CN105763542A - Device and method of encryption and authentication for distribution terminal serial port communication - Google Patents
Device and method of encryption and authentication for distribution terminal serial port communication Download PDFInfo
- Publication number
- CN105763542A CN105763542A CN201610073649.5A CN201610073649A CN105763542A CN 105763542 A CN105763542 A CN 105763542A CN 201610073649 A CN201610073649 A CN 201610073649A CN 105763542 A CN105763542 A CN 105763542A
- Authority
- CN
- China
- Prior art keywords
- encryption
- distribution
- message
- chip
- certification device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 126
- 238000004891 communication Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012545 processing Methods 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims abstract description 13
- 230000002452 interceptive effect Effects 0.000 claims description 47
- 230000008569 process Effects 0.000 claims description 36
- 230000006870 function Effects 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 11
- 230000008676 import Effects 0.000 claims description 7
- 238000007689 inspection Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000005611 electricity Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 101000911390 Homo sapiens Coagulation factor VIII Proteins 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 102000057593 human F8 Human genes 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 229940047431 recombinate Drugs 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention discloses a device and method of encryption and authentication for distribution terminal serial port communication. The device comprises a master control chip, a national encryption algorithm encryption chip, an external interface, a LED display module and a storage module. The master control chip is connected with the national encryption algorithm encryption chip, the external interface, the LED display module and the storage module, and is configured to receive the message information of a distribution master station front-end processor and a distribution terminal and perform the overall management of other modules; and the national encryption algorithm encryption chip is configured to perform encryption/decryption processing of the message information received by the master control chip. The device provided by the invention breaks away from the distribution terminal so as to avoid the memory consuming of the distribution terminal. Besides, the device provided by the invention employs a special encryption chip so as to improve the response speed and reduce the dependence on the CPU and the memory.
Description
Technical field
The present invention relates to a kind of encryption certification device, particularly relate to a kind of encryption certification device for distribution terminal serial communication, also relate to realize based on this device the encryption and authentication method of distribution terminal serial communication, belong to technical field of electric power communication.
Background technology
Along with the fast development of national economic development, power automatic system is used widely.The distribution terminal with distribution network control function disperses to be deployed in distribution network in a large number.Distribution main website sends instruction by front end processor and each distribution terminal realizes the long-range management of the modes such as remote measurement, remote signalling, remote control, thus indirectly realizing the control to distribution network.In recent years, along with the fast development of communication network, distribution terminal, by using public communication network to communicate based on the wireless communication unit of serial communication, promotes corresponding security protection ability in distribution main website building security access area.
It addition, along with networking, informationalized deepen continuously, the requirement of distribution terminal secure communication is more and more higher, relevant departments' successively issue associated documents are for specification distribution terminal secure communication.Such as in 2011, " low and medium voltage distribution network automated system security protection supplementary provisions " are distinctly claimed " no matter adopting which kind of telecommunication mode; distribution automation system should support the unilateral authentication function based on unsymmetrical key technology; the guidance command that main website issues should with the digital signature based on scheduling certificate, and side, substation or end side should be able to differentiate the digital signature of main website ".
2015, " distributing monitoring system security protection scheme " is distinctly claimed " two-way authentication can be adopted to encrypt the communication of important substation and terminal, it is achieved the bidirectional identification between main website and substation differentiates, it is ensured that message confidentiality and integrity ".It addition, be distinctly claimed power distribution network security protection should step up the intensity of two-way authentication from unilateral authentication, simultaneously need to original security protection system and associated safety Protection Product are optimized upgrading.
In consideration of it, the upgrading for distribution terminal communication security has carried out substantial amounts of research, but, prior art still suffers from following shortcoming:
1) existing distribution terminal safety communication technology mainly realizes in distribution terminal equipment, is mainly software and realizes algorithm, and the response speed of its algorithm is slow, takies a large amount of CPU and memory source, affects distribution terminal equipment work efficiency.
2) existing distribution terminal safety communication technology adopts unilateral authentication, its algorithm is simple signature algorithm, using the signature controlled in message that distribution main website is sent by the PKI of distribution main website to be verified at distribution terminal, the communication message of standard is still expressly, it is easy to be intercepted collection and analysis.
3) existing distribution terminal safety communication technology uses the PKI of distribution main website not to be with certificate for carrier, and the effect duration of PKI and the safety of electron key cannot be completely secured.
4) in existing distribution terminal safety communication technology, distribution terminal does not have corresponding key secure storage medium, does not use the unsymmetrical key of oneself in communication process, and terminal identity cannot be verified by distribution main website, there is the risk forging terminal.
Summary of the invention
For the deficiencies in the prior art, the technical problem to be solved is in that to provide a kind of encryption certification devices and methods therefor for distribution terminal serial communication.
For achieving the above object, the present invention adopts following technical scheme:
A kind of encryption certification device for distribution terminal serial communication, is deployed between distribution terminal and communication unit, including main control chip, the close algorithm for encryption chip of state, external interface, LED display module and memory module;
Wherein, described main control chip is connected with described state close algorithm for encryption chip, described external interface, described LED display module and described memory module respectively, for receiving distribution main website front end processor and the message information of described distribution terminal, other modules are managed as a whole;
The message information that described main control chip is received by described state close algorithm for encryption chip is encrypted/decryption processing.
Wherein more preferably, described main control chip includes driving layer, functional interface layer and function logic layer;Described function logic layer obtains the message information of distribution main website front end processor or distribution terminal, found the module of correspondence by the corresponding interface of described functional interface layer according to process demand after being analyzed, processed by corresponding driving of described driving layer, the message information after process is sent to by serial ports distribution terminal or distribution main website front end processor.
Wherein more preferably, the close algorithm for encryption chip of described state includes mastery routine, mh, mode interface routine, cryptographic algorithm driver, SPI communication driver and serial communication driver;
When message information is sent to the close algorithm for encryption chip of described state by described main control chip, described state close algorithm for encryption chip interrupts obtaining described message information by the reception of described SPI communication driver, it is sent to described mastery routine, described message information is sent to described mh according to type and resolves according to structure by described mastery routine, message information after parsing is sent to described cryptographic algorithm driver and is encrypted/decryption processing, after encrypt/having deciphered, message information is sent back to described mh and carries out organized processing, then described mastery routine is beamed back, described mastery routine is called described SPI communication driver and message information is sent back to described main control chip.
