the enterprise, the trust score of the IoT device is calculated according to a certain periodicity, and the corresponding trust level is given according to the trust score. And make dynamic adjustments according to the trust evaluation results. When the current trust level is higher or lower than the last calculated trust level, send the information corresponding to the current trust level to the access gateway to adjust the business system data of the IoT device access permission. If the trust level is too low, data transmission will not be performed or the connection will be disconnected to ensure system security.

可以理解的,在本发明的其他实施例中,为了保障系统数据的安全性,还可以物联网设备每次访问业务系统时,均进行信任度等级确定,当设备的信任度等级高于等级阈值时,可进行数据的访问。It can be understood that, in other embodiments of the present invention, in order to ensure the security of system data, the trust level can also be determined every time the IoT device accesses the business system. When the trust level of the device is higher than the level threshold , the data can be accessed.

进一步的,请参阅图3,本发明的第三实施例中,在获取物联网设备的风险感知数据的步骤之前,该物联网通信方法还包括步骤S31~S33。Further, please refer to FIG. 3 , in the third embodiment of the present invention, before the step of acquiring the risk perception data of the IoT device, the IoT communication method further includes steps S31-S33.

步骤S31,获取所述物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息。Step S31, acquiring security factor information of the IoT device, the security factor information including the IP address, MAC address, operating system version and patch information of the IoT device.

步骤S32,根据所述安全因子信息计算所述物联网设备的安全评分。Step S32, calculating the security score of the IoT device according to the security factor information.

物联网设备请求访问业务系统时,首先需连接企业网络,当物联网设备连接企业网络后可请求访问网络中业务系统的数据。When an IoT device requests to access a business system, it first needs to connect to the enterprise network. After the IoT device is connected to the enterprise network, it can request to access the data of the business system in the network.

当物联网设备需要连接企业网络时,发送连接请求,服务器获取到该连接请求时,发送指令至该物联网设备,物联网设备获取到该指令后向服务器发送安全因子信息。该安全因子信息为物联网设备自身携带的信息,用于该服务器识别该物联网设备的安全性。When the Internet of Things device needs to connect to the enterprise network, it sends a connection request, and when the server obtains the connection request, it sends an instruction to the Internet of Things device, and the Internet of Things device sends security factor information to the server after obtaining the instruction. The security factor information is information carried by the IoT device itself, and is used by the server to identify the security of the IoT device.

服务器获取到物联网设备发送的安全因子信息后,从该安全因子信息中提取各个安全因子的数据。如该安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息,从中可提取三种安全因子的数据,第一安全因子的数据为物联网设备接入网络的安全等级,第二安全因子的数据为系统版本,第三安全因子的数据为补丁数量。根据提取的各个安全因子的数据确定对应的评分值。After obtaining the security factor information sent by the IoT device, the server extracts data of each security factor from the security factor information. For example, the security factor information includes the IP address, MAC address, operating system version and patch information of the IoT device, from which data of three security factors can be extracted, and the data of the first security factor is the security of the IoT device accessing the network. Level, the data of the second security factor is the system version, and the data of the third security factor is the number of patches. The corresponding scoring value is determined according to the extracted data of each safety factor.

具体的,根据所述安全因子信息计算所述物联网设备的安全评分的步骤包括:Specifically, the step of calculating the security score of the IoT device according to the security factor information includes:

根据所述物联网设备的IP地址和MAC地址确定所述物联网接入网络的安全等级,并根据所述接入网络的安全等级确定对应的评分值,得到第一安全因子的评分值;Determining the security level of the Internet of Things access network according to the IP address and the MAC address of the IoT device, and determining a corresponding score value according to the security level of the access network, to obtain the score value of the first security factor;

确定所述操作系统版本对应的评分值,以得到第二安全因子的评分值;Determine the score value corresponding to the operating system version to obtain the score value of the second security factor;

根据所述补丁信息确定所述物联网设备的补丁数量,并根据补丁数量确定对应的评分值,得到第三安全因子的评分值;Determine the number of patches of the IoT device according to the patch information, and determine the corresponding score value according to the number of patches, to obtain the score value of the third security factor;

根据各个安全因子的评分值计算所述物联网设备的安全评分。The security score of the IoT device is calculated according to the score values of each security factor.

