Summary of the invention
One of purpose of the present invention is at above-mentioned deficiency, a kind of IC-card intelligent electric energy meter information security management module is provided, the information security management that solves various IC-card intelligent electric energy meters of the prior art and management system thereof with expectation can not get problems such as assurance, eliminates the risk of information security management in Utilities Electric Co.'s operation.
For solving above-mentioned technical matters, the present invention by the following technical solutions:
A kind of IC-card intelligent electric energy meter information security management module provided by the present invention, described information security management module comprises processor, first data-interface, second data-interface and FLASH storer, described processor inserts first data-interface, second data-interface and FLASH storer respectively, wherein:
Described first data-interface is used for carrying out the IC-card intelligent electric energy meter communicates by letter with the unique data of IC-card information exchange module, and transmits it to processor when receiving the external data that comes from the IC-card information exchange module;
Described FLASH storer is used for control and the documentor of storage information security management module;
Described second data-interface is used for carrying out the data communication between processor and the IC-card intelligent electric energy meter terminal master controller, and described IC-card intelligent electric energy meter terminal master controller is used for carrying out the operation of corresponding table end according to the instruction of processor;
Described processor is used for when receiving the external data that comes from first data-interface, the management system for selling power that the subtend IC-card writes external data carries out authentication, judge whether to obtain the encrypted packets in this external data, and send corresponding operational order by second data-interface to IC-card intelligent electric energy meter terminal master controller according to the affairs that comprise in the data.
As preferably, further technical scheme is: described processor is used for when receiving the external data that comes from first data-interface, the management system for selling power that writes external data according to external data subtend IC-card carries out authentication, when authentication result is judged as when legal, then encrypted packets is decrypted and completeness check, on the contrary the original state that then resets;
After data integrity verifying passes through, the validity of data is verified, on the contrary the original state that then resets;
After Validation of Data is passed through, the affairs that comprise in the data are carried out pre-service, and from IC-card intelligent electric energy meter terminal master controller, obtain corresponding return message by second data-interface, described return message is encrypted the back return to the IC-card information exchange module by first data-interface, after effectively being confirmed, then the pre-service result is approved and stored relevant operation information, and instructed to the transmit operation of IC-card intelligent electric energy meter terminal master controller; Otherwise then abandon the pre-service result or make caching process.
Further technical scheme is: preset protocols limit condition and a plurality of different cipher key procedures in the described FLASH storer, be used for when the information security management module is carried out exchanges data with the subsystem of the different classifications of management system for selling power respectively, processor is compared according to a plurality of cipher key procedures that preset in the encryption key of external data and the FLASH storer, thereby the identity of authentication management system for selling power, and after encrypted packets deciphering and completeness check pass through, according to the validity of protocols limit condition verification msg under current identity, judge whether the affairs in the data are carried out pre-service.
Further technical scheme is: also comprise eeprom memory in the described information security management module, described eeprom memory also inserts processor, be used for storage of processor to the associative operation information of IC-card intelligent electric energy meter terminal master controller, and processor is to the pre-service result of affairs in the external data.
Further technical scheme is: described processor is for carrying out central processing unit or the single-chip microcomputer of cryptographic algorithm.
Further technical scheme is: described first data-interface is the IC-card interface.
Further technical scheme is: described second data-interface is at least any one in the middle of USART serial line interface, SPI serial line interface or the I2C serial line interface.
Further technical scheme is: described information security management module also comprises encrypting module, described encrypting module inserts processor, be used for the multistage encryption and decryption to information security management module and management system for selling power, IC-card intelligent electric energy meter terminal master controller exchanges data, and the data encryption key that auxiliary processor obtains management system for selling power carries out authentication.
Further technical scheme is: described encrypting module is by the Advanced Encryption Standard in the AES(cryptography, the abbreviation of English Advanced Encryption Standard) or the triple data encryption algorithm of 3DES(, mode English Triple Data Encryption Algorithm) is carried out data encrypting and deciphering.
Compared with prior art, one of beneficial effect of the present invention is: carry out authentication when the information security management module is carried out exchanges data by IC-card information exchange module and management system for selling power, guaranteed the legitimacy of both communication, IC-card intelligent electric energy meter terminal master controller must could communicate with the outside by the information security management module; Utilize different keys can realize the authority setting of Utilities Electric Co.'s differentiated control, and adopt 3DES/AES multi-level encryption mode, make that the security of key is higher, and upgrading key can download cause for gossip by the program on the information security management module time, avoid key to leak the risk of bringing; By built-in data verifying program, guarantee that the data of transmission are true, accurate, complete.A kind of IC-card intelligent electric energy meter information security management modular structure provided by the present invention is simple simultaneously, can embed in the IC-card intelligent electric energy meter of any kind and the compatible IC-card intelligent electric energy meter of bus interface terminal master controller, there is no and sew up into the power supply management system, realize the dispersion manufacturing of IC-card intelligent electric energy meter, unified management, range of application is wide, and has guaranteed the independence of Utilities Electric Co. in electric energy meter control, is not subjected to extraneous restriction.