Wherein more preferably, the PKI of described memory module public key certificate and distribution main website unilateral authentication in order to preserve safe distribution of electric power interactive gateway;
When message information is sent to described main control chip by safe distribution of electric power interactive gateway, the sender of described message information is carried out authentication by the PKI of described distribution main website unilateral authentication by described state close algorithm for encryption chip, by the public key certificate of described safe distribution of electric power interactive gateway to the key agreement that conversates.
Wherein more preferably, the described encryption certification device for distribution terminal serial communication also includes electric power special encryption chip;
When described main control chip receives the message information with electric power proprietary algorithm processes, message information will be sent to described electric power special encryption chip and be encrypted/decryption processing, and the message information after encryption/decryption process is returned described main control chip.
Wherein more preferably, described LED display module shows main control chip, state close algorithm for encryption chip and the current operating state of described electric power special encryption chip by the switch of LED, it is determined that whether described main control chip, described state close algorithm for encryption chip and described electric power special encryption chip correctly run.
Wherein more preferably, the described encryption certification device for distribution terminal serial communication also includes RTC clock module and watchdog module;
Described RTC clock module is connected with described main control chip by iic bus, it is provided that current time;
Message information is sent to described RTC clock module by the RTC clock interface of functional interface layer by described main control chip;
Described watchdog module is connected with described main control chip, and message information is sent to described watchdog module by the house dog interface of functional interface layer by described main control chip, calls the GPIO driving driving layer and interacts with watchdog reset circuit, it is achieved exceptional reset.
A kind of encryption and authentication method for distribution terminal serial communication, realizes based on above-mentioned encryption certification device, comprises the steps:
S1, encryption certification device and safe distribution of electric power interactive gateway adopt unsymmetrical key to perform two-way authentication and conversate key agreement;
S2, is encrypted communication by session key, and encryption certification device is sent to distribution terminal by serial ports after being decrypted by the message information receiving distribution main website front end processor;Received the message information of distribution terminal by serial ports, after being encrypted, be sent to distribution main website front end processor;
S3, sets time threshold, between when in communication after time of advent threshold value, repeats step S1~S2.
Wherein more preferably, in step sl, described encryption certification device and distribution main website front end processor adopt unsymmetrical key to perform two-way authentication and conversate key agreement, comprise the steps:
S11, encryption certification device generates unsymmetrical key pair when initializing, and derives certificate request, after grant a certificate, public key certificate imports safe distribution of electric power interactive gateway;
S12, imports to the PKI of the public key certificate of safe distribution of electric power interactive gateway and distribution main website unilateral authentication in encryption certification device;
S13, safe distribution of electric power interactive gateway generates " consulting request " message with random number, uses the private key of safe distribution of electric power interactive gateway that described " consulting request " message is signed, and is sent to distribution terminal;
S14, encryption certification device intercepts and captures " consulting request " message, use the PKI in safe distribution of electric power interactive gateway public key certificate that " consulting request " message is carried out signature verification, generate " consulting response " message with random number, the private key using encryption certification device is signed, and is sent to distribution main website;
S15, safe distribution of electric power interactive gateway intercepts and captures " consulting response " message, uses the PKI of encryption certification device that " consulting response " message is carried out signature verification, generates " consulting successfully " message, the private key using safe distribution of electric power interactive gateway is signed, and is sent to distribution terminal;
S16, encryption certification device intercepts and captures " consulting successfully " message, uses the PKI in safe distribution of electric power interactive gateway public key certificate that " consulting successfully " message is carried out signature verification, completes safe distribution of electric power interactive gateway end session key agreement process;
S17, generates " consulting request " message with random number at encryption certification device;According to the processing procedure of step S13~S16, encryption certification device completes session key agreement process, utilizes two the generating random number session keys consulting to obtain.
Wherein more preferably, in step s 2, when being encrypted communication by session key, in encryption certification device, serial ports receives the reception relief area of the data feeding main control chip that serial ports can be received by interruption, the inspection of a frame message is carried out in receiving relief area, after determining and receiving a frame complete message, type of message is judged, it is sent to encryption chip when message information is communication message and is encrypted/decryption processing, when message information is for management message, the configuration of encryption certification device is updated by management message.
Encryption certification device for distribution terminal serial communication provided by the present invention, adopts the close algorithm for encryption chip of special state, promotes response speed, and reduces the dependence to CPU and internal memory.It addition, encryption certification device and safe distribution of electric power interactive gateway adopt unsymmetrical key, perform two-way authentication and conversate key agreement, it is achieved the two-way authentication of checking the other side's identity;After session key agreement, use the symmetric key consulted to be encrypted/decryption processing, greatly accelerated the time of encryption certification device encryption/deciphering, improve communication efficiency.In addition, the carrier of PKI is certificate, it is possible to according to the safety of certificate chain and definitiveness, ensures that certificate information cannot be tampered, and can also judge that when expired certificate is, it is ensured that the safety of PKI itself simultaneously.
Accompanying drawing explanation
Fig. 1 is the structural representation of distribution terminal serial communication provided by the present invention encryption certification device;
Fig. 2 is in encryption certification device provided by the present invention, the structural representation of main control chip;
Fig. 3 is in encryption certification device provided by the present invention, the structural representation of the close algorithm for encryption chip of state;
Fig. 4 is in an embodiment provided by the present invention, the framework map of distribution terminal serial communication.
Detailed description of the invention
Below in conjunction with the drawings and specific embodiments, the technology contents of the present invention is carried out detailed specific description.
As it is shown in figure 1, encryption certification device (serial port device) for distribution terminal serial communication provided by the present invention, it is deployed between distribution terminal and communication unit, is attached respectively through serial ports.This encryption certification device includes main control chip, the close algorithm for encryption chip of state, electric power special encryption chip, external interface, LED display module, memory module, RTC clock module and watchdog module.Wherein, main control chip is connected with state close algorithm for encryption chip, electric power special encryption chip, external interface, LED display module, memory module, RTC clock module and watchdog module respectively, for processing the message information of distribution main website front end processor and distribution terminal, other modules are managed as a whole.