该实施例中,根据该IP地址和MAC地址可以确定该物联网设备接入的网络,以及接入的网络的安全性。物联网设备接入的网络例如为家庭网络、个人移动数据或公共场所的网络等。服务器获取到物联网设备的IP地址和MAC地址后确定该物联网设备接入网络的安全等级。该安全等级与评分值呈正比例关系,根据该接入网络的安全等级确定对应的评分值。例如,家庭网络和个人移动数据网络安全等级高于公共场所的网络,并且不同公共场所的网络安全等级也可设置为不同。In this embodiment, according to the IP address and the MAC address, the network connected to the IoT device and the security of the connected network can be determined. The network connected to the IoT device is, for example, a home network, a personal mobile data network, or a network in a public place. After obtaining the IP address and MAC address of the IoT device, the server determines the security level of the IoT device accessing the network. The security level is directly proportional to the score value, and the corresponding score value is determined according to the security level of the access network. For example, the security level of home network and personal mobile data network is higher than that of public place network, and the network security level of different public places can also be set to be different.

物联网设备的操作系统版本可以作为该设备安全性能指标之一,低版本的操作系统中往往存在一些漏洞,安全性较低,因此操作系统的版本越高对应的评分值越高。具体的,操作系统的版本与该安全因子的评分值呈正比例关系,例如该项安全因子对应的总评分值为10分,该项安全因子的评分值为操作系统的当前版本(如为当前为第5版)数除以总的版本数8,后得到的值乘以10,得到的值为6.25,即6.25为该操作版本对应的评分值。The operating system version of the IoT device can be used as one of the security performance indicators of the device. Low-version operating systems often have some vulnerabilities and low security. Therefore, the higher the operating system version, the higher the score value. Specifically, the version of the operating system is proportional to the score value of the security factor. For example, the total score value corresponding to the security factor is 10 points, and the score value of the security factor is the current version of the operating system (for example, the current version is Version 5) is divided by the total number of versions 8, and the resulting value is multiplied by 10 to obtain a value of 6.25, that is, 6.25 is the score value corresponding to the operating version.

物联网设备的补丁信息也在一定程度上反应的该设备的安全性能。该实施例中以物联网设备中的补丁数量来确定第三安全因子的评分值。具体的,可以将补丁数量设置多种数量范围,每个数量范围对应一个信任度的评分值。The patch information of the IoT device also reflects the security performance of the device to a certain extent. In this embodiment, the score value of the third security factor is determined by the number of patches in the IoT device. Specifically, the number of patches can be set in various ranges, and each range corresponds to a score value of a trust degree.

根据第一安全因子、第二安全因子和第三安全因子的评分值计算物联网设备的信任度评分。具体实施时,可以将各个安全因子的评分值之和作为该物联网设备的信任度评分,也可以是将各个安全因子的评分值与对应的权重乘积之和作为该物联网设备的安全评分。The trust score of the IoT device is calculated according to the score values of the first security factor, the second security factor and the third security factor. During specific implementation, the sum of the score values of each security factor may be used as the trust score of the IoT device, or the sum of the product scores of each security factor and the corresponding weight may be used as the security score of the IoT device.

步骤S33,当所述安全评分高于阈值评分时,发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接。Step S33, when the security score is higher than the threshold score, send connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device.

该阈值评分可根据实际需要进行设置,业务系统检测到物联网设备的安全评分高于阈值时,可确定该物联网设备处于安全状态,则允许该物联网设备接入该企业网络。The threshold score can be set according to actual needs. When the business system detects that the security score of the IoT device is higher than the threshold, it can determine that the IoT device is in a safe state, and then allow the IoT device to access the enterprise network.

进一步的,所述发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接的步骤之前还包括:Further, before the step of sending the connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device, the step further includes:

获取所述物联网设备发送的用户的身份信息;Obtain the identity information of the user sent by the IoT device;

对所述身份信息进行验证,并确定所述用户的业务权限信息;Verify the identity information, and determine the user's business authority information;

所述发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接的步骤包括:The step of sending the connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device includes:

发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接。Sending connection establishment information to the access gateway, so that the access gateway establishes a connection between the Internet of Things device and the network area corresponding to the service authority information.

具体实施时,用户的身份信息可以在物联网设备发送连接请求时发送至服务器,即物联网设备发送的连接请求信息包括用户的身份信息。During specific implementation, the user's identity information may be sent to the server when the IoT device sends a connection request, that is, the connection request information sent by the IoT device includes the user's identity information.

服务器获取到该身份信息后对该用户进行身份验证以及确定该用户的系统访问业务权限信息。当用户身份验证通过后,服务器执行获取物联网设备的安全因子信息的步骤。After obtaining the identity information, the server authenticates the user and determines the system access service authority information of the user. After the user authentication is passed, the server executes the step of obtaining the security factor information of the IoT device.