Embodiment
The present invention is further elaborated below in conjunction with accompanying drawing.
With reference to shown in Figure 1, one embodiment of the present of invention are a kind of IC-card intelligent electric energy meter information security management modules, described information security management module comprises processor, first data-interface, second data-interface and FLASH storer, described processor inserts first data-interface, second data-interface and FLASH storer respectively, wherein:
The effect of above-mentioned first data-interface is to carry out the IC-card intelligent electric energy meter to communicate by letter with the unique data of IC-card information exchange module, and transmits it to processor when receiving the external data that comes from the IC-card information exchange module;
The effect of above-mentioned FLASH storer is control and the documentor in the storage information security management module;
With reference to shown in Figure 2, the effect of above-mentioned second data-interface is the data communication of carrying out between processor and the IC-card intelligent electric energy meter terminal master controller, and the effect of IC-card intelligent electric energy meter terminal master controller is to carry out the operation of respective table end according to the instruction of processor;
The effect of above-mentioned processor is when receiving the external data that comes from first data-interface, the management system for selling power that the subtend IC-card writes external data carries out authentication, judge whether to obtain the encrypted packets in this external data, and send corresponding operational order by second data-interface to IC-card intelligent electric energy meter terminal master controller according to the affairs that comprise in the data.
According to above-mentioned technical scheme as can be known, the technical matters that present embodiment solves is the information security management module by above-mentioned composition structure, carrying out data between IC-card intelligent electric energy meter terminal master controller and management system for selling power transmits, and when transmitting, authenticated and encryption and decryption, thereby cooperate Utilities Electric Co. that the IC-card intelligent electric energy meter of terminal is managed, to eliminate the risk of information security management in Utilities Electric Co.'s operation.
And the information security management module of the Oscillator module shown in Fig. 1 and pin XIN, XOUT provides clock signal; The RAM storer is used for the operating ephemeral data of memory module; VCC and VSS two pins provide working power for the information security management module, and this power supply should be continued power and can not being provided by the pin of IC-card intelligent electric energy meter terminal master controller.
Again with reference to shown in Figure 1, be used for the embodiment that the technical solution problem is more preferably in the present invention, the concrete mode of a kind of above-mentioned processor to management system for selling power authentication and affairs execution is provided, namely when processor receives the external data that comes from first data-interface, according to external data management system for selling power is carried out authentication, when authentication result is judged as when legal, then encrypted packets is decrypted and completeness check, on the contrary the original state that then resets;
After data integrity verifying passes through, the validity of data is verified, on the contrary the original state that then resets;
After Validation of Data is passed through, the affairs that comprise in the data are carried out pre-service, and from IC-card intelligent electric energy meter terminal master controller, obtain corresponding return message by second data-interface, described return message is encrypted the back return to the IC-card information exchange module by first data-interface, after effectively being confirmed, then the pre-service result is approved and stored relevant operation information, and instructed to the transmit operation of IC-card intelligent electric energy meter terminal master controller; Otherwise then abandon the pre-service result or make caching process, namely do not receive the affirmation result of IC-card information exchange module in the predefined time, for example do not receive the affirmation information of IC-card information exchange module in three minutes, original state then resets; Aforesaid caching process refers to the pre-service object command is kept in, and when processor is waken up and receives the affirmation information of IC-card information exchange module again, then instructs to the transmit operation of IC-card intelligent electric energy meter terminal master controller in the same way.
Also comprised in the above-mentioned technical scheme external data in the present embodiment from the management system for selling power authentication to wherein affairs by the performed whole flow process of processor, by the program setting of above-mentioned flow process, further strengthened in the information security management module receiving the security of information and executing.And the above-mentioned processor reset original state of repeatedly mentioning, be the state of resetting processor before carrying out above-mentioned any one operation, for example to carry out the state of authentication before receiving external data be dormant state to processor, when receiving that external data is waken up by dormant state, but the authentication of management system for selling power is judged as when illegal, processor then recovers dormant state, do not carry out any operation, the situation of processor reset also substantially as hereinbefore in other step, when authentication failed, processor can be stored operation note.The above-mentioned management system for selling power of mentioning can be the terminal electric energy meter comprehensive management system that Utilities Electric Co. is set up in actual applications simultaneously.
And it is same, in another embodiment of the present invention, for realizing the information security management module being managed by different rights, need in above-mentioned FLASH storer, to preset protocols limit condition and a plurality of different cipher key procedures, its act as the information security management module respectively with management system for selling power in the subsystem of different classifications when carrying out exchanges data, processor is compared according to a plurality of cipher key procedures that preset in the encryption key of external data and the FLASH storer, thereby the identity of authentication management system for selling power, and after encrypted packets deciphering and completeness check pass through, according to the validity of protocols limit condition verification msg under current identity, judge whether the affairs in the data are carried out pre-service.