As in figure 2 it is shown, main control chip adopts MCU chip, the process of all communication logics between primary responsibility distribution main website front end processor and distribution terminal, the process of remote side administration, the process of configuration item and control the process such as encryption/deciphering.Main control chip is made up of three levels, including driving layer, functional interface layer and function logic layer.Function logic layer obtains the message information of distribution main website front end processor or distribution terminal, found the module of correspondence by the corresponding interface of functional interface layer according to process demand after being analyzed, by driving corresponding driving of layer to process, the message information after process is sent to by serial ports distribution terminal or distribution main website front end processor.Wherein, driving layer to include IIC driving, SPI driving, serial port drive and GPIO and drive, these drive the interface with standard to provide service interface for last layer.Functional interface layer includes RTC clock interface, enciphering and deciphering algorithm calling interface, memory interface, transceiver communication interface, configuration and debugging calling interface, house dog interface and LED and shows interface.Functional interface layer provides interface principally for realizing concrete function, finds corresponding module by interface, completes required function.Function logic layer mainly utilizes the functional interface that functional interface layer provides, and according to concrete reality, calls different modules and realizes function services, the final two-way encryption realizing communication.The description in greater detail below of the detailed functions of driving layer, functional interface layer and function logic layer.
External interface is responsible for the physical connection such as device configuration, debugging monitoring, external interconnections communication, in order to realize the final purpose of secure communication.External interface includes serial communication interface and configuration and debugging interface, and wherein, serial communication interface includes serial communication interface 1 and serial communication interface 2, and dual serial communication interface all for realizing the communication function of encryption certification device, is the RS232 interface of standard.Serial communication interface 1 and serial communication interface 2 are respectively intended to receive or forward distribution terminal or distribution main website front end processor to send the message information of coming.When serial communication interface receives message information, producing interrupt signal in main control chip, main control chip calls interrupt routine and uses serial communication to drive the message information that reading receives;When being sent by the message information processed, main control chip calls serial communication driving and is sent by packaged message information.In embodiment provided by the present invention, encryption certification device also includes bypass module.Bypass module is made up of single example element and signal relay, main under the logic control of main control chip, it is achieved serial communication interface 1 is to the data transparent transmission of serial communication interface 2, when encrypting certification device power-off and not working, two communication serial ports are carried out bypass process, does not affect proper communication.
Debugging and configuration interface include two chips, all support RS232 serial communication, the debugging of debugging and encryption chip in order to realize host CPU chip.Instruction according to main control chip function logic layer, by configure with debug calling interface call debugging and configuration interface, by serial port drive realize to encryption the various information of certification device configuration, meet the demand of different situations with this.
In embodiment provided by the present invention, the close algorithm for encryption chip of state and main control chip communicate, it is achieved various encryption/decryption algorithm, including SM2 rivest, shamir, adelman, SM3 hashing algorithm, SM4 symmetric encipherment algorithm etc., accelerate to calculate speed with this.The close algorithm for encryption chip of state is started by main control chip, the close algorithm for encryption chip of state is called by enciphering and deciphering algorithm calling interface, drive by calling spi bus, the data and key that need encryption and decryption are sent in the close algorithm for encryption chip of state, deciphering chip returns data to main control chip after processing and the interface of return is provided.
As it is shown on figure 3, the close algorithm for encryption chip of state includes mastery routine, mh, mode interface routine, cryptographic algorithm driver, SPI communication driver and serial communication driver.Wherein, mastery routine judges in order to the type completing all message informations to reception, and realize different data process (being described in detail in follow-up process) for different types of message information, and the data after processing are sent in mh, the message information processed the most at last is sent back in main control chip by SPI communication driver again.Serial communication driver is primarily to the serial ports realizing this encryption chip and uses interface.SPI communication driver achieves the communication function interface of main control chip and encryption chip, interrupts obtaining the message information come from main control chip transmission by receiving of SPI communication driver.Mh is in order to resolve the message information that SPI communication driver obtains according to structure, or the message information after organized processing encryption/deciphering.Cryptographic algorithm driver is used for realizing being encrypted/decipherment algorithm with special coprocessor, and its algorithm contains SM2 rivest, shamir, adelman, SM3 hashing algorithm, SM4 symmetric encipherment algorithm, supports other algorithms such as generating random number simultaneously.
nullWhen main control chip has message information to be sent to the close algorithm for encryption chip of state,The serial communication driver of the close algorithm for encryption chip of state is called by enciphering and deciphering algorithm calling interface,The serial ports realizing the close algorithm for encryption chip of state uses interface,Then pass through spi bus and drive the SPI communication driver calling the close algorithm for encryption chip of state,Realize the communication function interface of main control chip and the close algorithm for encryption chip of state,Interrupt obtaining the message information come from main control chip transmission by receiving of SPI communication driver,It is sent to mastery routine,Mastery routine is sent to mh after message information is processed according to type and resolves according to structure,Message information after parsing is sent to cryptographic algorithm driver be encrypted/decipher,After encrypt/having deciphered, message information is sent back to mh and carries out organized processing,Beam back mastery routine afterwards,Mastery routine is called SPI communication driver and is finally sent back in main control chip by message information.Debugging interface program, in state's close algorithm for encryption chip debugging process, is responsible for being exported all Debugging message by serial ports by the interface of serial communication driver.
Electric power special encryption chip is for processing electric power dedicated encrypted algorithm, in communication process, when main control chip receives the ciphertext data with electric power dedicated encrypted algorithm for encryption, main control chip will call the corresponding interface function and transmit data in electric power special encryption chip by spi bus driving, it is responsible for carrying out the deciphering of ciphertext by electric power special encryption chip afterwards, and the plaintext after deciphering is returned data to main control chip by spi bus.When the data that main control chip receives need to adopt electric power tailor-made algorithm to be encrypted, main control chip calls corresponding interface function and sends the data to this electric power special encryption chip by spi bus driving, will be added ciphertext data by this chip again through spi bus afterwards and return to main control chip.
Memory module adopts FLASH chip, mainly store the configuration item needed for this encryption certification device, and the PKI of the public key certificate of the safe distribution of electric power interactive gateway used in distribution terminal and distribution main website front end processor serial communication process and distribution main website unilateral authentication, the message information being used for distribution main website front end processor is sent carries out identity validation and deciphering.In embodiment provided by the present invention, memory module is used for the every Configuration Values preserving this encryption certification device and this certificate used by encryption certification device.Certificate information is sent to memory module by memory interface by main control chip, calls spi bus and drives realize with memory module mutual, provides external read-write interface, it is achieved the preservation of data and read functions simultaneously.When message information is carried out authentication and deciphering by needs, main control chip is transferred certificate from memory module and is sent to encryption chip.