用户身份信息用于识别用户的身份,该用户身份信息例如包括用户账号、密码和/或生物特征密钥。该密码可以为用户设置的固定密码或动态密码,生物特征密钥例如为用户的面部特征、指纹特征、虹膜特征等。The user identity information is used to identify the identity of the user, and the user identity information includes, for example, a user account, a password, and/or a biometric key. The password can be a fixed password or a dynamic password set by the user, and the biometric key is, for example, the user's facial features, fingerprint features, iris features, and the like.

本实施例中,该网络的架构以业务系统来划分最小业务权限信息,该业务系统例如为财务数据系统、采购系统、人事系统等,各个业务系统连接不同的网络区域。不同的业务权限信息可以访问的网络区域不同,即不同业务权限信息的用户可访问的业务系统的类型不同以及数量不同。物联网设备仅可访问其业务权限信息所对应的业务系统,而无其他业务系统的访问业务权限,并根据信任评估结果赋予设备相应数据资源。In this embodiment, the network architecture divides the minimum business authority information by business systems, such as financial data systems, procurement systems, personnel systems, etc., and each business system is connected to a different network area. Different service authority information can access different network areas, that is, users with different service authority information can access different types and numbers of service systems. The IoT device can only access the business system corresponding to its business authority information, and has no access business authority to other business systems, and the corresponding data resources are assigned to the device according to the trust evaluation results.

请参阅图4,为本发明第四实施例中的物联网通信装置,包括:Please refer to Fig. 4, which is the communication device for the Internet of Things in the fourth embodiment of the present invention, including:

第一计算模块10,用于获取物联网设备的风险感知数据,并根据所述风险感知数据计算攻击因素指标和威胁因素指标的评分值;The first computing module 10 is configured to acquire risk perception data of IoT devices, and calculate scoring values of attack factor indicators and threat factor indicators according to the risk perception data;

确定模块20,用于根据所述攻击因素指标和所述威胁因素指标的评分值确定所述物联网设备的信任度等级;A determining module 20, configured to determine the trust level of the IoT device according to the score values of the attack factor indicators and the threat factor indicators;

第一发送模块30,用于当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。The first sending module 30 is configured to send connection establishment information to a business system when the trust level is higher than a level threshold, so that the business system can establish a connection with the IoT device.

进一步的,上述物联网通信装置,其中,所述风险感知数据包括安全告警和漏洞,所述第一计算模块10包括,Further, in the aforementioned IoT communication device, wherein the risk perception data includes security warnings and vulnerabilities, the first computing module 10 includes,

第一计算子模块,用于:The first calculation submodule is used for:

获取每个安全告警中的当前告警等级,攻击次数和攻击间隔时间;Obtain the current alert level, attack times and attack interval time in each security alert;

根据所述当前告警等级确定对应的第一基数、根据所述攻击次数确定对应的第一系数,以及根据所述攻击间隔时间确定第二系数;determining a corresponding first base number according to the current warning level, determining a corresponding first coefficient according to the number of attacks, and determining a second coefficient according to the attack interval time;

根据所述第一基数、所述第一系数和所述第二系数计算每个安全告警的评分,并根据各个安全告警的评分计算所述物联网设备的攻击因素指标的评分值;calculating the score of each security warning according to the first base, the first coefficient and the second coefficient, and calculating the score value of the attack factor index of the IoT device according to the scoring of each security warning;

第二计算子模块,用于:The second calculation submodule is used for:

获取每个漏洞的等级,并根据所述漏洞的等级确定对应的第二基数;Obtain the level of each vulnerability, and determine the corresponding second base number according to the level of the vulnerability;

根据各个所述漏洞的等级对应的第二基数计算威胁因素指标的评分值。The score value of the threat factor indicator is calculated according to the second base number corresponding to each vulnerability level.

进一步的,上述物联网通信装置,其中,所述发送连接建立信息至业务系统的步骤之后,所述第一发送模块30还用于:Further, the above-mentioned Internet of Things communication device, wherein, after the step of sending the connection establishment information to the business system, the first sending module 30 is also used for:

当所述信任度等级为低信任等级时,发送第一信息至所述业务系统,以使所述业务系统拒绝所述物联网设备访问任何数据;When the trust level is a low trust level, sending first information to the service system, so that the service system refuses the Internet of Things device to access any data;

当所述信任度等级为中信任等级时,发送第二信息至所述业务系统,以使业务系统授权所述物联网设备访问公开数据;When the trust level is a medium trust level, sending second information to the business system, so that the business system authorizes the Internet of Things device to access public data;

当所述信任度等级为高信任等级时,发送第三信息至所述业务系统,以使所述业务系统授权所述物联网设备访问所述业务系统的全部数据。When the trust level is a high trust level, sending third information to the business system, so that the business system authorizes the IoT device to access all data of the business system.

