CN108809645A - The method, apparatus and electrical power distribution automatization system of key agreement - Google Patents

The method, apparatus and electrical power distribution automatization system of key agreement Download PDF

Info

Publication number
CN108809645A
CN108809645A CN201810820303.6A CN201810820303A CN108809645A CN 108809645 A CN108809645 A CN 108809645A CN 201810820303 A CN201810820303 A CN 201810820303A CN 108809645 A CN108809645 A CN 108809645A
Authority
CN
China
Prior art keywords
distribution
identity
random number
key
main website
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810820303.6A
Other languages
Chinese (zh)
Inventor
索思亮
蔡田田
习伟
匡晓云
姚浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
Research Institute of Southern Power Grid Co Ltd
Original Assignee
Research Institute of Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Research Institute of Southern Power Grid Co Ltd filed Critical Research Institute of Southern Power Grid Co Ltd
Priority to CN201810820303.6A priority Critical patent/CN108809645A/en
Publication of CN108809645A publication Critical patent/CN108809645A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of cryptographic key negotiation methods of the distribution main website applied to electrical power distribution automatization system, it can be after the completion of bidirectional identity authentication, obtain identity and the random number of distribution terminal, and working key is generated according to identity, random number and root key, and it will be sent to distribution terminal using the control instruction of working key encryption, in order to which distribution terminal decrypts control instruction and returns to response message to complete key agreement.As it can be seen that the working key in the present invention is according to identity and generating random number, and in different conversation procedures, random number is different, therefore working key is also different, therefore is not easy to be cracked by unauthorized person, substantially increases the safety of electrical power distribution automatization system.Correspondingly, the cryptographic key negotiation method and device, also a kind of electrical power distribution automatization system, effect the present invention also provides a kind of key agreement device and applied to distribution terminal are corresponding with the effect of the above method.