RTC clock module is RTC clock chip, provides reliable current time principally for encryption certification device.RTC clock chip is connected with main control chip by iic bus, message information is sent to RTC clock module by RTC clock interface by main control chip, driven by iic bus and realize and the interaction of RTC clock chip, upper offer current time is inquired about simultaneously, pair time etc. basic function.
Watchdog module and main control chip are directly connected to, and " feeding-dog signal " is sent to watchdog module by house dog interface by main control chip, call GPIO driving and outside watchdog reset circuit is interacted, it is achieved exceptional reset function.Watchdog module mainly solves locked problem when exception occurs in main control chip, and the stability for encrypting certification device provides and ensures.
LED display module is mainly used to show the current operating state of the close algorithm for encryption chip of state, electric power special encryption chip and main control chip, determines whether encryption chip and main control chip correctly run with this, and provides auxiliary information as field engineering application and debugging.By LED, main control chip shows that message information is sent to LED display module by interface, call GPIO and drive the light on and off function realizing LED.
In embodiment provided by the present invention, encryption certification device also includes power management module and download interface.Wherein, power management module provides electricity support with the modules thinking this encryption certification device.Download interface is the firmware in order to update the close algorithm for encryption chip of state, realizes the upgrading of encryption certification device with this.
Fig. 4 is in one embodiment of the present of invention, and distribution terminal uses the framework map of wireless serial communication.Encryption certification device for distribution terminal serial communication is deployed between distribution terminal and wireless communication unit, is attached respectively through serial ports.The safe distribution of electric power interactive gateway of distribution main website side is responsible for realizing secure communication with encryption certification device by the safe distribution of electric power communication protocol based on IEC104 stipulations, and communication process mainly includes session key agreement and communicates with data encryption two processes.Wherein, session key agreement process is based on the application protocol of 104 stipulations, both sides' exchange, with the random number of private key signature, by using public key verifications signature to reach checking the other side's identity, specifies the session key of symmetric key algorithm for coded communication by related algorithm structure.In data encryption communication process, on the one hand, encryption certification device obtains distribution terminal by serial ports and is sent to the communication data of distribution main website, uses session key to constructing new communication data packet after encryption of communicated data, sends distribution main website front end processor to by wireless communication unit;On the other hand, encryption certification device receives the encrypted packets from distribution main website front end processor that wireless communication unit transmits, and sends packet to distribution terminal by serial ports again after deciphering.Specifically include following steps:
S1, after distribution main website front end processor and distribution terminal are set up and be connected, encryption certification device and safe distribution of electric power interactive gateway adopt unsymmetrical key to perform two-way authentication and conversate key agreement, it is achieved verify the two-way authentication of the other side's identity.
Encryption certification device and distribution main website front end processor employing unsymmetrical key consulting session key, it is achieved the two-way authentication of checking the other side's identity, specifically include following steps:
S11, encryption certification device generates unsymmetrical key pair when initializing, and derives certificate request, after grant a certificate, public key certificate imports safe distribution of electric power interactive gateway.
Encryption certification device is first carried out its initialization driving hardware by main control chip after the power-up, to meet communication and the control of main control chip and other chips (module), after completing the initialization that all hardware drives, read the configuration information in memory module, start serial communication interface is carried out the configuration of serial communication information, including baud rate, the configuration of the continuous items such as check code.Afterwards, it is that the close algorithm for encryption chip of state powers on by power management module, generates unsymmetrical key pair, derive certificate request, after grant a certificate, import safe distribution of electric power interactive gateway.Wherein, in embodiment provided by the present invention, the close algorithm for encryption chip internal of state contains SM2 rivest, shamir, adelman, SM3 hashing algorithm, SM4 symmetric encipherment algorithm, supports other algorithms such as generating random number simultaneously.The carrier of PKI is certificate, it is possible to according to the safety of certificate chain and definitiveness, ensures that certificate information cannot be tampered, and can also judge that when expired certificate is, it is ensured that the safety of PKI itself simultaneously.
S12, imports to the PKI of the public key certificate of safe distribution of electric power interactive gateway and distribution main website unilateral authentication in encryption certification device.
It is after the close algorithm for encryption chip of state powers on by power management module, the information such as the key needed for close for state algorithm for encryption chip are sent to the close algorithm for encryption chip of state by main control chip, in embodiment provided by the present invention, main control chip obtains the public key certificate of safe distribution of electric power interactive gateway and the PKI of distribution main website unilateral authentication from memory element, is imported to by the PKI of the public key certificate of safe distribution of electric power interactive gateway and distribution main website unilateral authentication in the close algorithm for encryption certification device of state.So that during post-session key agreement, it is achieved the two-way authentication to the other side's identity.
S13, distribution main website front end processor is set up TCP with distribution terminal and is connected, after safe distribution of electric power interactive gateway detects TCP connection establishment, start the negotiations process of session key agreement, generate " consulting request " message selecting information with random number and symmetric key algorithm, and use the private key of safe distribution of electric power interactive gateway that this message is signed, then connect by the TCP set up and send " consulting request " message to distribution terminal.
S14, after encryption certification device intercepts and captures " consulting request " message, start session key agreement state machine and start negotiations process, use the PKI in the public key certificate of safe distribution of electric power interactive gateway that " consulting request " message is carried out signature verification at the close algorithm for encryption chip of state, then " consulting response " message with random number is generated, and use the private key signature encrypting certification device, then connect by the TCP set up and send message to distribution main website.
S15, after safe distribution of electric power interactive gateway intercepts and captures " consulting response " message, " consulting response " message is carried out signature verification by the PKI using encryption certification device, then " consulting successfully " message is generated, and use the private key signature of safe distribution of electric power interactive gateway, then connect by the TCP set up and send " consulting successfully " message to distribution terminal;
S16, after encryption certification device intercepts and captures " consulting successfully " message, use the PKI in the public key certificate of safe distribution of electric power interactive gateway that " consulting successfully " message is carried out signature verification at the close algorithm for encryption chip of state, complete safe distribution of electric power interactive gateway end session key agreement process;
S17, generates " consulting request " message with random number at encryption certification device;According to the processing procedure of step S13~S16, encryption certification device completes session key agreement process, utilizes two the generating random number session keys consulting to obtain.Wherein, utilizing two the generating random number session keys consulting to obtain is by two randoms number are brought into key-function, produces session key.