进一步的,上述物联网通信装置,还包括:Further, the above-mentioned IoT communication device also includes:

第二获取模块,用于以预设的时间间隔获取所述物联网设备的风险感知数据;The second obtaining module is used to obtain the risk perception data of the IoT device at a preset time interval;

第二计算模块,用于根据当前获取的所述风险感知数据计算所述物联网设备的当前信任度等级;A second calculation module, configured to calculate the current trust level of the IoT device according to the currently acquired risk perception data;

第二发送模块,用于当所述当前信任度等级高于或低于上一次计算的信任度等级时,发送所述当前信任度等级对应的信息至所述访问网关。The second sending module is configured to send information corresponding to the current trust level to the access gateway when the current trust level is higher or lower than the trust level calculated last time.

进一步的,上述物联网通信装置,还包括:Further, the above-mentioned IoT communication device also includes:

第三获取模块,用于获取所述物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息;A third acquisition module, configured to acquire security factor information of the IoT device, the security factor information including the IP address, MAC address, operating system version and patch information of the IoT device;

第三计算模块,用于根据所述安全因子信息计算所述物联网设备的安全评分;A third calculation module, configured to calculate the security score of the IoT device according to the security factor information;

第三发送模块,用于当所述安全评分高于阈值评分时,发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接。A third sending module, configured to send connection establishment information to an access gateway when the security score is higher than a threshold score, so that the access gateway establishes a connection with the IoT device.

进一步的,上述物联网通信装置,其中,所述第三获取模块还用于获取所述物联网设备发送的用户的身份信息、对所述身份信息进行验证,并确定所述用户的业务权限信息;Further, the above IoT communication device, wherein the third acquisition module is further configured to acquire the identity information of the user sent by the IoT device, verify the identity information, and determine the service authority information of the user ;

第三发送模块用于:The third sending module is used for:

发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接。Sending connection establishment information to the access gateway, so that the access gateway establishes a connection between the Internet of Things device and the network area corresponding to the service authority information.

本发明实施例所提供的物联网通信装置,其实现原理及产生的技术效果和前述方法实施例相同,为简要描述,装置实施例部分未提及之处,可参考前述方法实施例中相应内容。The implementation principle and technical effects of the communication device for the Internet of Things provided by the embodiment of the present invention are the same as those of the foregoing method embodiments. For a brief description, for the parts not mentioned in the device embodiments, please refer to the corresponding content in the foregoing method embodiments. .

本发明还提出一种可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述的软件兼容性检测方法。The present invention also proposes a readable storage medium on which a computer program is stored, and when the program is executed by a processor, the above software compatibility detection method is realized.

本本发明实施例还提供了计算机设备,包括存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述方法的步骤。The embodiment of the present invention also provides computer equipment, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor implements the steps of the above method when executing the program.

在流程图中表示或在此以其他方式描述的逻辑和/或步骤,例如,可以被认为是用于实现逻辑功能的可执行指令的定序列表,可以具体实现在任何计算机可读介质中,以供指令执行系统、装置或设备(如基于计算机的系统、包括处理器的系统或其他可以从指令执行系统、装置或设备取指令并执行指令的系统)使用,或结合这些指令执行系统、装置或设备而使用。就本说明书而言,“计算机可读介质”可以是任何可以包含、存储、通信、传播或传输程序以供指令执行系统、装置或设备或结合这些指令执行系统、装置或设备而使用的装置。The logic and/or steps represented in the flowcharts or otherwise described herein, for example, can be considered as a sequenced listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium, For use with an instruction execution system, device, or device (such as a computer-based system, a system including a processor, or other systems that can fetch instructions from an instruction execution system, device, or device and execute instructions), or in conjunction with such an instruction execution system, device or equipment for use. For the purposes of this specification, a "computer-readable medium" may be any device that can contain, store, communicate, propagate or transmit a program for use in or in conjunction with an instruction execution system, device or device.