Description

The method, apparatus and electrical power distribution automatization system of key agreement
Technical field
The present invention relates to Distribution Automation Technology field, more particularly to the method, apparatus and distribution of a kind of key agreement are certainly Dynamicization system.
Background technology
In recent years, as the increasing of dynamics is built in national distribution, power distribution network is responsible for more and more important in the power system Function, as the important link for directly contacting user terminal, its safety whether, is directly related to power supply quality and ability, also shadow Ring the sound development to national economy.
On December 23rd, 2015, hacker initiate network attack to Ukraine's electric system, lead to Yi Wannuo-Franco husband This gram of regional occurrence of large-area has a power failure;On January 4th, 2016, information security company iSight Partners declarations have been achieved with use This is caused to play the malicious code of large-area power-cuts, current event is stopping caused by hacker attack for first public report Electrification, it is considered to be the milestone in power grid security protection history.
This time accident causes the very big attention of grid company, also puts on the communication security of distribution automation system more important Schedule.China's power train is unified to safety problem is paid attention to, and has formulated " security partitioning, network-specific, lateral isolation, longitudinal direction in early days Security information for power system is placed in electric power development by the information security principle of certification " as security information for power system problem becomes increasingly conspicuous Critical positions.
With the further construction and the development of wireless communication technique of various regions distribution automation system, using public network or specially Net communication comes transmission distribution network control instruction and information and gradually shows substitution special optic fibre communication line Trend.For communication because its erection is of low cost, construction speed is very fast and is more and more applied.But meanwhile nothing Line communication mode, especially public network communication are easier to be attacked by from public network compared to other means of communication It hitting, security risk is increased to distribution automation system, hacker steals power sensitive data by attack wireless public communication network, Main website is even invaded by secondary terminal, control main website and forges control instruction, to cause the accident of large-area power-cuts.
To solve public network safety problem, distribution automation system is equipped with peace between distribution main website and distribution terminal Full protection equipment farthest ensures that distribution network packet is avoided by third party using the safety method based on cryptographic technique Malicious attack.It can be seen that safety protection equipment plays an important role to the information security of distribution automation, according to deployment Position difference is divided into distribution main website safety protection equipment and distribution terminal safety protection equipment.
But the key of safety protection equipment and certificate are formed in equipment in advance when equipment is issued, work When by bidirectional identity authentication after, transmit information for generating working key and calculate and generate pairing work key, and this is matched To working key remain unchanged for a long time, there are the larger security risks for being ravesdropping and attacking, and there is an urgent need for close by new work Key machinery of consultation prevents security breaches.
As it can be seen that the possibility that the working key of conventional electrical distribution automated system is stolen is larger, lead to power distribution automation system Safety of uniting is relatively low.
Invention content
The object of the present invention is to provide a kind of cryptographic key negotiation method, device and electrical power distribution automatization systems, to solve tradition The working key of electrical power distribution automatization system is easy to be stolen, the problem for causing electrical power distribution automatization system safety relatively low.
In order to solve the above technical problems, the present invention provides a kind of method of key agreement, it is applied to power distribution automation system The distribution main website of system, including:
In response to the completion of bidirectional identity authentication, sent to distribution terminal the identity for obtaining the distribution terminal and with The request of machine number;
Receive the identity and random number that the distribution terminal is sent;
According to the identity, the random number and the root key to prestore, working key is determined;
It determines and controls the control instruction that the distribution terminal is switched to normal mode of operation, and utilize the working key pair The control instruction is encrypted;
It will be sent to the distribution terminal by the encrypted control instruction, described in distribution terminal decryption Control instruction simultaneously returns to response message to complete key agreement.
Wherein, it in the completion in response to bidirectional identity authentication, is sent to distribution terminal and obtains the distribution terminal Before identity and the request of random number, including:
In response to the formation of communication link, pair for the digital signature for including the distribution main website is sent to the distribution terminal To ID authentication request, in order to which the distribution terminal carries out the distribution main website according to the digital certificate of the distribution main website Certification;
Receive the authentication confirmation message for the digital signature including the distribution terminal that the distribution terminal is sent;
The distribution terminal is authenticated according to the digital certificate of the distribution terminal, to complete bidirectional identity authentication.
Wherein, the completion in response to bidirectional identity authentication sends the body for obtaining the distribution terminal to distribution terminal Part mark and the request of random number include:
In response to the completion of bidirectional identity authentication, the identity that the distribution terminal is obtained from the distribution terminal is determined With the request of random number;
The request is encrypted using the public key of the distribution terminal to prestore;
It is sent to the distribution terminal and passes through the encrypted request.
Wherein, the identity for receiving the distribution terminal transmission and random number include:
Receive the identity being encrypted using the public key of the distribution main website that the distribution terminal is sent and random Number;
Using the private key of the distribution main website to prestore to being carried out by the encrypted identity and the random number Decryption.
Correspondingly, the present invention also provides a kind of device of key agreement, it is applied to the distribution master of electrical power distribution automatization system It stands, including:
The request sending module of identity and random number:For the completion in response to bidirectional identity authentication, to distribution end End sends the request of the identity and random number that obtain the distribution terminal;
Identity and random number receiving module:For receiving the identity and random number that the distribution terminal is sent;
Working key determining module:For according to the identity, the random number and the root key to prestore, really Determine working key;
The control instruction determining module of switching working mode:For determining that controlling the distribution terminal is switched to normal work The control instruction of pattern, and the control instruction is encrypted using the working key;
Control instruction sending module:It is sent to the distribution terminal for the encrypted control instruction will to be passed through, so as to The control instruction is decrypted in the distribution terminal and returns to response message to complete key agreement.
In addition, the present invention also provides a kind of method of key agreement, it is applied to the distribution terminal of electrical power distribution automatization system, Including:
The request for receiving acquisition identity and random number that distribution main website is sent determines identity and generates random Number;
According to the random number and the terminal key to prestore, working key is determined;
The identity and the random number are sent to the distribution main website, in order to which distribution main website return is cut Change to normal mode of operation and pass through encrypted control instruction;
The control instruction is received, and judges the control instruction can be decrypted using the working key;
If can decrypt, it is switched to the normal mode of operation, and response message is sent to the distribution main website, with complete At key agreement.
Wherein, described to receive acquisition identity that distribution main website is sent and the request of random number includes:
Receive acquisitions identity that distribution main website is sent and random number and the process distribution terminal public key adds Close request;
The request is decrypted using the private key of the distribution terminal to prestore.