S2, it is encrypted communication by session key, the message information after safe distribution of electric power interactive gateway is encrypted receiving the front end processor transmission of distribution main website is decrypted by encryption certification device according to the symmetric key algorithm consulted, then by serial ports, the plaintext message generated after deciphering is sent to distribution terminal;Use unilateral authentication private key signature information, encryption certification device to use the unilateral authentication public key verifications signature of distribution main website if message expressly comprises distribution main website, more former message is sent to distribution terminal through serial ports;Encryption certification device by serial ports receive distribution terminal message information, use session key message is encrypted, recombinate after be sent to distribution main website front end processor.Wherein, session key is symmetric key, has greatly accelerated the time of encryption certification device encryption/deciphering, has improve communication efficiency.
The session key constructed through consultation is encrypted communication, after communication event triggers, serial ports receives the reception relief area of main control chip in the data feeding encryption certification device that serial ports can be received by interruption, the inspection of a frame message is carried out in receiving relief area, after determining a frame complete message, type of message is judged, is sent to the close algorithm for encryption chip of state when message information is communication message or electric power special encryption chip is encrypted/decryption processing.When encryption, certification device receives is with the message information of electric power proprietary algorithm processes, or when needing the message information by electric power proprietary algorithm processes, the electric power special encryption chip being sent to close certification device is encrypted/decryption processing by message information, and the message information after encryption/decryption process returns the main control chip of encryption certification device.What receive when encryption certification device is the message information of non-electricity proprietary algorithm processes, or when needing the message information by electric power proprietary algorithm processes, close for the state being sent to close certification device algorithm for encryption chip is encrypted/decryption processing by message information, and the message information after encryption/decryption process returns the main control chip of encryption certification device.When message information is for management message, the configuration of encryption certification device is updated by management message.
In embodiment provided by the present invention, management message is sent by safe distribution of electric power interactive gateway, after receiving management message, encryption certification device uses session key that management message is decrypted process, and according to the information obtained after deciphering, configuration information is write configuration file, the global variable of simultaneously refreshed configuration, updates the duty of encryption certification device with this.The state value configured is returned to safe distribution of electric power interactive gateway by finally structure management message.
S3, sets time threshold, after using the session key call duration time threshold value time of advent, repeats step S1~S2.
Set time threshold according to demand, between when in communication after time of advent threshold value, re-start the session key agreement between encryption certification device and safe distribution of electric power interactive gateway, then coded communication is re-established according to the session key consulted, it is achieved the secure communication between distribution terminal and distribution main website front end processor.So can avoid owing to using identical symmetric key to make communications security reduce for a long time, can also avoid well using unsymmetrical key to be encrypted/decipher problem consuming time continually, the safety of communication under the premise ensureing communication efficiency, can be ensured well.
In sum, encryption certification device for distribution terminal serial communication provided by the present invention, is deployed between distribution terminal and communication unit, is attached respectively through serial ports, encryption certification device is separated from inside distribution terminal, it is to avoid consumption to distribution terminal internal memory.Encryption certification device adopts special encryption chip, promotes response speed, and reduces the dependence to CPU and internal memory.It addition, encryption certification device and safe distribution of electric power interactive gateway adopt unsymmetrical key, perform two-way authentication and conversate key agreement, it is achieved the two-way authentication of checking the other side's identity;After session key agreement, use the symmetric key consulted and symmetric key algorithm to be encrypted/decryption processing, greatly accelerated the time of encryption certification device encryption/deciphering, improve communication efficiency.Even if ciphertext message is intercepted, it is also difficult to crack.In addition, the carrier of PKI is certificate, it is possible to according to the safety of certificate chain and definitiveness, ensures that certificate information cannot be tampered, and can also judge that when expired certificate is, it is ensured that the safety of PKI itself simultaneously.
Above the encryption certification devices and methods therefor for distribution terminal serial communication provided by the present invention is described in detail.For one of ordinary skill in the art, any apparent change under the premise without departing substantially from true spirit, it done, all by composition to infringement of patent right of the present invention, corresponding legal responsibility will be undertaken.
Claims (10)
1., for an encryption certification device for distribution terminal serial communication, it is deployed between distribution terminal and communication unit, it is characterised in that include main control chip, the close algorithm for encryption chip of state, external interface, LED display module and memory module;
Wherein, described main control chip is connected with described state close algorithm for encryption chip, described external interface, described LED display module and described memory module respectively, for receiving distribution main website front end processor and the message information of described distribution terminal, other modules are managed as a whole;
The message information that described main control chip is received by described state close algorithm for encryption chip is encrypted/decryption processing.
2. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that:
Described main control chip includes driving layer, functional interface layer and function logic layer;Described function logic layer obtains the message information of distribution main website front end processor or distribution terminal, found the module of correspondence by the corresponding interface of described functional interface layer according to process demand after being analyzed, processed by corresponding driving of described driving layer, the message information after process is sent to by serial ports distribution terminal or distribution main website front end processor.
3. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that:
The close algorithm for encryption chip of described state includes mastery routine, mh, mode interface routine, cryptographic algorithm driver, SPI communication driver and serial communication driver;
When message information is sent to the close algorithm for encryption chip of described state by described main control chip, described state close algorithm for encryption chip interrupts obtaining described message information by the reception of described SPI communication driver, it is sent to described mastery routine, described message information is sent to described mh according to type and resolves according to structure by described mastery routine, message information after parsing is sent to described cryptographic algorithm driver and is encrypted/decryption processing, after encrypt/having deciphered, message information is sent back to described mh and carries out organized processing, then described mastery routine is beamed back, described mastery routine is called described SPI communication driver and message information is sent back to described main control chip.
4. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that:
The PKI of described memory module public key certificate and distribution main website unilateral authentication in order to preserve safe distribution of electric power interactive gateway;
When message information is sent to described main control chip by safe distribution of electric power interactive gateway, the sender of described message information is carried out authentication by the PKI of described distribution main website unilateral authentication by described state close algorithm for encryption chip, by the public key certificate of described safe distribution of electric power interactive gateway to the key agreement that conversates.
5. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that also include electric power special encryption chip;
When described main control chip receives the message information with electric power proprietary algorithm processes, message information will be sent to described electric power special encryption chip and be encrypted/decryption processing, and the message information after encryption/decryption process is returned described main control chip.
6. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that:
Described LED display module shows main control chip, state close algorithm for encryption chip and the current operating state of described electric power special encryption chip by the switch of LED, it is determined that whether described main control chip, described state close algorithm for encryption chip and described electric power special encryption chip correctly run.
7. the encryption certification device for distribution terminal serial communication as claimed in claim 1, it is characterised in that also include RTC clock module and watchdog module;
Described RTC clock module is connected with described main control chip by iic bus, it is provided that current time;
Message information is sent to described RTC clock module by the RTC clock interface of functional interface layer by described main control chip;
Described watchdog module is connected with described main control chip, and message information is sent to described watchdog module by the house dog interface of functional interface layer by described main control chip, calls the GPIO driving driving layer and interacts with watchdog reset circuit, it is achieved exceptional reset.
8., for an encryption and authentication method for distribution terminal serial communication, realize based on the encryption certification device described in any one in claim 1~7, it is characterised in that comprise the steps:
S1, encryption certification device and safe distribution of electric power interactive gateway adopt unsymmetrical key to perform two-way authentication and conversate key agreement;
S2, is encrypted communication by session key, and encryption certification device is sent to distribution terminal by serial ports after being decrypted by the message information receiving distribution main website front end processor;Received the message information of distribution terminal by serial ports, after being encrypted, be sent to distribution main website front end processor;
S3, sets time threshold, between when in communication after time of advent threshold value, repeats step S1~S2.
9. the encryption and authentication method for distribution terminal serial communication as claimed in claim 8, it is characterized in that in step sl, described encryption certification device and distribution main website front end processor adopt unsymmetrical key to perform two-way authentication and conversate key agreement, comprise the steps:
S11, encryption certification device generates unsymmetrical key pair when initializing, and derives certificate request, after grant a certificate, public key certificate imports safe distribution of electric power interactive gateway;
S12, imports to the PKI of the public key certificate of safe distribution of electric power interactive gateway and distribution main website unilateral authentication in encryption certification device;
S13, safe distribution of electric power interactive gateway generates " consulting request " message with random number, uses the private key of safe distribution of electric power interactive gateway that described " consulting request " message is signed, and is sent to distribution terminal;
S14, encryption certification device intercepts and captures " consulting request " message, use the PKI in safe distribution of electric power interactive gateway public key certificate that " consulting request " message is carried out signature verification, generate " consulting response " message with random number, the private key using encryption certification device is signed, and is sent to distribution main website;
S15, safe distribution of electric power interactive gateway intercepts and captures " consulting response " message, uses the PKI of encryption certification device that " consulting response " message is carried out signature verification, generates " consulting successfully " message, the private key using safe distribution of electric power interactive gateway is signed, and is sent to distribution terminal;
S16, encryption certification device intercepts and captures " consulting successfully " message, uses the PKI in safe distribution of electric power interactive gateway public key certificate that " consulting successfully " message is carried out signature verification, completes safe distribution of electric power interactive gateway end session key agreement process;
S17, generates " consulting request " message with random number at encryption certification device;According to the processing procedure of step S13~S16, encryption certification device completes session key agreement process, utilizes two the generating random number session keys consulting to obtain.
10. the encryption and authentication method for distribution terminal serial communication as claimed in claim 8, it is characterised in that:
In step s 2, when being encrypted communication by session key, in encryption certification device, serial ports receives the reception relief area of the data feeding main control chip that serial ports can be received by interruption, the inspection of a frame message is carried out in receiving relief area, after determining and receiving a frame complete message, type of message is judged, is sent to encryption chip when message information is communication message and is encrypted/decryption processing, when message information is for management message, the configuration of encryption certification device is updated by management message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610073649.5A CN105763542A (en) | 2016-02-02 | 2016-02-02 | Device and method of encryption and authentication for distribution terminal serial port communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610073649.5A CN105763542A (en) | 2016-02-02 | 2016-02-02 | Device and method of encryption and authentication for distribution terminal serial port communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105763542A true CN105763542A (en) | 2016-07-13 |
Family
ID=56329620
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610073649.5A Pending CN105763542A (en) | 2016-02-02 | 2016-02-02 | Device and method of encryption and authentication for distribution terminal serial port communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105763542A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
| CN107257250A (en) * | 2017-07-28 | 2017-10-17 | 国网江苏省电力公司南京供电公司 | A kind of electric power wireless communication terminal based on Micro USB interfaces |
