Search

CN-122001679-A - Multi-dimensional equipment security verification method and device, terminal equipment and storage medium

CN122001679ACN 122001679 ACN122001679 ACN 122001679ACN-122001679-A

Abstract

The invention discloses a multi-dimensional equipment safety verification method, a device, a terminal device and a storage medium, which belong to the technical field of electric power safety, wherein the method comprises the steps that target equipment acquires first biological characteristics of a user to be verified and performs primary biological characteristic matching with a plurality of second biological characteristics preset in the target equipment; the method comprises the steps of obtaining equipment characteristics and environment characteristics, generating a first local identifier, transmitting the first local identifier to a cloud end, enabling the cloud end to generate a dynamic certificate according to the first local identifier, transmitting the dynamic certificate to target equipment, obtaining third biological characteristics of a user to be verified, performing secondary biological characteristic matching, analyzing the dynamic certificate and generating a second local identifier if the secondary biological characteristics are successfully matched, matching the second local identifier with the first local identifier, and giving control right to the target equipment when the matching is successful. By implementing the method and the device, the problem that the equipment in the prior art is easy to be illegally cracked can be solved, and the equipment verification safety is improved.

Inventors

  • MA TENGTENG
  • Deng xiaozhi
  • WU QINQIN
  • Lu Dongxi
  • YANG CHENWEI
  • LU JIANGANG
  • SU PENGCHENG
  • GU ZHENWEI
  • PAN YAOXIN

Assignees

  • 广东电网有限责任公司电力调度控制中心

Dates

Publication Date
20260508
Application Date
20260325

Claims (10)

  1. 1. A multi-dimensional device security verification method, comprising: When target equipment detects user verification operation, the target equipment acquires first biological characteristics of a user to be verified, and performs primary biological characteristic matching on the first biological characteristics and a plurality of second biological characteristics preset in the target equipment; If the primary biological characteristic matching is successful, the target equipment acquires the equipment characteristic and the environment characteristic of the target equipment, and performs multidimensional information fusion according to the first biological characteristic, the equipment characteristic and the environment characteristic to generate a first local identifier of the target equipment; The target device transmits the first local identifier to a cloud end, so that the cloud end generates a dynamic certificate according to the first local identifier and transmits the dynamic certificate to the target device; When the target equipment receives the dynamic certificate, the target equipment acquires a third biological characteristic of a user to be verified, and secondary biological characteristic matching is carried out on the third biological characteristic and a plurality of second biological characteristics preset in the target equipment; if the secondary biological feature matching is successful, the target device analyzes the dynamic certificate and generates a second local identifier, the second local identifier is subjected to identifier matching with the first local identifier, and when the identifier matching is successful, the target device gives the control right of the user to be verified on the target device.
  2. 2. The multi-dimensional device security verification method of claim 1, wherein the first biometric feature, the second biometric feature, and the third biometric feature each comprise one or a combination of a fingerprint, a face, an iris, and a voiceprint; The device characteristics comprise a device identifier and device voltage sampling data, wherein the device voltage sampling data comprise device sampling time data and device sampling voltage value data; The environmental characteristics comprise equipment substation codes and equipment global positioning system coordinates.
  3. 3. The method of claim 2, wherein the performing multi-dimensional information fusion according to the first biological feature, the device feature, and the environmental feature, generating the first local identifier of the target device, includes: obtaining a device key of a target device, performing exclusive OR operation on the device key and a first biological feature to obtain a first biological feature to be encrypted, and encrypting the first biological feature to be encrypted according to a hash function to obtain a first biological feature to be fused; Generating voltage abrupt change in equipment sampling time according to the equipment sampling time data and the equipment sampling voltage value data, and generating equipment characteristics to be fused according to the equipment identification, the equipment sampling voltage value data and the voltage abrupt change in the equipment sampling time; Generating environmental features to be fused according to the equipment substation codes and the equipment global positioning system coordinates; And generating a first local identifier of the target device according to the first biological characteristic to be fused, the device characteristic to be fused and the environment characteristic with fusion.
  4. 4. A multi-dimensional device security verification method as defined in claim 3, wherein said transmitting the first local identifier to a cloud end to cause the cloud end to generate a dynamic credential from the first local identifier comprises: encrypting the first local identifier to obtain an encrypted first local identifier; transmitting the encrypted first local identifier to a cloud end so that the cloud end analyzes the encrypted first local identifier and generates a dynamic certificate.
  5. 5. The multi-dimensional device security verification method of claim 4, wherein said parsing the encrypted first local identification and generating a dynamic credential comprises: The method comprises the steps of obtaining a preset cloud key to analyze the encrypted first local identifier to obtain the first local identifier and an original encryption time of the encrypted first local identifier; acquiring a first current time, and determining encryption transmission delay according to the first current time and the original encryption time; and generating a dynamic certificate according to the first local identifier when the encryption transmission delay is not more than a first preset time threshold.
  6. 6. The multi-dimensional device security verification method of claim 5, wherein said parsing the dynamic credential and generating a second local identification comprises: Acquiring original encryption time and second current time when the dynamic certificate is received, and determining certificate verification time delay according to the second current time and the original encryption time; And when the certificate verification time delay is not greater than a second preset time threshold, analyzing the dynamic certificate and generating a second local identifier.
  7. 7. The multi-dimensional device security verification method of claim 6, wherein encrypting the first local identifier to obtain an encrypted first local identifier comprises: And encrypting the first local identifier by adopting an asymmetric cryptographic algorithm based on the identifier to obtain an encrypted first local identifier.
  8. 8. The multi-dimensional equipment safety verification device is characterized by comprising a multi-dimensional characteristic fusion module, a dynamic certificate generation module and an identification verification module; The multi-dimensional feature fusion module is used for acquiring a first biological feature of a user to be verified by target equipment when the target equipment detects the user verification operation, and carrying out primary biological feature matching on the first biological feature and a plurality of second biological features preset in the target equipment; The dynamic certificate generation module is used for transmitting the first local identifier to a cloud end by the target equipment so that the cloud end generates a dynamic certificate according to the first local identifier and transmits the dynamic certificate to the target equipment; The identification verification module is used for acquiring a third biological characteristic of a user to be verified when the target device receives the dynamic certificate, carrying out secondary biological characteristic matching on the third biological characteristic and a plurality of second biological characteristics preset in the target device, analyzing the dynamic certificate and generating a second local identification by the target device if the secondary biological characteristic matching is successful, carrying out identification matching on the second local identification and the first local identification, and giving control right to the target device by the user to be verified when the identification matching is successful.
  9. 9. A terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing a multi-dimensional device security verification method according to any one of claims 1 to 7 when the computer program is executed.
  10. 10. A storage medium comprising a stored computer program, wherein the computer program, when run, controls a device in which the storage medium is located to perform a multi-dimensional device security verification method according to any one of claims 1 to 7.