Wherein, described the identity and the random number are sent to the distribution main website to include:
The identity and the random number are encrypted using the public key of the distribution main website to prestore;
The encrypted identity will be passed through and the random number is sent to the distribution main website.
Correspondingly, the present invention also provides a kind of device of key agreement, the distribution for being applied to electrical power distribution automatization system is whole End, including:
The request receiving module of identity and random number:For receive acquisition identity that distribution main website is sent and The request of random number determines identity and generates random number;
Working key determining module:For according to the random number and the terminal key to prestore, determining working key;
Identity and random number sending module:For the identity and the random number to be sent to the distribution Main website, in order to the distribution main website return be switched to normal mode of operation and pass through encrypted control instruction;
The control instruction receiving module of switching working mode:For receiving the control instruction, and judge that institute can be utilized Working key is stated the control instruction is decrypted;
Response message sending module:If for that can decrypt, it is switched to the normal mode of operation, and to the distribution Main website sends response message, to complete key agreement.
Finally, the present invention also provides a kind of electrical power distribution automatization system, including distribution main website and distribution terminal, the distribution The first computer program is preserved in main website, and application as described above is realized when first computer program is executed by processor In the method for the key agreement of the distribution main website of electrical power distribution automatization system the step of;The second calculating is preserved on the distribution terminal Machine program realizes matching applied to electrical power distribution automatization system as described above when the second computer program is executed by processor The step of method of the key agreement of electric terminals.
A kind of cryptographic key negotiation method of distribution main website applied to electrical power distribution automatization system provided by the present invention, Neng Gou After the completion of bidirectional identity authentication, identity and the random number of distribution terminal are obtained, and according to identity, random number and Gen Mi Key generates working key, and will be sent to distribution terminal using the control instruction of working key encryption, in order to distribution terminal solution Close control instruction simultaneously returns to response message to complete key agreement.As it can be seen that the working key in the present invention is according to identity With generating random number, and in different conversation procedures, random number is different, therefore working key is also different, because This is not easy to be cracked by unauthorized person, substantially increases the safety of electrical power distribution automatization system.
Correspondingly, the present invention also provides a kind of key agreement device and applied to the key agreement side of distribution terminal Method and device also have a kind of electrical power distribution automatization system, and effect is corresponding with the effect of the above method, and which is not described herein again.
Description of the drawings
It, below will be to embodiment or existing for the clearer technical solution for illustrating the embodiment of the present invention or the prior art Attached drawing is briefly described needed in technology description, it should be apparent that, the accompanying drawings in the following description is only this hair Some bright embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of cryptographic key negotiation method embodiment with main website applied to electrical power distribution automatization system provided by the invention Implementation flow chart;
Fig. 2 is a kind of key agreement device embodiment with main website applied to electrical power distribution automatization system provided by the invention Structure diagram;
Fig. 3 is that a kind of cryptographic key negotiation method of distribution terminal applied to electrical power distribution automatization system provided by the invention is implemented The implementation flow chart of example;
Fig. 4 is a kind of knot of the key agreement device of distribution terminal applied to electrical power distribution automatization system provided by the invention Structure block diagram;
Fig. 5 is a kind of structure diagram of electrical power distribution automatization system provided by the invention.
Specific implementation mode
Core of the invention is to provide a kind of cryptographic key negotiation method, device and electrical power distribution automatization system, effectively reduces and matches The possibility that electric automation system working key is stolen, improves the safety of electrical power distribution automatization system.
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, shall fall within the protection scope of the present invention.
Below to a kind of cryptographic key negotiation method of distribution main website applied to electrical power distribution automatization system provided by the invention reality It applies example to be introduced, referring to Fig. 1, which includes:
Step S110:In response to the completion of bidirectional identity authentication, the body for obtaining the distribution terminal is sent to distribution terminal The request of part mark and random number.
Electrical power distribution automatization system includes distribution main website and distribution terminal, and distribution main website needs first before communicating with distribution terminal TCP connection is established, request is usually initiated the connection by distribution main website, in special circumstances, can also be initiated the connection and be asked by distribution terminal It asks.If TCP connection fails, follow-up interactive process stops, and waits for distribution main website or distribution terminal to re-initiate new TCP and connects It connects.
Specifically, after the completion of TCP connection, distribution main website and distribution terminal need to carry out bidirectional identity authentication, two-way body The flow of part certification can be specific as follows:
Step S101:Include the number of the distribution main website to distribution terminal transmission in response to the formation of communication link The bidirectional identity authentication request of word signature, in order to which the distribution terminal is matched according to the digital certificate of the distribution main website to described Electric main website is authenticated.
Step S102:The authentication for receiving the digital signature including the distribution terminal that the distribution terminal is sent is true Recognize information.
Step S103:The distribution terminal is authenticated according to the digital certificate of the distribution terminal, it is two-way to complete Authentication.
It should be noted that the process that distribution main website carries out bidirectional identity authentication with distribution terminal is demonstrate,proved dependent on power scheduling The book digital certificate signed by certification authority issued, the digital certificate are formed in advance in distribution main website and distribution terminal.Wherein, distribution master Station prestores the digital certificates of all corresponding distribution terminals, and distribution terminal prestores the digital certificate of corresponding distribution main website.Preferably, double It is encrypted to authentication procedures, specifically, rivest, shamir, adelman SM2 or ECC can be used.
In addition, for step S110, that is, distribution main website sends to distribution terminal and obtains identity and random number The process of request, in order to avoid sending request and identity and random number in the form of plaintext, as a preferred method, The process is also encrypted, and specific flow can be as follows:
In response to the completion of bidirectional identity authentication, the identity that the distribution terminal is obtained from the distribution terminal is determined With the request of random number;The request is encrypted using the public key of the distribution terminal to prestore;To the distribution terminal Send the request of the public key encryption by the distribution terminal.
It is noted that the random number mentioned in the present invention can be a string of bit sequences that digit can configure.With The effect of machine number is that the term of validity of working key is set to when time conversation procedure, even if unauthorized person is obtained by network attack Certain session key, after connection session negotiation next time, working key changes immediately, largely reduces distribution network service Security protection risk.
Step S120:Receive the identity and random number that the distribution terminal is sent.
It is corresponding with the step S110 of encryption as a preferred method, identity that distribution main website receives and Random number be also likely to be by encrypted, therefore step 120 may need the identity received and random number are solved It is close, therefore step S120 is specifically as follows:
Receive the identity being encrypted using the public key of the distribution main website that the distribution terminal is sent and random Number;Using the private key of the distribution main website to prestore to being decrypted by the encrypted identity and the random number.
Step S130:According to the identity, the random number and the root key to prestore, working key is determined.
It is noted that root key refers to the root key for being pre-stored in distribution main website here.Distribution main website being capable of basis The identity of distribution terminal and the root key of oneself determine the terminal key of distribution terminal, that is to say, that can be close according to root Key determines terminal key, but can not determine root key according to terminal key.
It should be noted that the working key mentioned in the present invention, refers to distribution main website in electrical power distribution automatization system Used key when with distribution terminal progress data interaction.
Step S140:It determines and controls the control instruction that the distribution terminal is switched to normal mode of operation, and described in utilization The control instruction is encrypted in working key.
Step S150:It will be sent to the distribution terminal by the encrypted control instruction, in order to distribution end It decrypts the control instruction and returns to response message to complete key agreement in end.
It should be noted that after distribution terminal determines identity and the random number of itself, it can be according to random number and end End key determines working key.And according to the relationship of the root key and terminal key that are referred in foregoing description, it can be deduced that conclusion, The working key that i.e. distribution main website is respectively determined with distribution terminal is consistent in theory.Therefore, it will be utilized in distribution main website The control instruction of working key encryption is sent to after distribution terminal, and distribution terminal can utilize the working key pair oneself determined Control instruction is decrypted, and the return after being exactly distribution terminal successful decryption that response message involved in the present invention refers to Information.
In summary, a kind of key agreement for distribution main website applied to electrical power distribution automatization system that the present embodiment is provided Method, after the completion of bidirectional identity authentication, can obtain identity and the random number of distribution terminal, and according to identity, Random number and root key generate working key, and will be sent to distribution terminal using the control instruction of working key encryption, so as to Control instruction is decrypted in distribution terminal and returns to response message to complete key agreement.As it can be seen that the working key in the present invention is According to identity and generating random number, and in different conversation procedures, random number is different, therefore working key It is different, to be not easy to be cracked by unauthorized person, in addition, by the asymmetric encryption of digital certificate and digital signature, it is real Now to the encrypted transmission of identity, random number, reduces system key and generate the probability that data are ravesdropping, substantially increase and match The safety of electric automation system.
Correspondingly, the present invention also provides a kind of key agreement devices of the distribution main website applied to electrical power distribution automatization system Embodiment.
Below to the key agreement device of the distribution main website provided in an embodiment of the present invention applied to electrical power distribution automatization system It is introduced, the key agreement device of the distribution main website described below applied to electrical power distribution automatization system is answered with above-described The cryptographic key negotiation method of distribution main website for electrical power distribution automatization system can correspond reference.
Referring to Fig. 2, which includes:
The request sending module 210 of identity and random number:For the completion in response to bidirectional identity authentication, to distribution Terminal sends the request of the identity and random number that obtain the distribution terminal.
Identity and random number receiving module 220:For receiving identity that the distribution terminal is sent and random Number.
Working key determining module 230:For according to the identity, the random number and the root key to prestore, Determine working key.
The control instruction determining module 240 of switching working mode:For determining that controlling the distribution terminal is switched to normally The control instruction of operating mode, and the control instruction is encrypted using the working key.
Control instruction sending module 250:It is sent to the distribution terminal for the encrypted control instruction will to be passed through, with The control instruction is decrypted convenient for the distribution terminal and returns to response message to complete key agreement.
The key agreement device of the distribution main website applied to electrical power distribution automatization system of the present embodiment is for realizing above-mentioned The cryptographic key negotiation method of distribution main website applied to electrical power distribution automatization system, therefore before specific implementation mode in the device is visible The embodiment part of the key agreement device of the distribution main website applied to electrical power distribution automatization system in text, for example, identity With request sending module 210, identity and the random number receiving module 220 of random number, working key determining module 230, cut The control instruction determining module 240 and control instruction sending module 250 for the pattern that changes jobs are respectively used to realize above application Step S110, S120, S130, S140, S150 in the cryptographic key negotiation method of the distribution main website of electrical power distribution automatization system.So Its specific implementation mode is referred to the description of corresponding various pieces embodiment, herein not reinflated introduction.
In addition, since the key agreement device of the distribution main website applied to electrical power distribution automatization system of the present embodiment is used in fact The cryptographic key negotiation method of the existing distribution main website above-mentioned applied to electrical power distribution automatization system, therefore the work of its effect and the above method With corresponding, which is not described herein again.
In addition, the present invention also provides a kind of methods of the key agreement of the distribution terminal applied to electrical power distribution automatization system Embodiment, this method embodiment are corresponding in the cryptographic key negotiation method of distribution main website of electrical power distribution automatization system with above application.
Start that the cryptographic key negotiation method embodiment of the distribution terminal applied to electrical power distribution automatization system is introduced below, The embodiment includes:
Step S310:The request for receiving acquisition identity and random number that distribution main website is sent, determines identity And generate random number.
Specifically, the acquisition request of identity and random number that distribution main website is sent is preferably by encrypted, because This, step S310 is needed by decrypting process, and specific steps can be as follows:
Receive acquisitions identity that distribution main website is sent and random number and the process distribution terminal public key adds Close request;The request is decrypted using the private key of the distribution terminal to prestore;Determine identity and generate with Machine number.
Step S320:According to the random number and the terminal key to prestore, working key is determined.
Introduction for terminal key, refer to above application in the cryptographic key negotiation method of distribution main website to root key and The description of terminal key.
Step S330:The identity and the random number are sent to the distribution main website, in order to the distribution Main website return be switched to normal mode of operation and pass through encrypted control instruction.
Identity and random number can be encrypted and then sent it to distribution as a preferred method, Main website, detailed process can be as follows:
The identity and the random number are encrypted using the public key of the distribution main website to prestore;It will pass through The encrypted identity and the random number are sent to the distribution main website.
Step S340:Receive the control instruction, and judge can to utilize the working key to the control instruction into Row decryption.
It should be noted that after identity and random number are sent to distribution main website by distribution terminal, the meeting of distribution main website Working key is determined according to the identity and random number and the root key to prestore, is then referred to the control of work key pair Order is encrypted, and control instruction is sent to distribution terminal.
Since distribution main website can determine terminal key, distribution master according to the identity and root key of distribution terminal It stands and can and then working key be determined according to terminal key and random number, and ensure the work that distribution main website is obtained with distribution terminal Key agreement.