计算机可读介质的更具体的示例(非穷尽性列表)包括以下:具有一个或多个布线的电连接部(电子装置),便携式计算机盘盒(磁装置),随机存取存储器(RAM),只读存储器(ROM),可擦除可编辑只读存储器(EPROM或闪速存储器),光纤装置,以及便携式光盘只读存储器(CDROM)。另外,计算机可读介质甚至可以是可在其上打印所述程序的纸或其他合适的介质,因为可以例如通过对纸或其他介质进行光学扫描,接着进行编辑、解译或必要时以其他合适方式进行处理来以电子方式获得所述程序,然后将其存储在计算机存储器中。More specific examples (non-exhaustive list) of computer-readable media include the following: electrical connection with one or more wires (electronic device), portable computer disk case (magnetic device), random access memory (RAM), Read Only Memory (ROM), Erasable and Editable Read Only Memory (EPROM or Flash Memory), Fiber Optic Devices, and Portable Compact Disc Read Only Memory (CDROM). In addition, the computer-readable medium may even be paper or other suitable medium on which the program can be printed, since the program can be read, for example, by optically scanning the paper or other medium, followed by editing, interpretation or other suitable processing if necessary. processing to obtain the program electronically and store it in computer memory.

应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that various parts of the present invention can be realized by hardware, software, firmware or their combination. In the embodiments described above, various steps or methods may be implemented by software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques known in the art: Discrete logic circuits, ASICs with suitable combinational logic gates, Programmable Gate Arrays (PGAs), Field Programmable Gate Arrays (FPGAs), etc.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、 “示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or characteristic is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation modes of the present invention, and the descriptions thereof are relatively specific and detailed, but should not be construed as limiting the patent scope of the present invention. It should be pointed out that those skilled in the art can make several modifications and improvements without departing from the concept of the present invention, and these all belong to the protection scope of the present invention. Therefore, the protection scope of the patent for the present invention should be based on the appended claims.

Claims (9)