| CN107920089A (en) * | 2017-12-28 | 2018-04-17 | 国电南瑞科技股份有限公司 | A kind of intelligent network lotus interactive terminal protecting information safety authentication encryption method |
| CN108667545A (en) * | 2018-04-17 | 2018-10-16 | 迈普通信技术股份有限公司 | A kind of serial ports bandwidth synchronous method and device |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN109194490A (en) * | 2018-09-21 | 2019-01-11 | 南京蓝途电力自动化有限公司 | A kind of Distribution Network Communication security certification system and method |
| CN109492359A (en) * | 2018-10-11 | 2019-03-19 | 海南新软软件有限公司 | A kind of secure network middleware and its implementation and device for authentication |
| CN109495499A (en) * | 2018-12-13 | 2019-03-19 | 南京国电南自电网自动化有限公司 | Communication protocol bi-directional verification automated test tool and method based on Encryption Algorithm |
| CN109560928A (en) * | 2018-12-03 | 2019-04-02 | 西安沣源智能装备科技有限公司 | A kind of encryption method based on state's net cryptographic protocol |
| CN109902478A (en) * | 2019-03-27 | 2019-06-18 | 公安部交通管理科学研究所 | A kind of safety control and control method of automotive number plate making apparatus |
| CN110176996A (en) * | 2019-06-25 | 2019-08-27 | 南方电网科学研究院有限责任公司 | A kind of safety device of power distribution network terminal |
| CN110365505A (en) * | 2018-04-09 | 2019-10-22 | 中国电力科学研究院有限公司 | A kind of general network shape of the mouth as one speaks power dispatching data communication device and control method |
| CN110377272A (en) * | 2019-06-21 | 2019-10-25 | 深圳市元征科技股份有限公司 | A kind of implementation method and device of the SDK based on TBOX |
| CN110493247A (en) * | 2019-08-29 | 2019-11-22 | 南方电网科学研究院有限责任公司 | A kind of distribution terminal communication check method, system, equipment and computer media |
| CN110958224A (en) * | 2019-11-05 | 2020-04-03 | 郑州信大捷安信息技术股份有限公司 | Remote serial port debugging system and method |
| CN111600828A (en) * | 2019-02-20 | 2020-08-28 | 中国电力科学研究院有限公司 | Communication assembly |
| CN112003697A (en) * | 2020-08-25 | 2020-11-27 | 成都卫士通信息产业股份有限公司 | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium |
| CN112270020A (en) * | 2020-10-27 | 2021-01-26 | 江苏方天电力技术有限公司 | Terminal equipment safety encryption device based on safety chip |
| CN112367165A (en) * | 2020-10-19 | 2021-02-12 | 珠海格力电器股份有限公司 | Serial port communication method and device, electronic equipment and computer readable medium |
| CN112953937A (en) * | 2021-02-20 | 2021-06-11 | 云南电网有限责任公司电力科学研究院 | End-to-end secure communication system for electric power trusted computing platform communication |
| CN113595758A (en) * | 2021-06-18 | 2021-11-02 | 国网浙江省电力有限公司电力科学研究院 | Fault positioning method under encrypted communication of transformer substation |
| CN113904792A (en) * | 2021-08-25 | 2022-01-07 | 北京国泰网信科技有限公司 | Power grid regulation and control information encryption transmission method based on state cryptographic algorithm |
| CN114745137A (en) * | 2022-05-10 | 2022-07-12 | 山东鲁软数字科技有限公司 | Method for realizing secure communication and block link Internet of things agent device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
| CN202372970U (en) * | 2011-12-28 | 2012-08-08 | 广州龙之杰科技有限公司 | Chip with encryption and data storage functions |
| CN203352292U (en) * | 2013-06-30 | 2013-12-18 | 安徽中兴继远信息技术股份有限公司 | Power distribution network monitoring automation system having encryption function |
| CN103475464A (en) * | 2013-08-20 | 2013-12-25 | 国家电网公司 | Power special quantum encryption gateway system |
| CN103888444A (en) * | 2014-02-24 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Distribution safety authentication device and method |
| CN104579679A (en) * | 2014-12-10 | 2015-04-29 | 国家电网公司 | Wireless public network data forwarding method for rural power distribution network communication equipment |
-
2016
- 2016-02-02 CN CN201610073649.5A patent/CN105763542A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
| CN202372970U (en) * | 2011-12-28 | 2012-08-08 | 广州龙之杰科技有限公司 | Chip with encryption and data storage functions |
| CN203352292U (en) * | 2013-06-30 | 2013-12-18 | 安徽中兴继远信息技术股份有限公司 | Power distribution network monitoring automation system having encryption function |
| CN103475464A (en) * | 2013-08-20 | 2013-12-25 | 国家电网公司 | Power special quantum encryption gateway system |
| CN103888444A (en) * | 2014-02-24 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Distribution safety authentication device and method |
| CN104579679A (en) * | 2014-12-10 | 2015-04-29 | 国家电网公司 | Wireless public network data forwarding method for rural power distribution network communication equipment |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
| CN107018134B (en) * | 2017-04-06 | 2020-11-06 | 北京国电通网络技术有限公司 | Power distribution terminal safety access platform and implementation method thereof |
| CN107257250A (en) * | 2017-07-28 | 2017-10-17 | 国网江苏省电力公司南京供电公司 | A kind of electric power wireless communication terminal based on Micro USB interfaces |
| CN107920089A (en) * | 2017-12-28 | 2018-04-17 | 国电南瑞科技股份有限公司 | A kind of intelligent network lotus interactive terminal protecting information safety authentication encryption method |
| CN110365505A (en) * | 2018-04-09 | 2019-10-22 | 中国电力科学研究院有限公司 | A kind of general network shape of the mouth as one speaks power dispatching data communication device and control method |
| CN110365505B (en) * | 2018-04-09 | 2024-03-22 | 中国电力科学研究院有限公司 | Universal network port type distribution data communication device and control method |
| CN108667545A (en) * | 2018-04-17 | 2018-10-16 | 迈普通信技术股份有限公司 | A kind of serial ports bandwidth synchronous method and device |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN109194490A (en) * | 2018-09-21 | 2019-01-11 | 南京蓝途电力自动化有限公司 | A kind of Distribution Network Communication security certification system and method |
| CN109194490B (en) * | 2018-09-21 | 2021-09-03 | 南京蓝途电力自动化有限公司 | Power distribution network communication security authentication system and method |
| CN109492359A (en) * | 2018-10-11 | 2019-03-19 | 海南新软软件有限公司 | A kind of secure network middleware and its implementation and device for authentication |
| CN109492359B (en) * | 2018-10-11 | 2021-05-18 | 海南新软软件有限公司 | Secure network middleware for identity authentication and implementation method and device thereof |
| CN109560928A (en) * | 2018-12-03 | 2019-04-02 | 西安沣源智能装备科技有限公司 | A kind of encryption method based on state's net cryptographic protocol |
| CN109495499B (en) * | 2018-12-13 | 2021-10-22 | 南京国电南自电网自动化有限公司 | Encryption algorithm-based communication protocol bidirectional verification automatic test tool and method |
| CN109495499A (en) * | 2018-12-13 | 2019-03-19 | 南京国电南自电网自动化有限公司 | Communication protocol bi-directional verification automated test tool and method based on Encryption Algorithm |
| CN111600828A (en) * | 2019-02-20 | 2020-08-28 | 中国电力科学研究院有限公司 | Communication assembly |
| CN109902478A (en) * | 2019-03-27 | 2019-06-18 | 公安部交通管理科学研究所 | A kind of safety control and control method of automotive number plate making apparatus |