According to another embodiment of the present invention, mention as above-mentioned, buffer memory for ease of processor pre-service result, in the information security management module, also relatively independent eeprom memory can be set, and eeprom memory also inserted processor, be used for storage of processor to the associative operation information of IC-card intelligent electric energy meter terminal master controller, processor is to the pre-service result of affairs in the external data, and the failure record of processor checking, and in the FLASH storer, also be provided with other program that to be utilized by processor, after in a single day be processor be stored in the eeprom memory to the associative operation information of IC-card intelligent electric energy meter terminal master controller, with unsuppressible-suppression and modification, in order to make the running status of information security management module stay complete record.
With reference to shown in Figure 2, in the practical application of the IC-card intelligent electric energy meter information security management module in above-described embodiment, insert between IC-card intelligent electric energy meter terminal master controller and the various IC-card information exchange module again.The IC-card intelligent electric energy meter itself contains multiple functional module, as pulse counter module, memory module, display module, relay control module, surplus reminding module etc., these modules are by being connected with IC-card intelligent electric energy meter terminal master controller, finish the correlation function of IC-card intelligent electric energy meter, measure as finish power consumption by pulse counter module, display module shows power consumption and dump energy, relay control module is as the power on/off switch, the surplus reminding module should be purchased electricity operation etc. as early as possible by hummer prompting user before purchasing electric weight is about to use up.
All exchanges data of IC-card intelligent electric energy meter and outside management system for selling power all must could realize through the information security management module, guarantee that with this IC-card intelligent electric energy meter is in controlled circumstances all the time, ensure safety of data transmission.
The processor that above-described embodiment is mentioned is the core of information security management module, be used for carrying out corresponding program and data encryption, in another embodiment of the present invention, above-mentioned processor is for directly adopting central processing unit or the single-chip microcomputer that can carry out cryptographic algorithm in the prior art, for example EFM32 etc.
Based on data communication mode required in above-described embodiment, the inventor is with reference to prior art, and what be used in above-described embodiment carrying out that unique first data-interface of communicating by letter adopts with the IC-card information exchange module is the IC-card interface.
And it is corresponding, second data-interface that processor and IC-card intelligent electric energy meter terminal master controller communicate in above-described embodiment preferably is complementary with conventional master controller, serial line interfaces such as USART interface, SPI interface or I2C interface for example, with increase the information security management module integrated with the IC-card intelligent electric energy meter on compatibility.
Again with reference to shown in Figure 1, security for data encryption and deciphering in the administration module that further ensures information security, be preferably in its inside independently encrypting module is set, and with this independently encrypting module insert processor, be used for information security management module and management system for selling power, the multistage encryption and decryption of information security management module and IC-card intelligent electric energy meter terminal master controller exchanges data, and the data encryption key that auxiliary processor obtains management system for selling power carries out authentication, and with reference to the higher cipher mode of security in the prior art, the preferred Advanced Encryption Standard that adopts in the AES(cryptography, the abbreviation of English Advanced Encryption Standard) or the triple data encryption algorithm of 3DES(, English Triple Data Encryption Algorithm) data of coming and going in the information security management module are carried out encryption and decryption.
Again with reference to shown in Figure 3, after the integrated above-mentioned information security management module of IC-card intelligent electric energy meter that a plurality of different vendors produce, outside all communication datas of intelligent electric energy meter are all by transmitting after the information security management module encryption and decryption, and the internal processes of information security management module is unique, therefore management system for selling power can be considered as terminal with the information security management module, in order to manage the IC-card intelligent electric energy meter, namely with the compatible various brands of a management system for selling power, the IC-card intelligent electric energy meter of type is managed concentratedly, effectively reduces Utilities Electric Co. to different brands in the zone, the difficulty of type electric energy meter integration management.
Except above-mentioned, also need to prove " embodiment ", " another embodiment " that speak of in this manual, " embodiment " etc., refer to concrete feature, structure or the characteristics described in conjunction with this embodiment and be included among at least one embodiment that the application's generality describes.A plurality of local appearance statement of the same race is not necessarily to refer to same embodiment in instructions.Furthermore, when describing a concrete feature, structure or characteristics in conjunction with arbitrary embodiment, what advocate is to realize that in conjunction with other embodiment this feature, structure or characteristics also fall within the scope of the invention.
Although invention has been described with reference to a plurality of explanatory embodiment of the present invention here, but, should be appreciated that those skilled in the art can design a lot of other modification and embodiments, these are revised and embodiment will drop within the disclosed principle scope and spirit of the application.More particularly, in the scope of, accompanying drawing open in the application and claim, can carry out multiple modification and improvement to building block and/or the layout of subject combination layout.Except modification that building block and/or layout are carried out with improving, to those skilled in the art, other purposes also will be tangible.