公开(公告)号：US20210367753A1

公开(公告)日：2021-11-25

申请号：US16636727

申请日：2019-02-21

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Wenli SHANG ,  Peng ZENG ,  Long YIN ,  Chunyu CHEN ,  Jianming ZHAO ,  Xianda LIU ,  Guoyu TONG

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  G06F21/64 ,  H04L9/30

Abstract: The present invention relates to a trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption. The specific method comprises realizing identity authentication and key negotiation processes through double cryptographic values and chaotic public key ciphers and realizing secure transmission and verification of user identity credentials on the basis of building a trust chain through trusted computation for realizing a secure and trusted operating environment, thereby building a secure and trusted data transmission channel. The identity authentication method in the present invention comprises multiple links such as secure generation of user identity identifiers, read protection encapsulation, secure transmission and key negotiation. Each link adopts a unique and confidential cryptographic function for secure data generation, thereby ensuring the security of the authentication device access in an industrial measurement and control network.

公开(公告)号：US20200045023A1

公开(公告)日：2020-02-06

申请号：US16316290

申请日：2018-06-07

Applicant: SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES

Inventor： Haibin YU ,  Peng ZENG ,  Wenli SHANG ,  Long YIN ,  Xianda LIU ,  Jianming ZHAO ,  Chunyu CHEN

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/33

Abstract: The present invention relates to a network guard unit for an industrial embedded system and a guard method. The specific method is to form the network guard unit (NGU) through security technologies, such as integrated access control, identity authentication and communication data encryption, to provide active guard for a site control device. The NGU comprises an access control module, an identity authentication module, a data encryption module, a key negotiation module and a PCIE communication module, and supports the communication modes of dual network cards and PCIE bus. The present invention builds a secure and trusted operating environment for industrial control systems in combination with an active guard technical means in the field of information security on the basis of ensuring the correctness and the feasibility of security of various terminal devices in the industrial control systems.