Step S350:If can decrypt, it is switched to the normal mode of operation, and response is sent to the distribution main website Information, to complete key agreement.
Due to a kind of distribution terminal applied to electrical power distribution automatization system provided in this embodiment cryptographic key negotiation method with A kind of cryptographic key negotiation method embodiment of above-mentioned distribution main website applied to electrical power distribution automatization system is corresponding, therefore, in part Appearance can be with cross-referenced correspondence, the not reinflated introduction of the present embodiment.
In summary, a kind of key agreement for distribution terminal applied to electrical power distribution automatization system that the present embodiment is provided Method can receive the request of acquisition identity and random number that distribution main website is sent, really after the completion of bidirectional identity authentication Determine identity and generates random number;Then working key is generated according to random number and the terminal key to prestore;And by identity mark Know and random number is sent to distribution main website, in order to which distribution main website returns to control instruction;Then control instruction is received, and judges energy It is no that control instruction is decrypted using working key;If can decrypt, response message is returned to complete key agreement.
As it can be seen that the working key is according to terminal key and generating random number, and in different conversation procedures, at random Number is different, therefore working key is also different, to be not easy to be cracked by unauthorized person, in addition, passing through digital certificate With the asymmetric encryption of digital signature, the encrypted transmission to identity, random number is realized, reduce system key and generate data The probability being ravesdropping substantially increases the safety of electrical power distribution automatization system.
Correspondingly, the present invention also provides a kind of key agreement of distribution terminal applied to electrical power distribution automatization system dresses It sets.
Below to the key agreement device of the distribution terminal provided in an embodiment of the present invention applied to electrical power distribution automatization system It is introduced, the key agreement device of the distribution terminal described below applied to electrical power distribution automatization system is answered with above-described The cryptographic key negotiation method of distribution terminal for electrical power distribution automatization system can correspond reference.
Referring to Fig. 4, which includes:
The request receiving module 410 of identity and random number:The acquisition identity mark sent for receiving distribution main website Know the request with random number, determines identity and generate random number.
Working key determining module 420:For according to the random number and the terminal key to prestore, determining that work is close Key.
Identity and random number sending module 430:It is described for the identity and the random number to be sent to Distribution main website, in order to the distribution main website return be switched to normal mode of operation and pass through encrypted control instruction.
The control instruction receiving module 440 of switching working mode:For receiving the control instruction, and judge to utilize The control instruction is decrypted in the working key.
Response message sending module 450:If for that can decrypt, it is switched to the normal mode of operation, and to described Distribution main website sends response message, to complete key agreement.
The key agreement device of the distribution terminal applied to electrical power distribution automatization system of the present embodiment is for realizing above-mentioned The cryptographic key negotiation method of distribution terminal applied to electrical power distribution automatization system, therefore before specific implementation mode in the device is visible The embodiment part of the key agreement device of the distribution terminal applied to electrical power distribution automatization system in text, for example, identity With request receiving module 410, working key determining module 420, identity and the random number sending module 430 of random number, cut The control instruction receiving module 440 and response message sending module 450 for the pattern that changes jobs are respectively used to realize above application Step S310, S320, S330, S340, S350 in the cryptographic key negotiation method of the distribution terminal of electrical power distribution automatization system.So Its specific implementation mode is referred to the description of corresponding various pieces embodiment, herein not reinflated introduction.
In addition, since the key agreement device of the distribution terminal applied to electrical power distribution automatization system of the present embodiment is used in fact The cryptographic key negotiation method of the existing distribution terminal above-mentioned applied to electrical power distribution automatization system, therefore the work of its effect and the above method With corresponding, which is not described herein again.
Finally, the present invention also provides a kind of electrical power distribution automatization system embodiment, which uses In realization cryptographic key negotiation method of the above application in distribution main website and the cryptographic key negotiation method applied to distribution terminal.
Specifically, referring to Fig. 5, which includes distribution main website 510 and distribution terminal 520, institute It states and preserves the first computer program in distribution main website 510, realized when first computer program is executed by processor as above The step of method of the key agreement of the distribution main website applied to electrical power distribution automatization system;On the distribution terminal 520 Second computer program is preserved, is realized when the second computer program is executed by processor and is applied to distribution as described above The step of method of the key agreement of the distribution terminal of automated system.
Interactive process described in foregoing invention content, the processing for some abnormal conditions can be as follows:
1) if distribution main website does not receive the response message of distribution terminal feedback, start Retransmission timeout mechanism, time-out The parameters such as parameter and number of retransmissions are configurable, do not receive response message after Retransmission timeout yet, then terminate negotiations process.
2) if in authentication procedures, the bidirectional identity authentication request of distribution main website does not pass through, then abandons, wait for distribution Main website Retransmission timeout bidirectional identity authentication request.
3) if distribution main website or distribution terminal decryption are unsuccessful, it can not restore in plain text, then abandon the message, waiting is matched Electric main website or the distribution terminal Retransmission timeout message;
If 4) during switching working mode, distribution main website is not received by the response message of distribution terminal, then weighs Send out the control instruction of switching working mode.Distribution terminal is sent after the control instruction for the switching working mode for receiving repetition Response message, the process be repeated up to distribution main website receive distribution terminal handover success response message or number of retransmissions be more than Until preset times.Specifically, distribution terminal can be whether sequence of message number is identical receiving the criterion of duplicate message.
5) after secure key negotiation process, what can be obtained through consultation between distribution main website and distribution terminal is symmetrical Communication is encrypted in working key.
Due to the embodiment provide electrical power distribution automatization system for realizing above application in the key agreement of distribution main website Method and above application are in the cryptographic key negotiation method of distribution terminal, therefore, act on the effect phase with above method embodiment Corresponding, which is not described herein again.
Each embodiment is described by the way of progressive in this specification, the highlights of each of the examples are with it is other The difference of embodiment, just to refer each other for same or similar part between each embodiment.For being filled disclosed in embodiment For setting, since it is corresponded to the methods disclosed in the examples, so description is fairly simple, related place is referring to method part Explanation.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, depends on the specific application and design constraint of technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
Cryptographic key negotiation method provided by the present invention, device and electrical power distribution automatization system are described in detail above. Principle and implementation of the present invention are described for specific case used herein, and the explanation of above example is only used In facilitating the understanding of the method and its core concept of the invention.It should be pointed out that for those skilled in the art, Without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention, these improvement and modification It falls into the protection domain of the claims in the present invention.