1.一种物联网通信方法,其特征在于,包括:1. A communication method for the Internet of Things, characterized in that, comprising: 获取物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息;根据所述安全因子信息计算所述物联网设备的安全评分;当所述安全评分高于阈值评分时,获取所述物联网设备发送的用户的身份信息;对所述身份信息进行验证,并确定所述用户的业务权限信息;发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接,包括:发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接;Obtaining the security factor information of the IoT device, the security factor information including the IP address, MAC address, operating system version and patch information of the IoT device; calculating the security score of the IoT device according to the security factor information; When the security score is higher than the threshold score, obtain the identity information of the user sent by the IoT device; verify the identity information, and determine the service authority information of the user; send the connection establishment information to the access gateway, Making the access gateway establish a connection with the Internet of Things device includes: sending connection establishment information to the access gateway, so that the access gateway establishes a link between the Internet of Things device and the service authority information connectivity between network regions; 获取物联网设备的风险感知数据,并根据所述风险感知数据分别计算攻击因素指标和威胁因素指标的评分值;根据所述攻击因素指标的评分值和所述威胁因素指标的评分值确定所述物联网设备的信任度等级;Obtain the risk perception data of the IoT device, and calculate the score values of the attack factor indicators and the threat factor indicators respectively according to the risk perception data; determine the Trust ratings for IoT devices; 当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。When the trust level is higher than the level threshold, send connection establishment information to the business system, so that the business system can establish a connection with the IoT device. 2.如权利要求1所述的物联网通信方法,其特征在于,所述风险感知数据包括安全告警和漏洞,所述根据所述风险感知数据分别计算攻击因素指标和威胁因素指标的评分值步骤包括:2. The Internet of Things communication method according to claim 1, wherein the risk perception data includes security warnings and loopholes, and the step of calculating the scoring value of the attack factor index and the threat factor index respectively according to the risk perception data include: 获取每个安全告警中的当前告警等级,攻击次数和攻击间隔时间;Obtain the current alert level, attack times and attack interval time in each security alert; 根据所述当前告警等级确定对应的第一基数、根据所述攻击次数确定对应的第一系数,以及根据所述攻击间隔时间确定第二系数;determining a corresponding first base number according to the current warning level, determining a corresponding first coefficient according to the number of attacks, and determining a second coefficient according to the attack interval time; 根据所述第一基数、所述第一系数和所述第二系数计算每个安全告警的评分,并根据各个安全告警的评分计算所述物联网设备的攻击因素指标的评分值;calculating the score of each security warning according to the first base, the first coefficient and the second coefficient, and calculating the score value of the attack factor index of the IoT device according to the scoring of each security warning; 获取每个漏洞的等级,并根据所述漏洞的等级确定对应的第二基数;Obtain the level of each vulnerability, and determine the corresponding second base number according to the level of the vulnerability; 根据各个所述漏洞的等级对应的第二基数计算威胁因素指标的评分值。The score value of the threat factor indicator is calculated according to the second base number corresponding to each vulnerability level. 3.如权利要求2所述的物联网通信方法,其特征在于,所述攻击因素指标的评分值的计算公式为:3. The Internet of Things communication method as claimed in claim 2, wherein the calculation formula of the scoring value of the attack factor index is: Scoreattack,i=min(∑Scorea,i,a);Score attack, i = min(∑Score a, i , a); 其中,Scorea,i=mi×k1×k2,mi为第一基数,k1和k2分别为第一系数和第二系数,a为攻击因素指标的评分值的上限值。Among them, Score a,i =m i ×k 1 ×k 2 , m i is the first base, k 1 and k 2 are the first coefficient and the second coefficient respectively, and a is the upper limit value of the scoring value of the attack factor index . 4.如权利要求2所述的物联网通信方法,其特征在于,所述威胁因素指标的评分值的计算公式为:4. The Internet of Things communication method as claimed in claim 2, wherein the calculation formula of the scoring value of the threat factor index is: Scorevul,i=min(∑Scorev,i,b);Score vul, i = min(∑Score v, i , b); 其中,Scorev,i为第二基数,b为威胁因素指标的评分值的上限值。Wherein, Score v,i is the second base number, and b is the upper limit value of the score value of the threat factor index. 5.如权利要求1所述的物联网通信方法,其特征在于,所述发送连接建立信息至业务系统的步骤之后还包括:5. The IoT communication method according to claim 1, further comprising: after the step of sending the connection establishment information to the business system: 当所述信任度等级为低信任等级时,发送第一信息至所述业务系统,以使所述业务系统拒绝所述物联网设备访问任何数据;When the trust level is a low trust level, sending first information to the business system, so that the business system refuses the Internet of Things device to access any data; 当所述信任度等级为中信任等级时,发送第二信息至所述业务系统,以使业务系统授权所述物联网设备访问公开数据;When the trust level is a medium trust level, sending second information to the business system, so that the business system authorizes the Internet of Things device to access public data; 当所述信任度等级为高信任等级时,发送第三信息至所述业务系统,以使所述业务系统授权所述物联网设备访问所述业务系统的全部数据。When the trust level is a high trust level, sending third information to the business system, so that the business system authorizes the IoT device to access all data of the business system. 