Description

Multi-dimensional equipment security verification method and device, terminal equipment and storage medium Technical Field The present invention relates to the field of electric power security technologies, and in particular, to a multi-dimensional device security verification method, a device, a terminal device, and a storage medium. Background In an electric power system, the safety protection measures for operation and maintenance control of key equipment in a transformer substation are extremely important, and the traditional safety measures are that equipment safety verification is realized by inputting biological characteristics of relevant responsible persons of the equipment and combining corresponding physical passwords, wherein the biological characteristics comprise one or more of fingerprints, face, irises and voiceprints, and the physical passwords comprise digital passwords and ID cards. However, the existing security verification method of the key device realized by adding the physical password to the biological feature is basically only superposition of security technologies in a single dimension, and from the viewpoint of device processing, the device can be given control right only after the device acquires the biological feature and the physical password, so that in the illegal decoding process, the device control right can be obtained only by performing one-to-one decoding on the biological feature and the physical password respectively. Therefore, there is a need for an authentication method that can improve the security of devices. Disclosure of Invention The embodiment of the invention provides a multi-dimensional equipment security verification method, a device, terminal equipment and a storage medium, which can effectively solve the problem that equipment in the prior art is easy to be illegally cracked and improve equipment verification security. An embodiment of the present invention provides a security verification method for a multi-dimensional device, including: When target equipment detects user verification operation, the target equipment acquires first biological characteristics of a user to be verified, and performs primary biological characteristic matching on the first biological characteristics and a plurality of second biological characteristics preset in the target equipment; If the primary biological characteristic matching is successful, the target equipment acquires the equipment characteristic and the environment characteristic of the target equipment, and performs multidimensional information fusion according to the first biological characteristic, the equipment characteristic and the environment characteristic to generate a first local identifier of the target equipment; The target device transmits the first local identifier to a cloud end, so that the cloud end generates a dynamic certificate according to the first local identifier and transmits the dynamic certificate to the target device; When the target equipment receives the dynamic certificate, the target equipment acquires a third biological characteristic of a user to be verified, and secondary biological characteristic matching is carried out on the third biological characteristic and a plurality of second biological characteristics preset in the target equipment; if the secondary biological feature matching is successful, the target device analyzes the dynamic certificate and generates a second local identifier, the second local identifier is subjected to identifier matching with the first local identifier, and when the identifier matching is successful, the target device gives the control right of the user to be verified on the target device. Further, the first, second and third biological features comprise one or a combination of fingerprint, face, iris and voiceprint; The device characteristics comprise a device identifier and device voltage sampling data, wherein the device voltage sampling data comprise device sampling time data and device sampling voltage value data; The environmental characteristics comprise equipment substation codes and equipment global positioning system coordinates. Further, the multi-dimensional information fusion is performed according to the first biological feature, the device feature and the environmental feature, and the generation of the first local identifier of the target device includes: obtaining a device key of a target device, performing exclusive OR operation on the device key and a first biological feature to obtain a first biological feature to be encrypted, and encrypting the first biological feature to be encrypted according to a hash function to obtain a first biological feature to be fused; Generating voltage abrupt change in equipment sampling time according to the equipment sampling time data and the equipment sampling voltage value data, and generating equipment characteristics to be fused according to the equipment identification, the equipment samplin