Claims (10)

1. a kind of method of key agreement is applied to the distribution main website of electrical power distribution automatization system, which is characterized in that including:
In response to the completion of bidirectional identity authentication, identity and the random number for obtaining the distribution terminal are sent to distribution terminal Request;
Receive the identity and random number that the distribution terminal is sent;
According to the identity, the random number and the root key to prestore, working key is determined;
It determines and controls the control instruction that the distribution terminal is switched to normal mode of operation, and using the working key to described Control instruction is encrypted;
It will be sent to the distribution terminal by the encrypted control instruction, in order to which the distribution terminal decrypts the control It instructs and returns to response message to complete key agreement.
2. the method as described in claim 1, which is characterized in that in the completion in response to bidirectional identity authentication, to distribution Terminal is sent before obtaining the identity of the distribution terminal and the request of random number, including:
In response to the formation of communication link, the two-way body for the digital signature for including the distribution main website is sent to the distribution terminal Part certification request, in order to which the distribution terminal recognizes the distribution main website according to the digital certificate of the distribution main website Card;
Receive the authentication confirmation message for the digital signature including the distribution terminal that the distribution terminal is sent;
The distribution terminal is authenticated according to the digital certificate of the distribution terminal, to complete bidirectional identity authentication.
3. the method as described in claim 1, which is characterized in that the completion in response to bidirectional identity authentication, to distribution end End sends the identity of the acquisition distribution terminal and the request of random number includes:
In response to the completion of bidirectional identity authentication, determine from the distribution terminal obtain the distribution terminal identity and with The request of machine number;
The request is encrypted using the public key of the distribution terminal to prestore;
It is sent to the distribution terminal and passes through the encrypted request.
4. the method as described in claim 1, which is characterized in that it is described receive identity that the distribution terminal is sent and with Machine number includes:
Receive the identity being encrypted using the public key of the distribution main website and random number that the distribution terminal is sent;
Using the private key of the distribution main website to prestore to being decrypted by the encrypted identity and the random number.
5. a kind of device of key agreement is applied to the distribution main website of electrical power distribution automatization system, which is characterized in that including:
The request sending module of identity and random number:For the completion in response to bidirectional identity authentication, sent out to distribution terminal It send and obtains the identity of the distribution terminal and the request of random number;
Identity and random number receiving module:For receiving the identity and random number that the distribution terminal is sent;
Working key determining module:For according to the identity, the random number and the root key to prestore, determining work Make key;
The control instruction determining module of switching working mode:For determining that controlling the distribution terminal is switched to normal mode of operation Control instruction, and the control instruction is encrypted using the working key;
Control instruction sending module:It is sent to the distribution terminal for the encrypted control instruction will to be passed through, in order to institute Distribution terminal is stated to decrypt the control instruction and return to response message to complete key agreement.
6. a kind of method of key agreement is applied to the distribution terminal of electrical power distribution automatization system, which is characterized in that including:
The request for receiving acquisition identity and random number that distribution main website is sent, determines identity and generates random number;
According to the random number and the terminal key to prestore, working key is determined;
The identity and the random number are sent to the distribution main website, in order to which distribution main website return is switched to Normal mode of operation and pass through encrypted control instruction;
The control instruction is received, and judges the control instruction can be decrypted using the working key;
If can decrypt, it is switched to the normal mode of operation, and response message is sent to the distribution main website, it is close to complete Key is negotiated.
7. method as claimed in claim 6, which is characterized in that it is described receive acquisition identity that distribution main website is sent and The request of random number includes:
Receive that distribution main website sends obtain identity and random number and public key encryption by the distribution terminal Request;
The request is decrypted using the private key of the distribution terminal to prestore.
8. method as claimed in claim 6, which is characterized in that described that the identity and the random number are sent to institute Stating distribution main website includes:
The identity and the random number are encrypted using the public key of the distribution main website to prestore;
The encrypted identity will be passed through and the random number is sent to the distribution main website.
9. a kind of device of key agreement is applied to the distribution terminal of electrical power distribution automatization system, which is characterized in that including:
The request receiving module of identity and random number:For receiving acquisition identity that distribution main website is sent and random Several requests determines identity and generates random number;
Working key determining module:For according to the random number and the terminal key to prestore, determining working key;
Identity and random number sending module:For the identity and the random number to be sent to the distribution master Stand, in order to the distribution main website return be switched to normal mode of operation and pass through encrypted control instruction;
The control instruction receiving module of switching working mode:For receiving the control instruction, and judge that the work can be utilized Make control instruction described in key pair to be decrypted;
Response message sending module:If for that can decrypt, it is switched to the normal mode of operation, and to the distribution main website Response message is sent, to complete key agreement.
10. a kind of electrical power distribution automatization system, including distribution main website and distribution terminal, which is characterized in that protected in the distribution main website There is the first computer program, such as claim 1-4 any one is realized when first computer program is executed by processor The step of method of the key agreement of the distribution main website applied to electrical power distribution automatization system;It is preserved on the distribution terminal There is second computer program, is realized such as claim 6-8 any one institute when the second computer program is executed by processor The step of method of the key agreement for the distribution terminal applied to electrical power distribution automatization system stated.
CN201810820303.6A 2018-07-24 2018-07-24 The method, apparatus and electrical power distribution automatization system of key agreement Pending CN108809645A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810820303.6A CN108809645A (en) 2018-07-24 2018-07-24 The method, apparatus and electrical power distribution automatization system of key agreement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810820303.6A CN108809645A (en) 2018-07-24 2018-07-24 The method, apparatus and electrical power distribution automatization system of key agreement