6.如权利要求5所述的物联网通信方法,其特征在于,所述发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接的步骤之后,所述物联网通信方法还包括:6. The Internet of Things communication method according to claim 5, characterized in that, after the step of sending the connection establishment information to the service system so that the service system establishes a connection with the Internet of Things device, the The Internet of Things communication method also includes: 以预设的时间间隔获取所述物联网设备的风险感知数据;Obtaining the risk perception data of the IoT device at a preset time interval; 根据当前获取的所述风险感知数据计算所述物联网设备的当前信任度等级;calculating the current trust level of the IoT device according to the currently acquired risk perception data; 当所述当前信任度等级高于或低于上一次计算的信任度等级时,发送所述当前信任度等级对应的信息至所述访问网关。When the current trust level is higher or lower than the trust level calculated last time, sending information corresponding to the current trust level to the access gateway. 7.如权利要求1所述的物联网通信方法,其特征在于,所述根据所述安全因子信息计算所述物联网设备的安全评分包括:7. The Internet of Things communication method according to claim 1, wherein said calculating the security score of said Internet of Things device according to said security factor information comprises: 根据所述物联网设备的IP地址和MAC地址确定所述物联网设备接入网络的安全等级,并根据所述接入网络的安全等级确定对应的评分值,得到第一安全因子的评分值;Determine the security level of the Internet of Things device access network according to the IP address and the MAC address of the IoT device, and determine the corresponding score value according to the security level of the network access, to obtain the score value of the first security factor; 确定所述操作系统版本对应的评分值,以得到第二安全因子的评分值;Determine the score value corresponding to the operating system version to obtain the score value of the second security factor; 根据所述补丁信息确定所述物联网设备的补丁数量,并根据补丁数量确定对应的评分值,得到第三安全因子的评分值;Determine the number of patches of the IoT device according to the patch information, and determine the corresponding score value according to the number of patches, to obtain the score value of the third security factor; 根据各个安全因子的评分值计算所述物联网设备的安全评分。The security score of the IoT device is calculated according to the score values of each security factor. 8.一种物联网通信装置,其特征在于,包括:8. A communication device for the Internet of Things, characterized in that, comprising: 第一计算模块,用于获取物联网设备的安全因子信息,所述安全因子信息包括所述物联网设备的IP地址、MAC地址、操作系统版本和补丁信息;根据所述安全因子信息计算所述物联网设备的安全评分;当所述安全评分高于阈值评分时,获取所述物联网设备发送的用户的身份信息;对所述身份信息进行验证,并确定所述用户的业务权限信息;发送连接建立信息至访问网关,以使所述访问网关建立与所述物联网设备之间的连接,包括:发送连接建立信息至所述访问网关,以使所述访问网关建立所述物联网设备与所述业务权限信息对应的网络区域之间的连接;The first calculation module is used to obtain the security factor information of the IoT device, the security factor information includes the IP address, MAC address, operating system version and patch information of the IoT device; calculate the security factor information according to the security factor information The security score of the IoT device; when the security score is higher than the threshold score, obtain the identity information of the user sent by the IoT device; verify the identity information, and determine the user's business authority information; send Sending the connection establishment information to the access gateway, so that the access gateway establishes a connection with the IoT device, includes: sending the connection establishment information to the access gateway, so that the access gateway establishes the connection between the IoT device and the IoT device Connections between network areas corresponding to the service authority information; 所述第一计算模块,还用于获取物联网设备的风险感知数据,并根据所述风险感知数据计算攻击因素指标和威胁因素指标的评分值;The first computing module is further configured to acquire risk perception data of IoT devices, and calculate scoring values of attack factor indicators and threat factor indicators according to the risk perception data; 确定模块,用于根据所述攻击因素指标和所述威胁因素指标的评分值确定所述物联网设备的信任度等级;A determining module, configured to determine the trust level of the IoT device according to the scoring values of the attack factor indicators and the threat factor indicators; 第一发送模块,用于当所述信任度等级高于等级阈值时,发送连接建立信息至业务系统,以使所述业务系统建立与所述物联网设备之间的连接。A first sending module, configured to send connection establishment information to a business system when the trust level is higher than a level threshold, so that the business system can establish a connection with the IoT device. 9.一种可读存储介质,其上存储有程序,其特征在于,所述程序被处理器执行时实现如权利要求1-7任一所述的方法。9. A readable storage medium, on which a program is stored, wherein, when the program is executed by a processor, the method according to any one of claims 1-7 is realized.
CN202011148973.1A 2020-10-23 2020-10-23 Internet of things communication method, device, readable storage medium and computer equipment Active CN112351005B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011148973.1A CN112351005B (en) 2020-10-23 2020-10-23 Internet of things communication method, device, readable storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011148973.1A CN112351005B (en) 2020-10-23 2020-10-23 Internet of things communication method, device, readable storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN112351005A CN112351005A (en) 2021-02-09
CN112351005B true CN112351005B (en) 2022-11-15