| CN110377272A (en) * | 2019-06-21 | 2019-10-25 | 深圳市元征科技股份有限公司 | A kind of implementation method and device of the SDK based on TBOX |
| CN110176996A (en) * | 2019-06-25 | 2019-08-27 | 南方电网科学研究院有限责任公司 | A kind of safety device of power distribution network terminal |
| CN110493247A (en) * | 2019-08-29 | 2019-11-22 | 南方电网科学研究院有限责任公司 | A kind of distribution terminal communication check method, system, equipment and computer media |
| CN110958224A (en) * | 2019-11-05 | 2020-04-03 | 郑州信大捷安信息技术股份有限公司 | Remote serial port debugging system and method |
| CN112003697B (en) * | 2020-08-25 | 2023-09-29 | 成都卫士通信息产业股份有限公司 | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium |
| CN112003697A (en) * | 2020-08-25 | 2020-11-27 | 成都卫士通信息产业股份有限公司 | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium |
| CN112367165A (en) * | 2020-10-19 | 2021-02-12 | 珠海格力电器股份有限公司 | Serial port communication method and device, electronic equipment and computer readable medium |
| CN112270020A (en) * | 2020-10-27 | 2021-01-26 | 江苏方天电力技术有限公司 | Terminal equipment safety encryption device based on safety chip |
| CN112270020B (en) * | 2020-10-27 | 2022-06-21 | 江苏方天电力技术有限公司 | Terminal equipment safety encryption device based on safety chip |
| CN112953937A (en) * | 2021-02-20 | 2021-06-11 | 云南电网有限责任公司电力科学研究院 | End-to-end secure communication system for electric power trusted computing platform communication |
| CN113595758A (en) * | 2021-06-18 | 2021-11-02 | 国网浙江省电力有限公司电力科学研究院 | Fault positioning method under encrypted communication of transformer substation |
| CN113595758B (en) * | 2021-06-18 | 2024-05-14 | 国网浙江省电力有限公司电力科学研究院 | Fault positioning method under encrypted communication of transformer substation |
| CN113904792A (en) * | 2021-08-25 | 2022-01-07 | 北京国泰网信科技有限公司 | Power grid regulation and control information encryption transmission method based on state cryptographic algorithm |
| CN113904792B (en) * | 2021-08-25 | 2023-08-15 | 北京国泰网信科技有限公司 | Power grid regulation information encryption transmission method based on national encryption algorithm |
| CN114745137A (en) * | 2022-05-10 | 2022-07-12 | 山东鲁软数字科技有限公司 | Method for realizing secure communication and block link Internet of things agent device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105763542A (en) | Device and method of encryption and authentication for distribution terminal serial port communication | |
| CN105871873A (en) | Security encryption authentication module for power distribution terminal communication and method thereof | |
| CN205490665U (en) | Thing networking systems's communication device | |
| CN102111265B (en) | Method for encrypting secure chip of power system acquisition terminal | |
| CN105610706B (en) | A kind of intelligent gateway platform of internet of things oriented control system | |
| CN112073375A (en) | Isolation device and isolation method suitable for power Internet of things client side | |
| CN101056166B (en) | A method for improving the data transmission security | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| CN102571340A (en) | Certificate authentication device as well as access method and certificate update method thereof | |
| EP2937806A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| CN111711686A (en) | Safety protection method based on power distribution terminal | |
| CN110035058B (en) | Resource request method, device and storage medium | |
| CN110149209A (en) | Internet of things equipment and its method and apparatus of improve data transfer safety | |
| CN114448727B (en) | Information processing method and system based on industrial internet identification analysis system | |
| US20210144130A1 (en) | Method for securing communication without management of states | |
| CN107181716A (en) | A kind of secure communication of network system and method based on national commercial cipher algorithm | |
| CN110300108A (en) | A kind of power distribution automation message encryption transmission method, system, terminal and storage medium | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| US20190026478A1 (en) | Vehicle secure communication method and apparatus, vehicle multimedia system, and vehicle | |
| CN113170291A (en) | Method and apparatus for secure communication | |
| CN107241291A (en) | Internet of Things network security access device, internet-of-things terminal equipment and Internet of things system | |
| CN109756451B (en) | Information interaction method and device | |
| CN102158856A (en) | Mobile terminal identification code authentication system and method, server and terminal | |
| CN205539494U (en) | Safe beiDou navigation satellite system chip | |
| CN112367664A (en) | Method and device for safely accessing external equipment to intelligent electric meter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| CB03 | Change of inventor or designer information |
Inventor after: Liu Shuai Inventor after: Dai Ergang Inventor after: Yang Fengwen Inventor after: Kang Wenwen Inventor after: Sun Baofeng Inventor after: Wang Xuhao Inventor after: Zhang Kai Inventor after: Shao Lisong Inventor after: Ma Li Inventor after: Liang Ye Inventor after: Gao Minghui Inventor after: Fang Mu Inventor after: Gu Fengqiang Inventor after: Duo Zhilin Inventor after: Ma Ming Inventor after: Ran Linan Inventor after: Chen Ning Inventor after: Guan Ti Inventor after: Liu Yong Inventor after: Wang Chuanyong Inventor after: Han Peng Inventor after: Zhang Jian Inventor after: Wang Kun Inventor before: Liu Shuai Inventor before: Sun Baofeng Inventor before: Wang Xuhao Inventor before: Zhang Kai Inventor before: Shao Lisong Inventor before: Ma Li Inventor before: Liang Ye Inventor before: Gao Minghui Inventor before: Gu Fengqiang Inventor before: Duo Zhilin Inventor before: Ma Ming Inventor before: Chen Ning Inventor before: Ran Linan Inventor before: Wang Chuanyong Inventor before: Han Peng Inventor before: Zhang Jian Inventor before: Wang Kun Inventor before: Dai Ergang Inventor before: Yang Fengwen Inventor before: Kang Wenwen |
|
| CB03 | Change of inventor or designer information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170329 Address after: 100033 West Chang'an Avenue, Beijing, No. 86, No. Applicant after: State Grid Corporation of China Applicant after: State Grid Shandong Electric Power Company Applicant after: Zaozhuang Power Supply Company of State Grid Shandong Electric Power Company Applicant after: Nanjing Nari Co., Ltd. Applicant after: Beijing Kedong Power Control System Co., Ltd. Address before: 100033 West Chang'an Avenue, Beijing, No. 86, No. Applicant before: State Grid Corporation of China Applicant before: Zaozhuang Power Supply Company of State Grid Shandong Electric Power Company Applicant before: Nanjing Nari Co., Ltd. Applicant before: Beijing Kedong Power Control System Co., Ltd. |
|
| TA01 | Transfer of patent application right | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160713 |
|
| RJ01 | Rejection of invention patent application after publication |