Publications (1)

Publication Number Publication Date
CN108809645A true CN108809645A (en) 2018-11-13

Family

ID=64077880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810820303.6A Pending CN108809645A (en) 2018-07-24 2018-07-24 The method, apparatus and electrical power distribution automatization system of key agreement

Country Status (1)

Country Link
CN (1) CN108809645A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109448195A (en) * 2018-12-12 2019-03-08 北京车联天下信息技术有限公司 The authentication method and device of vehicle virtual key
CN109618334A (en) * 2018-11-21 2019-04-12 北京华大智宝电子系统有限公司 Control method and relevant device
CN109818413A (en) * 2019-01-17 2019-05-28 南京绿电智能科技有限公司 A kind of power module device of distribution terminal
CN110267218A (en) * 2019-07-01 2019-09-20 广东电网有限责任公司 A kind of distribution power automation terminal remote reboot method, apparatus and readable storage medium storing program for executing
CN110289956A (en) * 2019-06-27 2019-09-27 飞天诚信科技股份有限公司 A kind of cloud speaker updates the method and system of configuration
CN111654503A (en) * 2020-06-08 2020-09-11 工业和信息化部网络安全产业发展中心(工业和信息化部信息中心) Remote control method, device, equipment and storage medium
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112422516A (en) * 2020-10-27 2021-02-26 中国南方电网有限责任公司 Connection method and device of power system, computer equipment and storage medium
CN112615823A (en) * 2020-12-04 2021-04-06 广东亚太天能科技股份有限公司 Private encryption communication method and system for secondary encryption
CN113784345A (en) * 2021-11-11 2021-12-10 国网浙江省电力有限公司金华供电公司 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel
CN114270328A (en) * 2020-01-13 2022-04-01 鹏瞰科技(上海)有限公司 Intelligent controller and sensor network bus and system and method including multi-tier platform security architecture