Family

ID=74360041

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011148973.1A Active CN112351005B (en) 2020-10-23 2020-10-23 Internet of things communication method, device, readable storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN112351005B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113301043B (en) * 2021-05-24 2021-11-23 珠海市鸿瑞信息技术股份有限公司 Network security terminal based on 5G industrial Internet of things
CN114416492A (en) * 2022-01-27 2022-04-29 杭州迪普科技股份有限公司 Network device security monitoring method, device, electronic device and storage medium
CN115134386B (en) * 2022-06-29 2024-03-08 广东电网有限责任公司 Internet of things situation awareness system, method, equipment and medium
CN119337435A (en) * 2024-09-29 2025-01-21 中国建设银行股份有限公司 Data processing methods, devices, equipment, media and products

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763561A (en) * 2016-04-15 2016-07-13 杭州华三通信技术有限公司 Attack defense method and device
CN106713234A (en) * 2015-11-13 2017-05-24 国网智能电网研究院 Smart power grid mobile terminal dynamic state authorization system
CN109245944A (en) * 2018-10-22 2019-01-18 西南石油大学 Network safety evaluation method and system
CN109918924A (en) * 2019-02-02 2019-06-21 北京奇安信科技有限公司 The control method and system of dynamic access permission
CN110691064A (en) * 2018-09-27 2020-01-14 国家电网有限公司 A field operation terminal security access protection and detection system
CN110851839A (en) * 2019-11-12 2020-02-28 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN110855709A (en) * 2019-11-26 2020-02-28 中国建设银行股份有限公司 Access control method, device, equipment and medium for security access gateway
CN110912938A (en) * 2019-12-24 2020-03-24 医渡云(北京)技术有限公司 Access verification method and device for network access terminal, storage medium and electronic equipment
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, device and storage medium
CN111371738A (en) * 2020-02-10 2020-07-03 深信服科技股份有限公司 Access control method, device, equipment and readable storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521885B (en) * 2008-02-26 2012-01-11 华为技术有限公司 Authority control method, system and equipment
US9432375B2 (en) * 2013-10-10 2016-08-30 International Business Machines Corporation Trust/value/risk-based access control policy
US9413786B1 (en) * 2015-02-04 2016-08-09 International Business Machines Corporation Dynamic enterprise security control based on user risk factors
CN104618396B (en) * 2015-03-04 2018-01-02 浪潮集团有限公司 A kind of trustable network access and access control method
US20170149828A1 (en) * 2015-11-24 2017-05-25 International Business Machines Corporation Trust level modifier
US10038696B1 (en) * 2017-10-10 2018-07-31 Blackberry Limited System and method for controlling access to enterprise networks
CN110035076B (en) * 2019-04-04 2021-05-25 华北电力科学研究院有限责任公司 Trusted access method, trusted client and server for energy Internet
US20200322321A1 (en) * 2019-04-08 2020-10-08 Cisco Technology, Inc. Continuous trust score
CN111181979B (en) * 2019-12-31 2022-06-07 奇安信科技集团股份有限公司 Access control method, apparatus, computer device, and computer-readable storage medium
CN111711631B (en) * 2020-06-17 2022-09-27 北京字节跳动网络技术有限公司 Network access control method, device, equipment and storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713234A (en) * 2015-11-13 2017-05-24 国网智能电网研究院 Smart power grid mobile terminal dynamic state authorization system
CN105763561A (en) * 2016-04-15 2016-07-13 杭州华三通信技术有限公司 Attack defense method and device
CN110691064A (en) * 2018-09-27 2020-01-14 国家电网有限公司 A field operation terminal security access protection and detection system
CN109245944A (en) * 2018-10-22 2019-01-18 西南石油大学 Network safety evaluation method and system
CN109918924A (en) * 2019-02-02 2019-06-21 北京奇安信科技有限公司 The control method and system of dynamic access permission
CN110851839A (en) * 2019-11-12 2020-02-28 杭州安恒信息技术股份有限公司 Risk-based asset scoring method and system
CN110855709A (en) * 2019-11-26 2020-02-28 中国建设银行股份有限公司 Access control method, device, equipment and medium for security access gateway
CN111131176A (en) * 2019-12-04 2020-05-08 北京北信源软件股份有限公司 Resource access control method, device, device and storage medium
CN110912938A (en) * 2019-12-24 2020-03-24 医渡云(北京)技术有限公司 Access verification method and device for network access terminal, storage medium and electronic equipment
CN111371738A (en) * 2020-02-10 2020-07-03 深信服科技股份有限公司 Access control method, device, equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于零信任的SDN网络访问控制方法;吴云坤等;《信息网络安全》;20200810(第08期);第37-46页 *

Also Published As

Publication number Publication date
CN112351005A (en) 2021-02-09

Similar Documents

Publication Publication Date Title
CN112351005B (en) Internet of things communication method, device, readable storage medium and computer equipment
US11652829B2 (en) System and method for providing data and device security between external and host devices
JP6553524B2 (en) System and method for utilizing a dedicated computer security service
KR102611045B1 (en) Various trust factor based access control system
US9917864B2 (en) Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
EP2545680B1 (en) Behavior-based security system
JP5078898B2 (en) Method and system for dynamic adjustment of computer security based on user network activity
US20210227394A1 (en) Methods and systems to detect rogue hotspots
US9137203B2 (en) Centralized secure offload of cryptographic security services for distributed security enforcement points
CN111131176A (en) Resource access control method, device, device and storage medium
CN115065564B (en) Access control method based on zero trust mechanism
US8881273B2 (en) Device reputation management
EP2132643A1 (en) System and method for providing data and device security between external and host devices
CN106899561B (en) TNC (network node controller) authority control method and system based on ACL (Access control List)
LeMay et al. The common misuse scoring system (CMSS): Metrics for software feature misuse vulnerabilities
Scarfone et al. The common configuration scoring system (ccss): Metrics for software security configuration vulnerabilities
CN117729057A (en) Method for accessing zero trust based on identity security
US20250148074A1 (en) Multistage Quarantine of Emails
US12317076B2 (en) Authenticated secure audio calling and digitally signed metadata for integrity verification
US10681066B2 (en) Intelligent cyber-security help network for student community
CN114662080B (en) Data protection method and device and desktop cloud system
CN116318858A (en) Northbound interface security guarantee method, architecture and electronic equipment
CN115883140A (en) A data security model architecture and a data security system
US20160232380A1 (en) Automatic initiation of execution analysis
CN116633696B (en) Network computing node access controller system, management and control method and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20210209

Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd.

Assignor: Dbappsecurity Co.,Ltd.

Contract record no.: X2024980043365

Denomination of invention: IoT communication methods, devices, readable storage media, and computer equipment

Granted publication date: 20221115

License type: Common License

Record date: 20241231

EE01 Entry into force of recordation of patent licensing contract