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902610A (en) * 2009-05-27 2010-12-01 航天信息股份有限公司 Method for realizing secure communication between IPTV set top box and smart card
CN102111272A (en) * 2010-12-24 2011-06-29 武汉天喻信息产业股份有限公司 Method for authenticating external equipment by using mobile terminal
CN104219213A (en) * 2013-06-03 2014-12-17 东南大学常州研究院 Android system oriented end-to-end speech encryption method
CN105871873A (en) * 2016-04-29 2016-08-17 国家电网公司 Security encryption authentication module for power distribution terminal communication and method thereof
CN107046531A (en) * 2017-03-06 2017-08-15 国网湖南省电力公司 The data processing method and system of the data access Power Information Network of monitoring terminal
CN107466466A (en) * 2016-11-09 2017-12-12 国民技术股份有限公司 Method, controlled device and the equipment of secure communication, remote control and equipment
US20180013555A1 (en) * 2015-12-08 2018-01-11 Tencent Technology (Shenzhen) Company Limited Data transmission method and apparatus
CN207166786U (en) * 2017-09-04 2018-03-30 湖南长高思瑞自动化有限公司 A kind of encryption communication terminal based on 4G networks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902610A (en) * 2009-05-27 2010-12-01 航天信息股份有限公司 Method for realizing secure communication between IPTV set top box and smart card
CN102111272A (en) * 2010-12-24 2011-06-29 武汉天喻信息产业股份有限公司 Method for authenticating external equipment by using mobile terminal
CN104219213A (en) * 2013-06-03 2014-12-17 东南大学常州研究院 Android system oriented end-to-end speech encryption method
US20180013555A1 (en) * 2015-12-08 2018-01-11 Tencent Technology (Shenzhen) Company Limited Data transmission method and apparatus
CN105871873A (en) * 2016-04-29 2016-08-17 国家电网公司 Security encryption authentication module for power distribution terminal communication and method thereof
CN107466466A (en) * 2016-11-09 2017-12-12 国民技术股份有限公司 Method, controlled device and the equipment of secure communication, remote control and equipment
CN107046531A (en) * 2017-03-06 2017-08-15 国网湖南省电力公司 The data processing method and system of the data access Power Information Network of monitoring terminal
CN207166786U (en) * 2017-09-04 2018-03-30 湖南长高思瑞自动化有限公司 A kind of encryption communication terminal based on 4G networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
淮晓烨: "《基于无证书公钥密码、RBAC的智能配电网访问控制方案》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109618334A (en) * 2018-11-21 2019-04-12 北京华大智宝电子系统有限公司 Control method and relevant device
CN109448195A (en) * 2018-12-12 2019-03-08 北京车联天下信息技术有限公司 The authentication method and device of vehicle virtual key
CN109448195B (en) * 2018-12-12 2021-10-08 无锡车联天下信息技术有限公司 Authentication method and device for vehicle virtual key
CN109818413A (en) * 2019-01-17 2019-05-28 南京绿电智能科技有限公司 A kind of power module device of distribution terminal
CN110289956B (en) * 2019-06-27 2021-12-28 飞天诚信科技股份有限公司 Method and system for updating configuration of cloud sound box
CN110289956A (en) * 2019-06-27 2019-09-27 飞天诚信科技股份有限公司 A kind of cloud speaker updates the method and system of configuration
CN110267218A (en) * 2019-07-01 2019-09-20 广东电网有限责任公司 A kind of distribution power automation terminal remote reboot method, apparatus and readable storage medium storing program for executing
CN114270328B (en) * 2020-01-13 2024-05-03 鹏瞰科技(上海)有限公司 Intelligent controller and sensor network bus and system and method including multi-layered platform security architecture
CN114270328A (en) * 2020-01-13 2022-04-01 鹏瞰科技(上海)有限公司 Intelligent controller and sensor network bus and system and method including multi-tier platform security architecture
CN111654503A (en) * 2020-06-08 2020-09-11 工业和信息化部网络安全产业发展中心(工业和信息化部信息中心) Remote control method, device, equipment and storage medium
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112134694B (en) * 2020-08-11 2024-01-23 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112422516A (en) * 2020-10-27 2021-02-26 中国南方电网有限责任公司 Connection method and device of power system, computer equipment and storage medium
CN112422516B (en) * 2020-10-27 2022-08-16 中国南方电网有限责任公司 Trusted connection method and device based on power edge calculation and computer equipment
CN112615823A (en) * 2020-12-04 2021-04-06 广东亚太天能科技股份有限公司 Private encryption communication method and system for secondary encryption
CN113784345B (en) * 2021-11-11 2022-02-08 国网浙江省电力有限公司金华供电公司 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel
CN113784345A (en) * 2021-11-11 2021-12-10 国网浙江省电力有限公司金华供电公司 Power distribution terminal point-to-point key negotiation method and device based on quantum secure channel

Similar Documents

Publication Publication Date Title
CN108809645A (en) The method, apparatus and electrical power distribution automatization system of key agreement
CN108390851B (en) Safe remote control system and method for industrial equipment
CN109728909B (en) Identity authentication method and system based on USBKey
CN104702611B (en) A kind of device and method for protecting Secure Socket Layer session key
CN103067401B (en) Method and system for key protection
CN108377190A (en) A kind of authenticating device and its working method
JP2015528149A (en) Start of corporate trigger type 2CHK association
CN107294937A (en) Data transmission method, client and server based on network service
CN101631305B (en) Encryption method and system
CN107800675A (en) A kind of data transmission method, terminal and server
CN102868665A (en) Method and device for data transmission
US20050120248A1 (en) Internet protocol telephony security architecture
CN111030814A (en) Key negotiation method and device
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN111800467B (en) Remote synchronous communication method, data interaction method, equipment and readable storage medium
CN105262597A (en) Network access authentication method, client terminal, access device and authentication device
CN106792700A (en) The method for building up and system of a kind of secure communication environment of wearable device
US20220029819A1 (en) Ssl communication system, client, server, ssl communication method, and computer program
CN104219208B (en) A kind of method, apparatus of data input
JP2020120173A (en) Electronic signature system, certificate issuing system, certificate issuing method, and program
JP6465426B1 (en) Electronic signature system, certificate issuing system, key management system, and electronic certificate issuing method
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
CA2561644C (en) A method to leverage a secure device to grant trust and identity to a second device
EP2244420A1 (en) Method and apparatus for recovering the connection
CN109302425A (en) Identity identifying method and terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181113

RJ01 Rejection of invention patent application after publication